General
-
Target
78d45391bb15bdc14a9721b08605c42c_JaffaCakes118
-
Size
136KB
-
Sample
240727-t8xysasajf
-
MD5
78d45391bb15bdc14a9721b08605c42c
-
SHA1
b9f808b9fe40d4f78330e7ae007ab01db2deea9c
-
SHA256
f13112e1fa85d0fad4443f4946da162762ed20954fd5f0998d6f441101a5aa89
-
SHA512
909381bb28820bf99749bfc81d837de1663f8a7eca11777e3cd319d97bdbe18f7753cb0f27c3eb50c23db924387bcad0d4f32179663e2d57ded9b2b3eb7d5af9
-
SSDEEP
3072:xpGJovvXFwRBW1cQoj9MYuPCNtrK6tJTVUa370K:Eu/d2QRYjfTVU40
Malware Config
Targets
-
-
Target
78d45391bb15bdc14a9721b08605c42c_JaffaCakes118
-
Size
136KB
-
MD5
78d45391bb15bdc14a9721b08605c42c
-
SHA1
b9f808b9fe40d4f78330e7ae007ab01db2deea9c
-
SHA256
f13112e1fa85d0fad4443f4946da162762ed20954fd5f0998d6f441101a5aa89
-
SHA512
909381bb28820bf99749bfc81d837de1663f8a7eca11777e3cd319d97bdbe18f7753cb0f27c3eb50c23db924387bcad0d4f32179663e2d57ded9b2b3eb7d5af9
-
SSDEEP
3072:xpGJovvXFwRBW1cQoj9MYuPCNtrK6tJTVUa370K:Eu/d2QRYjfTVU40
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2