General
-
Target
8040291b3cf68b7904c4f7f58043d7de_JaffaCakes118
-
Size
1.4MB
-
Sample
240801-m26h1s1gnh
-
MD5
8040291b3cf68b7904c4f7f58043d7de
-
SHA1
0b215bda1da2e85ed2dfb05b7a07f736195433f6
-
SHA256
65094f2398466c7bb2df1e3995128875c4f8e9392bae54fa30e4e014a9e2f347
-
SHA512
55c9aeafd8d6db38cf9acde70078caa2256900a4a9923cc9f53601f9e349e4f4564eae53ac58f86ed95e0d8c60af7ae82d0dee6294550ba4ca1bb6582728c894
-
SSDEEP
24576:n67MnVnpA1lmTx8MmA07AaSuDSwdXE6EhDK67MnVnpA1lmTx8MmA07AaSuDSwdhy:67N1ahCh0V7N1ahCj0
Malware Config
Targets
-
-
Target
8040291b3cf68b7904c4f7f58043d7de_JaffaCakes118
-
Size
1.4MB
-
MD5
8040291b3cf68b7904c4f7f58043d7de
-
SHA1
0b215bda1da2e85ed2dfb05b7a07f736195433f6
-
SHA256
65094f2398466c7bb2df1e3995128875c4f8e9392bae54fa30e4e014a9e2f347
-
SHA512
55c9aeafd8d6db38cf9acde70078caa2256900a4a9923cc9f53601f9e349e4f4564eae53ac58f86ed95e0d8c60af7ae82d0dee6294550ba4ca1bb6582728c894
-
SSDEEP
24576:n67MnVnpA1lmTx8MmA07AaSuDSwdXE6EhDK67MnVnpA1lmTx8MmA07AaSuDSwdhy:67N1ahCh0V7N1ahCj0
Score10/10-
FakeAV, RogueAntivirus
FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
-
FakeAV payload
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1