General
-
Target
840200abef233d9043250d5b1c366b7b_JaffaCakes118
-
Size
853KB
-
Sample
240809-3mq3sayhnc
-
MD5
840200abef233d9043250d5b1c366b7b
-
SHA1
bf2eda07c632fe590365a9202dd1198bb5f1a62a
-
SHA256
1fe7eba4d61a1196d2d42894aad2bc7687225cb7452cec7626c65a331bae0342
-
SHA512
8a3286bd95e872838756699d505e0976de8bbf4fd90fc78b130c967999bf1365447bd6d4c718782d5e6ddd63fda765f856860a2edef73f4c18284910b37ddf6e
-
SSDEEP
12288:uvM5geU4v63Nxnscb11BmX1VE3XTB1IoqShO7DSRJnW9iDHCj:uujvExnDbfBK1oXTBJFk7MJnW9Zj
Malware Config
Targets
-
-
Target
840200abef233d9043250d5b1c366b7b_JaffaCakes118
-
Size
853KB
-
MD5
840200abef233d9043250d5b1c366b7b
-
SHA1
bf2eda07c632fe590365a9202dd1198bb5f1a62a
-
SHA256
1fe7eba4d61a1196d2d42894aad2bc7687225cb7452cec7626c65a331bae0342
-
SHA512
8a3286bd95e872838756699d505e0976de8bbf4fd90fc78b130c967999bf1365447bd6d4c718782d5e6ddd63fda765f856860a2edef73f4c18284910b37ddf6e
-
SSDEEP
12288:uvM5geU4v63Nxnscb11BmX1VE3XTB1IoqShO7DSRJnW9iDHCj:uujvExnDbfBK1oXTBJFk7MJnW9Zj
Score8/10-
Blocklisted process makes network request
-
Server Software Component: Terminal Services DLL
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-