General
-
Target
88119cf6567b0755097ca561f13d71be_JaffaCakes118
-
Size
252KB
-
Sample
240810-29r3xstbpn
-
MD5
88119cf6567b0755097ca561f13d71be
-
SHA1
80f480e9e5d2c5d4b07ba792a9ac97b7f5c45056
-
SHA256
6bd604943c047279b88b07c6fe99cb23ce9d8e8398d75d1feedee3f05b9cef44
-
SHA512
4f6c39064cc10d04b5f7169fdc31c367122e096ee4246c871237eed4df9ec262f78bb51554d51cb4f6a250399daf23c51cdc5703a81c61afe7c3dc82b11f6a3f
-
SSDEEP
3072:ygyM9J3RT3qLSbM1vLEV+NODgcA+3rW4EhN3gx:X39vpuOUdkrWdn3
Malware Config
Targets
-
-
Target
88119cf6567b0755097ca561f13d71be_JaffaCakes118
-
Size
252KB
-
MD5
88119cf6567b0755097ca561f13d71be
-
SHA1
80f480e9e5d2c5d4b07ba792a9ac97b7f5c45056
-
SHA256
6bd604943c047279b88b07c6fe99cb23ce9d8e8398d75d1feedee3f05b9cef44
-
SHA512
4f6c39064cc10d04b5f7169fdc31c367122e096ee4246c871237eed4df9ec262f78bb51554d51cb4f6a250399daf23c51cdc5703a81c61afe7c3dc82b11f6a3f
-
SSDEEP
3072:ygyM9J3RT3qLSbM1vLEV+NODgcA+3rW4EhN3gx:X39vpuOUdkrWdn3
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2