General
-
Target
8545d00334e198ef9e858586c45b78c1_JaffaCakes118
-
Size
71KB
-
Sample
240810-jb1nas1arj
-
MD5
8545d00334e198ef9e858586c45b78c1
-
SHA1
ad7846039de0163ef3bbaccf8e22bd506f8ff2cc
-
SHA256
a41422a859b3cdbc59032046a034973274e0ad26d6eda7e23bae790f88e3f7d4
-
SHA512
989fa41d82fcfa051588f7244470e06c14203b21e75494d06ca635ab596896431431afd9ee633d0dc3b26ad4b7dbad451d2894eddc0b40824e7a2cfabe8f3ce5
-
SSDEEP
1536:+XcS+oXb+AcjJ3wN/g5hcxiqNGZSsBIGOP6vzgCNUoxHww:icS+oLwjNMg5yxiqI4UIGOP6v0CNUKHR
Malware Config
Targets
-
-
Target
8545d00334e198ef9e858586c45b78c1_JaffaCakes118
-
Size
71KB
-
MD5
8545d00334e198ef9e858586c45b78c1
-
SHA1
ad7846039de0163ef3bbaccf8e22bd506f8ff2cc
-
SHA256
a41422a859b3cdbc59032046a034973274e0ad26d6eda7e23bae790f88e3f7d4
-
SHA512
989fa41d82fcfa051588f7244470e06c14203b21e75494d06ca635ab596896431431afd9ee633d0dc3b26ad4b7dbad451d2894eddc0b40824e7a2cfabe8f3ce5
-
SSDEEP
1536:+XcS+oXb+AcjJ3wN/g5hcxiqNGZSsBIGOP6vzgCNUoxHww:icS+oLwjNMg5yxiqI4UIGOP6v0CNUKHR
Score8/10-
Adds policy Run key to start application
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Indicator Removal
1File Deletion
1Modify Registry
2