General
-
Target
872a2c7edbb29d00e46661a1290d6a47_JaffaCakes118
-
Size
33KB
-
Sample
240810-w291wa1gqq
-
MD5
872a2c7edbb29d00e46661a1290d6a47
-
SHA1
2927704744053b3be86fa995f93b7265a3184caf
-
SHA256
072644898b72efdcf874c1aef0cfc57a94aabaee9405f0699e0bafde17465114
-
SHA512
7fb1671ff6d7ff7f81ef2ef212ce4f6e2b203965dd9fe8f87019ac549a16eeeb7b1d0caa536055e3ac96694c6a6b10a6417c7defb6bdcfdd38d36271b95faac3
-
SSDEEP
384:0+Zc3OM/l/yjVCBr9sYrYgIHsNiAIeLViXS1f4lrRpCkdKnOMAkMNek+vvWNeEnT:xi/CAmYFIHskAREFpdKOMAxn6Bm
Malware Config
Targets
-
-
Target
872a2c7edbb29d00e46661a1290d6a47_JaffaCakes118
-
Size
33KB
-
MD5
872a2c7edbb29d00e46661a1290d6a47
-
SHA1
2927704744053b3be86fa995f93b7265a3184caf
-
SHA256
072644898b72efdcf874c1aef0cfc57a94aabaee9405f0699e0bafde17465114
-
SHA512
7fb1671ff6d7ff7f81ef2ef212ce4f6e2b203965dd9fe8f87019ac549a16eeeb7b1d0caa536055e3ac96694c6a6b10a6417c7defb6bdcfdd38d36271b95faac3
-
SSDEEP
384:0+Zc3OM/l/yjVCBr9sYrYgIHsNiAIeLViXS1f4lrRpCkdKnOMAkMNek+vvWNeEnT:xi/CAmYFIHskAREFpdKOMAxn6Bm
Score8/10-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Indicator Removal
1File Deletion
1Modify Registry
4