General
-
Target
889f02d585e62fa6e1a6d1cb80d952be_JaffaCakes118
-
Size
61KB
-
Sample
240811-cs3ewsvcpa
-
MD5
889f02d585e62fa6e1a6d1cb80d952be
-
SHA1
3980a32e09823cb144237e368a00b266c94d9974
-
SHA256
45888b41214b7a9da67bb94bea38eb47cc0c73778a2e08a7ce8d835797e13aed
-
SHA512
adfd2044fa9a47b13e9d2759e628c9ed99dc5b1b2b58de8021d3b2c3854ba1b7bc59cf1380b9e4f2f4f61971e35a960b4768ef79e61cab3c21a70a47f0aee290
-
SSDEEP
1536:BX1hFxqX+F3isOhMqEgpjwdUFMOUgHluFRR2t/0S6:Z1hqo3HqEg6BOUU8FqH
Malware Config
Targets
-
-
Target
889f02d585e62fa6e1a6d1cb80d952be_JaffaCakes118
-
Size
61KB
-
MD5
889f02d585e62fa6e1a6d1cb80d952be
-
SHA1
3980a32e09823cb144237e368a00b266c94d9974
-
SHA256
45888b41214b7a9da67bb94bea38eb47cc0c73778a2e08a7ce8d835797e13aed
-
SHA512
adfd2044fa9a47b13e9d2759e628c9ed99dc5b1b2b58de8021d3b2c3854ba1b7bc59cf1380b9e4f2f4f61971e35a960b4768ef79e61cab3c21a70a47f0aee290
-
SSDEEP
1536:BX1hFxqX+F3isOhMqEgpjwdUFMOUgHluFRR2t/0S6:Z1hqo3HqEg6BOUU8FqH
Score8/10-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in System32 directory
-