General
-
Target
8b9d032d81de35dbfac370dba52361d9_JaffaCakes118
-
Size
123KB
-
Sample
240811-xr3z9atbqk
-
MD5
8b9d032d81de35dbfac370dba52361d9
-
SHA1
752a3937eadfbab7a09ba0668c6f25b8f4a375a0
-
SHA256
028a31459609973678807700449561ae82cc67f2506e4b63ae06fe5d9dc7e685
-
SHA512
fdad08c9b3abf0a88a0ba2692387a1f22880f0843cf4714541ad7819f27164ac09e2e87817c7237925f25332178623db8acffd3e35855bbf36448f75cfba1385
-
SSDEEP
3072:OeSQ41MZrrOwzrq5Ss9eYfphfFQkUcot3EpeBWLLUFx+c:OVYrJrOSsRwcpaFN
Malware Config
Targets
-
-
Target
8b9d032d81de35dbfac370dba52361d9_JaffaCakes118
-
Size
123KB
-
MD5
8b9d032d81de35dbfac370dba52361d9
-
SHA1
752a3937eadfbab7a09ba0668c6f25b8f4a375a0
-
SHA256
028a31459609973678807700449561ae82cc67f2506e4b63ae06fe5d9dc7e685
-
SHA512
fdad08c9b3abf0a88a0ba2692387a1f22880f0843cf4714541ad7819f27164ac09e2e87817c7237925f25332178623db8acffd3e35855bbf36448f75cfba1385
-
SSDEEP
3072:OeSQ41MZrrOwzrq5Ss9eYfphfFQkUcot3EpeBWLLUFx+c:OVYrJrOSsRwcpaFN
Score8/10-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-