General
-
Target
8cbe816638dc391a295c0a748f616227_JaffaCakes118
-
Size
100KB
-
Sample
240812-bnnv9sycll
-
MD5
8cbe816638dc391a295c0a748f616227
-
SHA1
4c562e746c43d258e5ad31a1618776e08bf2e553
-
SHA256
d56b63a64df2be4d956b76321d7e70fcaf70f7c6f9f549997d8ed0a5a7442250
-
SHA512
8aa9d010c9aa3c7162ef3080104b9ca35ca451d804299608fb3fb2315da066acbe411d8933d221ce281046a1637cc97ec382704ce769f3a7153ce025f7fceac1
-
SSDEEP
1536:CwtGn82NTzwqgeMGAc4ohrPXo+73Rez8b0SyMNIj/:wwqgBurPX7CMC/
Malware Config
Targets
-
-
Target
8cbe816638dc391a295c0a748f616227_JaffaCakes118
-
Size
100KB
-
MD5
8cbe816638dc391a295c0a748f616227
-
SHA1
4c562e746c43d258e5ad31a1618776e08bf2e553
-
SHA256
d56b63a64df2be4d956b76321d7e70fcaf70f7c6f9f549997d8ed0a5a7442250
-
SHA512
8aa9d010c9aa3c7162ef3080104b9ca35ca451d804299608fb3fb2315da066acbe411d8933d221ce281046a1637cc97ec382704ce769f3a7153ce025f7fceac1
-
SSDEEP
1536:CwtGn82NTzwqgeMGAc4ohrPXo+73Rez8b0SyMNIj/:wwqgBurPX7CMC/
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2