General
-
Target
8d073a247869df7aa932d0d2e8c9a0dc_JaffaCakes118
-
Size
697KB
-
Sample
240812-dcr5nawemd
-
MD5
8d073a247869df7aa932d0d2e8c9a0dc
-
SHA1
1c6de7c3033e9e02b063c098dc29832bd1f9343e
-
SHA256
34591fffeb7db6f064e2c89d95273afc8df0a70897a9d099ba7289e71b66acf1
-
SHA512
97befb94c7d51b1850aa89b36cb021fee0c90a9b0f5d5f552b6d81df4a6afeea0aab078a86a52fd826cf53a5bed94e09347d848685045c46b6cf5607a69aa0a1
-
SSDEEP
12288:HDPqisfp1jWg/bXGI8zcD5ntVoqVMK1BtuDglWpRoOE/BWx3cGa0t:Hry/WgosZoYtuElm2w
Malware Config
Targets
-
-
Target
8d073a247869df7aa932d0d2e8c9a0dc_JaffaCakes118
-
Size
697KB
-
MD5
8d073a247869df7aa932d0d2e8c9a0dc
-
SHA1
1c6de7c3033e9e02b063c098dc29832bd1f9343e
-
SHA256
34591fffeb7db6f064e2c89d95273afc8df0a70897a9d099ba7289e71b66acf1
-
SHA512
97befb94c7d51b1850aa89b36cb021fee0c90a9b0f5d5f552b6d81df4a6afeea0aab078a86a52fd826cf53a5bed94e09347d848685045c46b6cf5607a69aa0a1
-
SSDEEP
12288:HDPqisfp1jWg/bXGI8zcD5ntVoqVMK1BtuDglWpRoOE/BWx3cGa0t:Hry/WgosZoYtuElm2w
Score10/10-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3