General
-
Target
941193d66195d217380acb488fba614a_JaffaCakes118
-
Size
3.0MB
-
Sample
240813-v6mkpsxbpe
-
MD5
941193d66195d217380acb488fba614a
-
SHA1
4b4b121606aa55fc88f73cdeb42b347f3c157311
-
SHA256
e8e643961fd4dd9293a54d082a18313fd69820edc6c4a4ad1c620d5fbaff469b
-
SHA512
3a4630a49756a0b49a9879bab4c01a7f1fe777057fd7402213a8ee870832377f7f7cdeed1434e339bc89d555477c2e08f61f9039fbb37e5d44a22d83db37dfd5
-
SSDEEP
49152:1/c+Kr0Z1EHYzaHevcLzxkt1TIuqJucyVxrNBR+J6+zI0ySQFu1a88roOBvI0HSR:S+51EV+vAanMu1xddGySySa1roOy0HYl
Malware Config
Targets
-
-
Target
941193d66195d217380acb488fba614a_JaffaCakes118
-
Size
3.0MB
-
MD5
941193d66195d217380acb488fba614a
-
SHA1
4b4b121606aa55fc88f73cdeb42b347f3c157311
-
SHA256
e8e643961fd4dd9293a54d082a18313fd69820edc6c4a4ad1c620d5fbaff469b
-
SHA512
3a4630a49756a0b49a9879bab4c01a7f1fe777057fd7402213a8ee870832377f7f7cdeed1434e339bc89d555477c2e08f61f9039fbb37e5d44a22d83db37dfd5
-
SSDEEP
49152:1/c+Kr0Z1EHYzaHevcLzxkt1TIuqJucyVxrNBR+J6+zI0ySQFu1a88roOBvI0HSR:S+51EV+vAanMu1xddGySySa1roOy0HYl
Score9/10-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
Disables RegEdit via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1