General
-
Target
968667a87878e7e30ce666fefb13cef5_JaffaCakes118
-
Size
437KB
-
Sample
240814-r42p3axgqh
-
MD5
968667a87878e7e30ce666fefb13cef5
-
SHA1
4492e0e0cb75215cbe897efa2f8b5b6e6fac4433
-
SHA256
3020955cba9968124096ff943587279999db7292fe95ec23024829307754d253
-
SHA512
d51242b6bf679ba207f9f809e814a4491d08cec1f67e8e9b4a02be4f52573a3fb19e1f48242f647ee178f58b2d6eff51eb50e2675b4509e9428bb98ac694bf46
-
SSDEEP
6144:5ZunObR8sVImcyYC5Jjusn3L6KvXwXe3OZaxpr4IjCjPqlbYZFfW552z5c3Xjbx5:WK+mzXiO3O4xpTjCbq9Yrd5k/dIkRnN
Malware Config
Targets
-
-
Target
968667a87878e7e30ce666fefb13cef5_JaffaCakes118
-
Size
437KB
-
MD5
968667a87878e7e30ce666fefb13cef5
-
SHA1
4492e0e0cb75215cbe897efa2f8b5b6e6fac4433
-
SHA256
3020955cba9968124096ff943587279999db7292fe95ec23024829307754d253
-
SHA512
d51242b6bf679ba207f9f809e814a4491d08cec1f67e8e9b4a02be4f52573a3fb19e1f48242f647ee178f58b2d6eff51eb50e2675b4509e9428bb98ac694bf46
-
SSDEEP
6144:5ZunObR8sVImcyYC5Jjusn3L6KvXwXe3OZaxpr4IjCjPqlbYZFfW552z5c3Xjbx5:WK+mzXiO3O4xpTjCbq9Yrd5k/dIkRnN
Score8/10-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-