General
-
Target
9f6c366d66024056984513734f4709ad_JaffaCakes118
-
Size
115KB
-
Sample
240816-wv3m8aserk
-
MD5
9f6c366d66024056984513734f4709ad
-
SHA1
ca8b49c7ba4e1d99f447ed5980d227fb542d69ac
-
SHA256
b9c0040d24e53c074412e63792bfeb50ebbfd008dbac28cfa24775ea3a28d495
-
SHA512
e9ffc2bbd8f6be68dd43854cbf63a424a83be59f1605cabfee17043a5f0384969a9561d88b0d5c3da0404e2172559ac1c757a72f112018da0a43cf5ef67b52e1
-
SSDEEP
3072:bkdNMBfk2LgpN2JtbOxRFvwncL0Qed+M2uadvM4:Eak0CZvigM2uadvM
Malware Config
Targets
-
-
Target
9f6c366d66024056984513734f4709ad_JaffaCakes118
-
Size
115KB
-
MD5
9f6c366d66024056984513734f4709ad
-
SHA1
ca8b49c7ba4e1d99f447ed5980d227fb542d69ac
-
SHA256
b9c0040d24e53c074412e63792bfeb50ebbfd008dbac28cfa24775ea3a28d495
-
SHA512
e9ffc2bbd8f6be68dd43854cbf63a424a83be59f1605cabfee17043a5f0384969a9561d88b0d5c3da0404e2172559ac1c757a72f112018da0a43cf5ef67b52e1
-
SSDEEP
3072:bkdNMBfk2LgpN2JtbOxRFvwncL0Qed+M2uadvM4:Eak0CZvigM2uadvM
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
4