General
-
Target
a17813bd964d5fc1d8605ada3183eebb_JaffaCakes118
-
Size
272KB
-
Sample
240817-gw7w1athnl
-
MD5
a17813bd964d5fc1d8605ada3183eebb
-
SHA1
633e4f381185e21abd4a46b8260ad2d9cbd6420e
-
SHA256
0894b3badd708800d0af04824aa8c996c598414234ad2f3cfe1da14fb252a1a6
-
SHA512
dbe4a0aad73e7192eb9965211e875ddcd6f94656c6b3cef7669592ddd401effb73214dce381ce73e1b43c01cd1805ed11b6ec5d29aad31d89b7910ca236f0c14
-
SSDEEP
6144:P3ajlQxchRdjLmtrBuMrdekUH63u+X5sc57W:CmxGLTuPL5
Malware Config
Targets
-
-
Target
a17813bd964d5fc1d8605ada3183eebb_JaffaCakes118
-
Size
272KB
-
MD5
a17813bd964d5fc1d8605ada3183eebb
-
SHA1
633e4f381185e21abd4a46b8260ad2d9cbd6420e
-
SHA256
0894b3badd708800d0af04824aa8c996c598414234ad2f3cfe1da14fb252a1a6
-
SHA512
dbe4a0aad73e7192eb9965211e875ddcd6f94656c6b3cef7669592ddd401effb73214dce381ce73e1b43c01cd1805ed11b6ec5d29aad31d89b7910ca236f0c14
-
SSDEEP
6144:P3ajlQxchRdjLmtrBuMrdekUH63u+X5sc57W:CmxGLTuPL5
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2