General
-
Target
a3cdde4d17de1505f31cf6df00caf1ad_JaffaCakes118
-
Size
71KB
-
Sample
240817-x2jdlavenl
-
MD5
a3cdde4d17de1505f31cf6df00caf1ad
-
SHA1
2b39f4bf2a70ca0ca57f280cf07c2c835a3663e6
-
SHA256
94a2ec7f9b4a6dca1d1c4f33a2c3bcc6d3f667867c37b03e11f3d07ec78e7f90
-
SHA512
0b7c25e0a3f73aef5bbc369c8f71dbfe5f1f5ec0ad797b5bf53a9034441d7cad6053d3f2b2bfae372cbeaa51016ae7e35ab13d39144087ba7f471f96c63d123a
-
SSDEEP
768:+Lz1vSXs4nsmGEx8wf0jKaH/crbPMZlHSuJKtmG387GUUQB6WDbi6aefhejSXf0P:+Lzws4mExBqEIHTJKESqni6aicSXRK
Malware Config
Targets
-
-
Target
a3cdde4d17de1505f31cf6df00caf1ad_JaffaCakes118
-
Size
71KB
-
MD5
a3cdde4d17de1505f31cf6df00caf1ad
-
SHA1
2b39f4bf2a70ca0ca57f280cf07c2c835a3663e6
-
SHA256
94a2ec7f9b4a6dca1d1c4f33a2c3bcc6d3f667867c37b03e11f3d07ec78e7f90
-
SHA512
0b7c25e0a3f73aef5bbc369c8f71dbfe5f1f5ec0ad797b5bf53a9034441d7cad6053d3f2b2bfae372cbeaa51016ae7e35ab13d39144087ba7f471f96c63d123a
-
SSDEEP
768:+Lz1vSXs4nsmGEx8wf0jKaH/crbPMZlHSuJKtmG387GUUQB6WDbi6aefhejSXf0P:+Lzws4mExBqEIHTJKESqni6aicSXRK
Score8/10-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables use of System Restore points
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Impair Defenses
1Safe Mode Boot
1Indicator Removal
1File Deletion
1Modify Registry
1