General
-
Target
a85f8068abb3c2bbcc1920042ec7c722_JaffaCakes118
-
Size
160KB
-
Sample
240818-1t3daazdmm
-
MD5
a85f8068abb3c2bbcc1920042ec7c722
-
SHA1
7e4e4c2e6ffa0bb40376ef21cdb32fd6951a2dd9
-
SHA256
736f05b1788328c9771754bf22e57b3ceb908ea8bf66a15f7c8da6eeaede8dd4
-
SHA512
0f411207f1491f4bae7629f81eeda1a895078470f0c4d34d01d9f6a16cd63717b0a04eec56353acfed67bb8fce75096f42d9a20cb360c072c8f5718b3f5a4de6
-
SSDEEP
1536:YrJmYnTIiOKi/g2ipYB94DPLY6xs/uwpEIxyMrFb4C/sU+3:YdvnJVi/SiB6DHzwpDjrSsu
Malware Config
Targets
-
-
Target
a85f8068abb3c2bbcc1920042ec7c722_JaffaCakes118
-
Size
160KB
-
MD5
a85f8068abb3c2bbcc1920042ec7c722
-
SHA1
7e4e4c2e6ffa0bb40376ef21cdb32fd6951a2dd9
-
SHA256
736f05b1788328c9771754bf22e57b3ceb908ea8bf66a15f7c8da6eeaede8dd4
-
SHA512
0f411207f1491f4bae7629f81eeda1a895078470f0c4d34d01d9f6a16cd63717b0a04eec56353acfed67bb8fce75096f42d9a20cb360c072c8f5718b3f5a4de6
-
SSDEEP
1536:YrJmYnTIiOKi/g2ipYB94DPLY6xs/uwpEIxyMrFb4C/sU+3:YdvnJVi/SiB6DHzwpDjrSsu
Score8/10-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Indicator Removal
1File Deletion
1Modify Registry
3