General
-
Target
a6ec0c2a3e3050edd9e9ba69d5cf95ec_JaffaCakes118
-
Size
682KB
-
Sample
240818-q9g26swfpa
-
MD5
a6ec0c2a3e3050edd9e9ba69d5cf95ec
-
SHA1
b661b0e1016c1fc6fcbaa16ec51378b2fee43f3a
-
SHA256
00bc79bb17fa2ec801e6632cddf5de88ba38ad43ab76fb9ef8d0dc0058762c62
-
SHA512
ed0e52bb87d47f40a9d6b61ec8c526d04003df25c083d427b7ff7d9a0b17054847b5022be512feba95217d69be17551e55707b0ccceff70d541ce16821cdb7f2
-
SSDEEP
12288:DKnGScwZCDGTIu0NemewUEWxWZrGSJkT1mtlzyH:+1cSCDw0Ne9EWtAkylzyH
Malware Config
Targets
-
-
Target
a6ec0c2a3e3050edd9e9ba69d5cf95ec_JaffaCakes118
-
Size
682KB
-
MD5
a6ec0c2a3e3050edd9e9ba69d5cf95ec
-
SHA1
b661b0e1016c1fc6fcbaa16ec51378b2fee43f3a
-
SHA256
00bc79bb17fa2ec801e6632cddf5de88ba38ad43ab76fb9ef8d0dc0058762c62
-
SHA512
ed0e52bb87d47f40a9d6b61ec8c526d04003df25c083d427b7ff7d9a0b17054847b5022be512feba95217d69be17551e55707b0ccceff70d541ce16821cdb7f2
-
SSDEEP
12288:DKnGScwZCDGTIu0NemewUEWxWZrGSJkT1mtlzyH:+1cSCDw0Ne9EWtAkylzyH
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Impair Defenses
1Safe Mode Boot
1Indicator Removal
1File Deletion
1Modify Registry
2