General
-
Target
a76861e7d15a1f08b03575def242d83c_JaffaCakes118
-
Size
521KB
-
Sample
240818-t5pg8swepj
-
MD5
a76861e7d15a1f08b03575def242d83c
-
SHA1
91d3972d1e4be611f54b68cfffc49cfa876857e5
-
SHA256
e07c0abf165cfcae82789fb54eff4c785737b833a6cac8b4ca9fe10c64c21236
-
SHA512
4baff94ce1395948bc25136dec6433d7ac1046bfe911e593e67698a50c4338f42bee0d1a99ccf87eaac79e1e066d711f2412c793a98e12bf52820e7a043a35b4
-
SSDEEP
12288:1u437bm2VsJOYxEwi0NDAnA8Mf7GUKZYE8Sm6s:QMpVsJOXP0Bd8eGULSm6s
Malware Config
Targets
-
-
Target
a76861e7d15a1f08b03575def242d83c_JaffaCakes118
-
Size
521KB
-
MD5
a76861e7d15a1f08b03575def242d83c
-
SHA1
91d3972d1e4be611f54b68cfffc49cfa876857e5
-
SHA256
e07c0abf165cfcae82789fb54eff4c785737b833a6cac8b4ca9fe10c64c21236
-
SHA512
4baff94ce1395948bc25136dec6433d7ac1046bfe911e593e67698a50c4338f42bee0d1a99ccf87eaac79e1e066d711f2412c793a98e12bf52820e7a043a35b4
-
SSDEEP
12288:1u437bm2VsJOYxEwi0NDAnA8Mf7GUKZYE8Sm6s:QMpVsJOXP0Bd8eGULSm6s
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-