General
-
Target
a9a6178d60a2a953daeed9e28f9ebc73_JaffaCakes118
-
Size
17KB
-
Sample
240819-ff5k9svelg
-
MD5
a9a6178d60a2a953daeed9e28f9ebc73
-
SHA1
2c42d3cb2d056d63069a6e0d5fbb1c0ef37f2cf1
-
SHA256
006e3822bd34991d969220d050e1ac50007f8f642b4c25f69c0ea112aa218722
-
SHA512
1520a226b22e5197f4b6c0204216ea627b423c88192416f2accfa4e8292d81ea7f1117fdf4417a9a96e526af0c541d86fb74dbf0a1bf303f0cb4af98a7c6154e
-
SSDEEP
384:H5iFBXU6XXjuDIKkziVam9BvkLflwMrZwaNJawcudoD7UMx9:8BXUQuOz+am9BWljnbcuyD7UMv
Malware Config
Targets
-
-
Target
a9a6178d60a2a953daeed9e28f9ebc73_JaffaCakes118
-
Size
17KB
-
MD5
a9a6178d60a2a953daeed9e28f9ebc73
-
SHA1
2c42d3cb2d056d63069a6e0d5fbb1c0ef37f2cf1
-
SHA256
006e3822bd34991d969220d050e1ac50007f8f642b4c25f69c0ea112aa218722
-
SHA512
1520a226b22e5197f4b6c0204216ea627b423c88192416f2accfa4e8292d81ea7f1117fdf4417a9a96e526af0c541d86fb74dbf0a1bf303f0cb4af98a7c6154e
-
SSDEEP
384:H5iFBXU6XXjuDIKkziVam9BvkLflwMrZwaNJawcudoD7UMx9:8BXUQuOz+am9BWljnbcuyD7UMv
Score8/10-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Indicator Removal
1File Deletion
1Modify Registry
3