General
-
Target
a9e8d1a30c8e2fd5c48f17000aa814c6_JaffaCakes118
-
Size
163KB
-
Sample
240819-g1ar3aycla
-
MD5
a9e8d1a30c8e2fd5c48f17000aa814c6
-
SHA1
df407372fa427b3444bd52d47db4c2ce4f255c99
-
SHA256
bf81d34d57b3fd15de4f92dd416fca1d6700824c73370beb5eddc4c766ec0efe
-
SHA512
fe367a193b718dc51f23fd37af41a557f403b704d139a8ae84fdf4c3fa2c73edbf8fc0a16b8fb24fd3aacb670b38526b8d00edc60a811fe0adbc9980af7e6844
-
SSDEEP
3072:lb9HdEgnc29JuB/RVgU974KlGro2UWQRtgxC6c3ovNRdNUirqSmF7Nv5D:l5HXbmVJ974KlGM/g46cYVWimF7hV
Malware Config
Targets
-
-
Target
a9e8d1a30c8e2fd5c48f17000aa814c6_JaffaCakes118
-
Size
163KB
-
MD5
a9e8d1a30c8e2fd5c48f17000aa814c6
-
SHA1
df407372fa427b3444bd52d47db4c2ce4f255c99
-
SHA256
bf81d34d57b3fd15de4f92dd416fca1d6700824c73370beb5eddc4c766ec0efe
-
SHA512
fe367a193b718dc51f23fd37af41a557f403b704d139a8ae84fdf4c3fa2c73edbf8fc0a16b8fb24fd3aacb670b38526b8d00edc60a811fe0adbc9980af7e6844
-
SSDEEP
3072:lb9HdEgnc29JuB/RVgU974KlGro2UWQRtgxC6c3ovNRdNUirqSmF7Nv5D:l5HXbmVJ974KlGM/g46cYVWimF7hV
Score8/10-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1