General
-
Target
ac85b8b7e876747b94fde4bfb2022db2_JaffaCakes118
-
Size
128KB
-
Sample
240819-zlkylaygmm
-
MD5
ac85b8b7e876747b94fde4bfb2022db2
-
SHA1
e85ef8a14208f7bde3e176f7a3e4cbd8581af2c8
-
SHA256
38d69ee5ac4639766974e7e34c007315f470720b3aeecf34426bbe38d7a4b4ea
-
SHA512
4bd03fb7ceb60110debb4f16ac7011ad9063433c5d07f2e916c35c9b89de618269bbe5ebb86ea440159b0bd95590d99136486ffa3e7007de20ded5edd82196d3
-
SSDEEP
1536:dJNIvrNeFVOlijvA8ah0hj190R0nEWd1tXfkEwU2N:jNIJeTOMbWUbU232
Malware Config
Targets
-
-
Target
ac85b8b7e876747b94fde4bfb2022db2_JaffaCakes118
-
Size
128KB
-
MD5
ac85b8b7e876747b94fde4bfb2022db2
-
SHA1
e85ef8a14208f7bde3e176f7a3e4cbd8581af2c8
-
SHA256
38d69ee5ac4639766974e7e34c007315f470720b3aeecf34426bbe38d7a4b4ea
-
SHA512
4bd03fb7ceb60110debb4f16ac7011ad9063433c5d07f2e916c35c9b89de618269bbe5ebb86ea440159b0bd95590d99136486ffa3e7007de20ded5edd82196d3
-
SSDEEP
1536:dJNIvrNeFVOlijvA8ah0hj190R0nEWd1tXfkEwU2N:jNIJeTOMbWUbU232
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2