General
-
Target
b04475ad65b210fb0d74e0b0e58837b5_JaffaCakes118
-
Size
75KB
-
Sample
240820-wnj8aszdkq
-
MD5
b04475ad65b210fb0d74e0b0e58837b5
-
SHA1
45cdcb434eeaad34448bd557daf5865b7b0d086a
-
SHA256
dad54e17620a464e58e162d6883cc559c2ea4ff7b1e66ba538d9196b6fb425a4
-
SHA512
3e9e110a4167470c4fd1d10e6584a128bd3ba08223e574369b851cadc57a1cab2f7c744555223b9b1a6aec5fcfca0c3b68170b8fef0186bd3dafeb38501d4178
-
SSDEEP
1536:yBej95nI6HSpc+UIqnEixqOLaJ5bOD+OMh0Fkr:PLnI6RoqnxqRjU+OUekr
Malware Config
Targets
-
-
Target
b04475ad65b210fb0d74e0b0e58837b5_JaffaCakes118
-
Size
75KB
-
MD5
b04475ad65b210fb0d74e0b0e58837b5
-
SHA1
45cdcb434eeaad34448bd557daf5865b7b0d086a
-
SHA256
dad54e17620a464e58e162d6883cc559c2ea4ff7b1e66ba538d9196b6fb425a4
-
SHA512
3e9e110a4167470c4fd1d10e6584a128bd3ba08223e574369b851cadc57a1cab2f7c744555223b9b1a6aec5fcfca0c3b68170b8fef0186bd3dafeb38501d4178
-
SSDEEP
1536:yBej95nI6HSpc+UIqnEixqOLaJ5bOD+OMh0Fkr:PLnI6RoqnxqRjU+OUekr
Score10/10-
Modifies WinLogon for persistence
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1