General
-
Target
b0d97ad3df3f461f45abbcdef6ca8138_JaffaCakes118
-
Size
96KB
-
Sample
240820-zz5vxsxcqp
-
MD5
b0d97ad3df3f461f45abbcdef6ca8138
-
SHA1
3feb1f2ef3b36b4fd3820cf85b716612a96401fa
-
SHA256
f43612cad4fe3d43ab23f0cace438887b52e053ba55f4289a632b2a650f10d16
-
SHA512
54712d116918f821cc92f27a88090a37cbeadc6efbdebb29d05ba4d4234be2a7a64cc0a55be14b1254939ad9290411d50a2fcf7fa271aa66183e16da34029481
-
SSDEEP
1536:DdQBH+f6cO/hisDkGulSc16l6u+NMMl/KlYv1Tq5ThFgNIjnZpt:glhiXlu8CFFgCnbt
Malware Config
Targets
-
-
Target
b0d97ad3df3f461f45abbcdef6ca8138_JaffaCakes118
-
Size
96KB
-
MD5
b0d97ad3df3f461f45abbcdef6ca8138
-
SHA1
3feb1f2ef3b36b4fd3820cf85b716612a96401fa
-
SHA256
f43612cad4fe3d43ab23f0cace438887b52e053ba55f4289a632b2a650f10d16
-
SHA512
54712d116918f821cc92f27a88090a37cbeadc6efbdebb29d05ba4d4234be2a7a64cc0a55be14b1254939ad9290411d50a2fcf7fa271aa66183e16da34029481
-
SSDEEP
1536:DdQBH+f6cO/hisDkGulSc16l6u+NMMl/KlYv1Tq5ThFgNIjnZpt:glhiXlu8CFFgCnbt
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2