General
-
Target
b26992fe8fd1208bb2aad1f0fc8eb1bf_JaffaCakes118
-
Size
84KB
-
Sample
240821-g7h21sxerm
-
MD5
b26992fe8fd1208bb2aad1f0fc8eb1bf
-
SHA1
0af8ba5f45c6a5b918a0ca0d1e64a3a72608081a
-
SHA256
e7010ff576b408ac5824f52e9773bda76d00bf2f38b90f16772934e2798bb4d9
-
SHA512
1e26da46a5dd4c1402a1f5eb5eaa40c1f202c5da95a1f7d4e76347a4e1ec7927b43f21312eb266504d79a6f2c86e9a09ad285921515a3642a2760c2b597df2ca
-
SSDEEP
1536:h6ggfUfojGnRR1J0+6Q230jgBhVulU8KgKFVXljQG6q8+t:h6uxJ0+yBz6jK9XtQ88+t
Malware Config
Targets
-
-
Target
b26992fe8fd1208bb2aad1f0fc8eb1bf_JaffaCakes118
-
Size
84KB
-
MD5
b26992fe8fd1208bb2aad1f0fc8eb1bf
-
SHA1
0af8ba5f45c6a5b918a0ca0d1e64a3a72608081a
-
SHA256
e7010ff576b408ac5824f52e9773bda76d00bf2f38b90f16772934e2798bb4d9
-
SHA512
1e26da46a5dd4c1402a1f5eb5eaa40c1f202c5da95a1f7d4e76347a4e1ec7927b43f21312eb266504d79a6f2c86e9a09ad285921515a3642a2760c2b597df2ca
-
SSDEEP
1536:h6ggfUfojGnRR1J0+6Q230jgBhVulU8KgKFVXljQG6q8+t:h6uxJ0+yBz6jK9XtQ88+t
Score8/10-
Server Software Component: Terminal Services DLL
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Server Software Component
1Terminal Services DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1