General
-
Target
b377797beecd1c81d492ab4da0ffcff0_JaffaCakes118
-
Size
176KB
-
Sample
240821-pq7ytaydkb
-
MD5
b377797beecd1c81d492ab4da0ffcff0
-
SHA1
d8db076b8d4a11be33c276cfbf2d6d7dfe5204d5
-
SHA256
a33b5de009953f4f86446051fcfc9f04be09d806d0d38c8e99c90b72af50f243
-
SHA512
a5fb1224fcac08935cb2b06b2199aba49e1313a195f55d7a34949b7e6074b6b843627ed9ab4de206985776f7905df86b1b5f15d67aae55e1495932d177af674f
-
SSDEEP
3072:wR4JqClzNAk9JuB/RVgU974KlGro2UWQRtgxC6c3ovNRdNUirqSmF7Nv5aus:wR2qCZNAYmVJ974KlGM/g46cYVWimF7+
Malware Config
Targets
-
-
Target
b377797beecd1c81d492ab4da0ffcff0_JaffaCakes118
-
Size
176KB
-
MD5
b377797beecd1c81d492ab4da0ffcff0
-
SHA1
d8db076b8d4a11be33c276cfbf2d6d7dfe5204d5
-
SHA256
a33b5de009953f4f86446051fcfc9f04be09d806d0d38c8e99c90b72af50f243
-
SHA512
a5fb1224fcac08935cb2b06b2199aba49e1313a195f55d7a34949b7e6074b6b843627ed9ab4de206985776f7905df86b1b5f15d67aae55e1495932d177af674f
-
SSDEEP
3072:wR4JqClzNAk9JuB/RVgU974KlGro2UWQRtgxC6c3ovNRdNUirqSmF7Nv5aus:wR2qCZNAYmVJ974KlGM/g46cYVWimF7+
Score8/10-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1