General

  • Target

    b4067c63ff24911b3be633c4a0fc2ffb_JaffaCakes118

  • Size

    96KB

  • Sample

    240821-sy8rvswfmg

  • MD5

    b4067c63ff24911b3be633c4a0fc2ffb

  • SHA1

    50991b9e3200789132ed6b90f782786df947e7e4

  • SHA256

    e6682204605b3b98e2663f540593503504bfd2148d9ed98f61b80781fcd0c794

  • SHA512

    9f25bc13e234d4ab31500534c2a1c004fbd4a52a1adf715ce075ed7720455699154374549b0dceaec97d07970edc469a14b1a2b0ab564c15a30df478d367de51

  • SSDEEP

    1536:NKQBHpf6cO/hukGulSc16l6u+NMMl/KlYv1Tq5ThFfNIjnZXI:rih7lu8CFFfCnlI

Malware Config

Targets

    • Target

      b4067c63ff24911b3be633c4a0fc2ffb_JaffaCakes118

    • Size

      96KB

    • MD5

      b4067c63ff24911b3be633c4a0fc2ffb

    • SHA1

      50991b9e3200789132ed6b90f782786df947e7e4

    • SHA256

      e6682204605b3b98e2663f540593503504bfd2148d9ed98f61b80781fcd0c794

    • SHA512

      9f25bc13e234d4ab31500534c2a1c004fbd4a52a1adf715ce075ed7720455699154374549b0dceaec97d07970edc469a14b1a2b0ab564c15a30df478d367de51

    • SSDEEP

      1536:NKQBHpf6cO/hukGulSc16l6u+NMMl/KlYv1Tq5ThFfNIjnZXI:rih7lu8CFFfCnlI

    • Modifies visiblity of hidden/system files in Explorer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks