General
-
Target
b4067c63ff24911b3be633c4a0fc2ffb_JaffaCakes118
-
Size
96KB
-
Sample
240821-sy8rvswfmg
-
MD5
b4067c63ff24911b3be633c4a0fc2ffb
-
SHA1
50991b9e3200789132ed6b90f782786df947e7e4
-
SHA256
e6682204605b3b98e2663f540593503504bfd2148d9ed98f61b80781fcd0c794
-
SHA512
9f25bc13e234d4ab31500534c2a1c004fbd4a52a1adf715ce075ed7720455699154374549b0dceaec97d07970edc469a14b1a2b0ab564c15a30df478d367de51
-
SSDEEP
1536:NKQBHpf6cO/hukGulSc16l6u+NMMl/KlYv1Tq5ThFfNIjnZXI:rih7lu8CFFfCnlI
Malware Config
Targets
-
-
Target
b4067c63ff24911b3be633c4a0fc2ffb_JaffaCakes118
-
Size
96KB
-
MD5
b4067c63ff24911b3be633c4a0fc2ffb
-
SHA1
50991b9e3200789132ed6b90f782786df947e7e4
-
SHA256
e6682204605b3b98e2663f540593503504bfd2148d9ed98f61b80781fcd0c794
-
SHA512
9f25bc13e234d4ab31500534c2a1c004fbd4a52a1adf715ce075ed7720455699154374549b0dceaec97d07970edc469a14b1a2b0ab564c15a30df478d367de51
-
SSDEEP
1536:NKQBHpf6cO/hukGulSc16l6u+NMMl/KlYv1Tq5ThFfNIjnZXI:rih7lu8CFFfCnlI
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2