General
-
Target
b49b100cd9e2dd1ee8609163bdca73e5_JaffaCakes118
-
Size
224KB
-
Sample
240821-xetwtaybjm
-
MD5
b49b100cd9e2dd1ee8609163bdca73e5
-
SHA1
6874020d3f88a1cac6d5c8f627a183b1b74e4323
-
SHA256
af30c056f543be4be1d22a36caf7a3a6634df3eb5bf6f204288098093adfd7ac
-
SHA512
9036788c40d1b70321609ea2a60004af6436565cffe34b119bd4e644f06d7ddfa0cb65cd18f4add8b57158c507cac55d61da9cc3cf0ad160015254dd9aa58a18
-
SSDEEP
6144:DfZeYULmk3Uv5KKN0HOO6NYUzASgodcZ0TCxenNLpuScVdDvM:DfVUuYIAN0TkeNLpTYDU
Malware Config
Targets
-
-
Target
b49b100cd9e2dd1ee8609163bdca73e5_JaffaCakes118
-
Size
224KB
-
MD5
b49b100cd9e2dd1ee8609163bdca73e5
-
SHA1
6874020d3f88a1cac6d5c8f627a183b1b74e4323
-
SHA256
af30c056f543be4be1d22a36caf7a3a6634df3eb5bf6f204288098093adfd7ac
-
SHA512
9036788c40d1b70321609ea2a60004af6436565cffe34b119bd4e644f06d7ddfa0cb65cd18f4add8b57158c507cac55d61da9cc3cf0ad160015254dd9aa58a18
-
SSDEEP
6144:DfZeYULmk3Uv5KKN0HOO6NYUzASgodcZ0TCxenNLpuScVdDvM:DfVUuYIAN0TkeNLpTYDU
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2