General
-
Target
b4a9451af3eae12843ff4d2cc67d49cc_JaffaCakes118
-
Size
200KB
-
Sample
240821-xql1cavfnh
-
MD5
b4a9451af3eae12843ff4d2cc67d49cc
-
SHA1
4441af6785df6cab7ce2424c78b47091a3bbf31f
-
SHA256
5a1b92a89388b818ee6483e9c902e4a4211d059358d0bc1d97f23767f704baa0
-
SHA512
8c832c99a516300eb577e2e6d66f02b566af2e30f6c2a3d8204d99a9a40d516840e98fe705522d9f703a9b114b0778f5fa3a19f4ce4f42085998f93d2cb5f44c
-
SSDEEP
6144:T8O7Knvmb7/D26rfo9Am26fBXMZ8R3FXjrCTYTQdq4qJUGQBSpYCMnw2:gO7Knvmb7/D26zZ8R3FXjrC8T8q4qJgV
Malware Config
Targets
-
-
Target
b4a9451af3eae12843ff4d2cc67d49cc_JaffaCakes118
-
Size
200KB
-
MD5
b4a9451af3eae12843ff4d2cc67d49cc
-
SHA1
4441af6785df6cab7ce2424c78b47091a3bbf31f
-
SHA256
5a1b92a89388b818ee6483e9c902e4a4211d059358d0bc1d97f23767f704baa0
-
SHA512
8c832c99a516300eb577e2e6d66f02b566af2e30f6c2a3d8204d99a9a40d516840e98fe705522d9f703a9b114b0778f5fa3a19f4ce4f42085998f93d2cb5f44c
-
SSDEEP
6144:T8O7Knvmb7/D26rfo9Am26fBXMZ8R3FXjrCTYTQdq4qJUGQBSpYCMnw2:gO7Knvmb7/D26zZ8R3FXjrC8T8q4qJgV
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2