General
-
Target
b4eb4a26f714ed96ea77de17f840c288_JaffaCakes118
-
Size
17KB
-
Sample
240821-y8dmcsserj
-
MD5
b4eb4a26f714ed96ea77de17f840c288
-
SHA1
85923d427b88717fc82d17b4bb32dfbad8935042
-
SHA256
8398dab901d543e14667ee9c7051e34f99f2dbbf832c31d23193ba85f5748114
-
SHA512
30bc4c3bcb3f74dd80b486b8b9bef770e6cfed810d791c002f87441e42c34bb77bc8249361b5afec7b3561b9bbce5314392f996a8fe0e7952a0794200c27d221
-
SSDEEP
384:4FKOTL1PcmZO2Zp+Nye8pqrmub8TyztsDN:4Ee1PoKK8o8TyJc
Malware Config
Targets
-
-
Target
b4eb4a26f714ed96ea77de17f840c288_JaffaCakes118
-
Size
17KB
-
MD5
b4eb4a26f714ed96ea77de17f840c288
-
SHA1
85923d427b88717fc82d17b4bb32dfbad8935042
-
SHA256
8398dab901d543e14667ee9c7051e34f99f2dbbf832c31d23193ba85f5748114
-
SHA512
30bc4c3bcb3f74dd80b486b8b9bef770e6cfed810d791c002f87441e42c34bb77bc8249361b5afec7b3561b9bbce5314392f996a8fe0e7952a0794200c27d221
-
SSDEEP
384:4FKOTL1PcmZO2Zp+Nye8pqrmub8TyztsDN:4Ee1PoKK8o8TyJc
Score8/10-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1