General
-
Target
b59a39b08895d66412b11ea574360867_JaffaCakes118
-
Size
17KB
-
Sample
240822-akjayayapb
-
MD5
b59a39b08895d66412b11ea574360867
-
SHA1
99058c791114c891ca3fdcd6612ce9f01e4752af
-
SHA256
6f764e286ebf83de7f30447b2fda58e16d27e98e6eadf7c9cf0ca08fe0de1323
-
SHA512
2629581eba90e82917cb2ea84343a0c3e164c8a6be5ceba08591257ec24d45d338c987c341fd6aa8e973269289d1e3512ada5769993ba77c9fa225ddfe5736b1
-
SSDEEP
384:fF5qIs/DV5cmZO2Zp+Nye8pqrmub8TyztsDN:f3qIwV5oKK8o8TyJc
Malware Config
Targets
-
-
Target
b59a39b08895d66412b11ea574360867_JaffaCakes118
-
Size
17KB
-
MD5
b59a39b08895d66412b11ea574360867
-
SHA1
99058c791114c891ca3fdcd6612ce9f01e4752af
-
SHA256
6f764e286ebf83de7f30447b2fda58e16d27e98e6eadf7c9cf0ca08fe0de1323
-
SHA512
2629581eba90e82917cb2ea84343a0c3e164c8a6be5ceba08591257ec24d45d338c987c341fd6aa8e973269289d1e3512ada5769993ba77c9fa225ddfe5736b1
-
SSDEEP
384:fF5qIs/DV5cmZO2Zp+Nye8pqrmub8TyztsDN:f3qIwV5oKK8o8TyJc
Score8/10-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1