General
-
Target
b9ea4529de1f51e0a33c504d214fe804_JaffaCakes118
-
Size
300KB
-
Sample
240823-ccb8rs1hmp
-
MD5
b9ea4529de1f51e0a33c504d214fe804
-
SHA1
93ab10e70380ee3d27a7743fd1e42d5f3f8186bd
-
SHA256
758d00a4e8f64aa53ae173545b617b94ab4e7d76dc2a269a3e3bd00e032664ec
-
SHA512
aa0bbc5484b7ed76c93a5a8865e8315c2f9ddcb222a5f61d0e42f43e3377680b882aa908301728e6dfb0935df6981a72387dd17759eb034411f82c3afa51f044
-
SSDEEP
6144:HzYbXDOrdTS7NjQLqztbRDora/wnmP43BfIHMqUnXOVXyss03q9SNxE9Euxo:AgXmXyss03ASwmuxo
Malware Config
Targets
-
-
Target
b9ea4529de1f51e0a33c504d214fe804_JaffaCakes118
-
Size
300KB
-
MD5
b9ea4529de1f51e0a33c504d214fe804
-
SHA1
93ab10e70380ee3d27a7743fd1e42d5f3f8186bd
-
SHA256
758d00a4e8f64aa53ae173545b617b94ab4e7d76dc2a269a3e3bd00e032664ec
-
SHA512
aa0bbc5484b7ed76c93a5a8865e8315c2f9ddcb222a5f61d0e42f43e3377680b882aa908301728e6dfb0935df6981a72387dd17759eb034411f82c3afa51f044
-
SSDEEP
6144:HzYbXDOrdTS7NjQLqztbRDora/wnmP43BfIHMqUnXOVXyss03q9SNxE9Euxo:AgXmXyss03ASwmuxo
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1