General
-
Target
bab4bcf3724fd8d549946b75de0869fe_JaffaCakes118
-
Size
18KB
-
Sample
240823-g873jasbnq
-
MD5
bab4bcf3724fd8d549946b75de0869fe
-
SHA1
75c906818933a736d7184612656b0c9a72d5f403
-
SHA256
33099620b69be4a1c2139eb26290dd7fe66b2bd8924d1cc99330c469bba09016
-
SHA512
22c5260880e103cad4dd02d60ef1b325e47672a07cfee103623cbd0f94a5bd4ec420ebc0cb852b9459856516f663fa335d6538f4cb07eab997dea012391aa6f8
-
SSDEEP
384:vHi3ihkJoR/Edf4ONy+W2bW+GGUvTbS1woKaNJawcudoD7UNh:vHmiWxy+TgHXcwAnbcuyD7UN
Malware Config
Targets
-
-
Target
bab4bcf3724fd8d549946b75de0869fe_JaffaCakes118
-
Size
18KB
-
MD5
bab4bcf3724fd8d549946b75de0869fe
-
SHA1
75c906818933a736d7184612656b0c9a72d5f403
-
SHA256
33099620b69be4a1c2139eb26290dd7fe66b2bd8924d1cc99330c469bba09016
-
SHA512
22c5260880e103cad4dd02d60ef1b325e47672a07cfee103623cbd0f94a5bd4ec420ebc0cb852b9459856516f663fa335d6538f4cb07eab997dea012391aa6f8
-
SSDEEP
384:vHi3ihkJoR/Edf4ONy+W2bW+GGUvTbS1woKaNJawcudoD7UNh:vHmiWxy+TgHXcwAnbcuyD7UN
Score10/10-
Modifies WinLogon for persistence
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Indicator Removal
1File Deletion
1Modify Registry
4