General
-
Target
bcb902148ebeb8cda50455163b471f2a_JaffaCakes118
-
Size
100KB
-
Sample
240823-w7snsasakr
-
MD5
bcb902148ebeb8cda50455163b471f2a
-
SHA1
f62a0d81cfbe350ada9483ef6331fb0285793d50
-
SHA256
580fbe5ee08c355325975004b59fa40883e1f4cd48e5700fd37db81006dc660f
-
SHA512
e77b61206fd42db46638c416950804537eeffc520ade0bff99cf227c7f5da367cfb2b3e8252bdc847e16f7bcce176012b7cda9fcb0ad0818029f401cff2d6a5d
-
SSDEEP
1536:ZCl0ccPBneLOB+dGrNjjmJ2NuKuFr1M5B4QbCcIyX:hPBMOB++jOWrX
Malware Config
Targets
-
-
Target
bcb902148ebeb8cda50455163b471f2a_JaffaCakes118
-
Size
100KB
-
MD5
bcb902148ebeb8cda50455163b471f2a
-
SHA1
f62a0d81cfbe350ada9483ef6331fb0285793d50
-
SHA256
580fbe5ee08c355325975004b59fa40883e1f4cd48e5700fd37db81006dc660f
-
SHA512
e77b61206fd42db46638c416950804537eeffc520ade0bff99cf227c7f5da367cfb2b3e8252bdc847e16f7bcce176012b7cda9fcb0ad0818029f401cff2d6a5d
-
SSDEEP
1536:ZCl0ccPBneLOB+dGrNjjmJ2NuKuFr1M5B4QbCcIyX:hPBMOB++jOWrX
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2