General
-
Target
be2421eb7d93b963725ec2fd87a6ce42_JaffaCakes118
-
Size
415KB
-
Sample
240824-ja7p8azbmh
-
MD5
be2421eb7d93b963725ec2fd87a6ce42
-
SHA1
91b70e3c64553ebcc507212d764e99f56ed689a4
-
SHA256
3bb8465a64556885bdae23336b463833fa81d918a7567f1d3dd553437e43d9a5
-
SHA512
8f09df9882cfd29fc62cac8f1e4d5ccedf06b02c18456eb36c86218b49b950cd1f757b079ef4f8576b7316fb69dcb10cfead8fc15541e4ea3bee69157beea4a8
-
SSDEEP
12288:Y8OMilaWWgrHqkCpkQrQ72P6ZPSCL3TGcq77mm2:YJ9eEKfVM722PSyImm2
Malware Config
Targets
-
-
Target
be2421eb7d93b963725ec2fd87a6ce42_JaffaCakes118
-
Size
415KB
-
MD5
be2421eb7d93b963725ec2fd87a6ce42
-
SHA1
91b70e3c64553ebcc507212d764e99f56ed689a4
-
SHA256
3bb8465a64556885bdae23336b463833fa81d918a7567f1d3dd553437e43d9a5
-
SHA512
8f09df9882cfd29fc62cac8f1e4d5ccedf06b02c18456eb36c86218b49b950cd1f757b079ef4f8576b7316fb69dcb10cfead8fc15541e4ea3bee69157beea4a8
-
SSDEEP
12288:Y8OMilaWWgrHqkCpkQrQ72P6ZPSCL3TGcq77mm2:YJ9eEKfVM722PSyImm2
Score8/10-
Adds policy Run key to start application
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1