General
-
Target
cefe485a7bbd3cdd4083937acbf4c190_JaffaCakes118
-
Size
240KB
-
Sample
240906-h9n7gstfng
-
MD5
cefe485a7bbd3cdd4083937acbf4c190
-
SHA1
b3eca25f34ffdfd0591c7131afbc83eb79baf2de
-
SHA256
819445e393d4a3e7ac08cdb7754f6d4f0b150fd88a3d9ee1b1a258640e168bda
-
SHA512
b55e57caad388dc13f9e9e4b0f6aafdaf51666336420ccecc6c210057d2af8f3b2cc18717c558fa2e228f92da3733632f58a141030e144bd3e92384f3baf6029
-
SSDEEP
6144:mU03dwqsNwemAB0EqxF6snji81RUinKchhy/SQ:wdQQJs6
Malware Config
Targets
-
-
Target
cefe485a7bbd3cdd4083937acbf4c190_JaffaCakes118
-
Size
240KB
-
MD5
cefe485a7bbd3cdd4083937acbf4c190
-
SHA1
b3eca25f34ffdfd0591c7131afbc83eb79baf2de
-
SHA256
819445e393d4a3e7ac08cdb7754f6d4f0b150fd88a3d9ee1b1a258640e168bda
-
SHA512
b55e57caad388dc13f9e9e4b0f6aafdaf51666336420ccecc6c210057d2af8f3b2cc18717c558fa2e228f92da3733632f58a141030e144bd3e92384f3baf6029
-
SSDEEP
6144:mU03dwqsNwemAB0EqxF6snji81RUinKchhy/SQ:wdQQJs6
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2