General
-
Target
d0217294cb34126c00166363d2b761d4_JaffaCakes118
-
Size
89KB
-
Sample
240906-wh2v6azhqa
-
MD5
d0217294cb34126c00166363d2b761d4
-
SHA1
2175176c26193f35374f1dab3787f15013f12cae
-
SHA256
bb20e5cccdda326bbbbe93769f2d6f9376b22d77ac2b700f482f8781475a9eb9
-
SHA512
5aa79a2f14ece86822cef4473f48a46ec6f2551c5d3d5bdb8c6b7d5ce25b964f3e3c8c7da24f3600eaf04ca9571e743f8e73ea7d54877e70d2493fcf99e69bbb
-
SSDEEP
1536:tP0XkV2OpqKBJ2625SCQtG372Na0CpZYwRw:htVZ7G372Nal7
Malware Config
Targets
-
-
Target
d0217294cb34126c00166363d2b761d4_JaffaCakes118
-
Size
89KB
-
MD5
d0217294cb34126c00166363d2b761d4
-
SHA1
2175176c26193f35374f1dab3787f15013f12cae
-
SHA256
bb20e5cccdda326bbbbe93769f2d6f9376b22d77ac2b700f482f8781475a9eb9
-
SHA512
5aa79a2f14ece86822cef4473f48a46ec6f2551c5d3d5bdb8c6b7d5ce25b964f3e3c8c7da24f3600eaf04ca9571e743f8e73ea7d54877e70d2493fcf99e69bbb
-
SSDEEP
1536:tP0XkV2OpqKBJ2625SCQtG372Na0CpZYwRw:htVZ7G372Nal7
Score10/10-
Disables service(s)
-
Blocklisted process makes network request
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2