General
-
Target
de76d0c029ce885b52818fe956424dc6_JaffaCakes118
-
Size
202KB
-
Sample
240913-td9zvswdkn
-
MD5
de76d0c029ce885b52818fe956424dc6
-
SHA1
714de4bb81a9ff1b3fc17d9e442ea1ae223a51ff
-
SHA256
3f342494cd5169870b34216ae90d7c661f316df2edda03b5efb751521183015a
-
SHA512
6e72c5d48ee2d6be197203c80958bbe9a3fad14975aa85138d6d17d4ba85bfba5e16db33fa6b23d6d61cfcc531227793587408d5deb4a08e099c19d4fac281be
-
SSDEEP
6144:hWHgRO+dra+sF4GId/U5VTNGWxX12rDc2HR2J:hWd+dra9FXI1U5VJGWxlYDZY
Malware Config
Targets
-
-
Target
de76d0c029ce885b52818fe956424dc6_JaffaCakes118
-
Size
202KB
-
MD5
de76d0c029ce885b52818fe956424dc6
-
SHA1
714de4bb81a9ff1b3fc17d9e442ea1ae223a51ff
-
SHA256
3f342494cd5169870b34216ae90d7c661f316df2edda03b5efb751521183015a
-
SHA512
6e72c5d48ee2d6be197203c80958bbe9a3fad14975aa85138d6d17d4ba85bfba5e16db33fa6b23d6d61cfcc531227793587408d5deb4a08e099c19d4fac281be
-
SSDEEP
6144:hWHgRO+dra+sF4GId/U5VTNGWxX12rDc2HR2J:hWd+dra9FXI1U5VJGWxlYDZY
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
3Hidden Files and Directories
3Indicator Removal
1File Deletion
1Modify Registry
4