General
-
Target
e0429d505642e0d79ac2740fc5950750_JaffaCakes118
-
Size
61KB
-
Sample
240914-qjd8lawall
-
MD5
e0429d505642e0d79ac2740fc5950750
-
SHA1
e107f7dd1e7e1cb0c21f136cbde4d92a19aeb2bb
-
SHA256
427e589e554cf195057169b6c737173ebe21a8edeec3170b1d9423b19402149f
-
SHA512
a396cf2a485333a5714c5e25e3b58c29d67beaea50328a19e8c410a03eb04108b30fa776db1a4709a728b394057c5878a29d7884e7fbab9d57fc704ed26d47de
-
SSDEEP
1536:MiMF/5zutWoFMOUgHluFRR2t/L8DwVg0Eq:SF/to4OUU8FqADlfq
Malware Config
Targets
-
-
Target
e0429d505642e0d79ac2740fc5950750_JaffaCakes118
-
Size
61KB
-
MD5
e0429d505642e0d79ac2740fc5950750
-
SHA1
e107f7dd1e7e1cb0c21f136cbde4d92a19aeb2bb
-
SHA256
427e589e554cf195057169b6c737173ebe21a8edeec3170b1d9423b19402149f
-
SHA512
a396cf2a485333a5714c5e25e3b58c29d67beaea50328a19e8c410a03eb04108b30fa776db1a4709a728b394057c5878a29d7884e7fbab9d57fc704ed26d47de
-
SSDEEP
1536:MiMF/5zutWoFMOUgHluFRR2t/L8DwVg0Eq:SF/to4OUU8FqADlfq
Score8/10-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in System32 directory
-