General
-
Target
ea6916462f6f9a2edd5fcea487b2865a_JaffaCakes118
-
Size
300KB
-
Sample
240919-ctgvkswbrd
-
MD5
ea6916462f6f9a2edd5fcea487b2865a
-
SHA1
10ada51ff24818e03ff447dc3cc870961eaa116c
-
SHA256
e50ffb688da66e3d3f6c5089d9c2e5d904eb20d81c71cba9c9212402feca2f40
-
SHA512
e65f8bcf3f262e42de21be473c5664c2bcca225186cd596253a2a9f80046b3df8d0049b292e373c1ee34028a00835e2726aaf46cefff138911b18704e19d2425
-
SSDEEP
6144:4fJBNcNm1Sipa7sbuLoDRALJPJRWT+0rSYbdaK4R/lBFyyW9:u391SipaoKgwxRWT3W0pglby
Malware Config
Targets
-
-
Target
ea6916462f6f9a2edd5fcea487b2865a_JaffaCakes118
-
Size
300KB
-
MD5
ea6916462f6f9a2edd5fcea487b2865a
-
SHA1
10ada51ff24818e03ff447dc3cc870961eaa116c
-
SHA256
e50ffb688da66e3d3f6c5089d9c2e5d904eb20d81c71cba9c9212402feca2f40
-
SHA512
e65f8bcf3f262e42de21be473c5664c2bcca225186cd596253a2a9f80046b3df8d0049b292e373c1ee34028a00835e2726aaf46cefff138911b18704e19d2425
-
SSDEEP
6144:4fJBNcNm1Sipa7sbuLoDRALJPJRWT+0rSYbdaK4R/lBFyyW9:u391SipaoKgwxRWT3W0pglby
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1