General
-
Target
eaa8781d573779faffc72c3b5ac4cec5_JaffaCakes118
-
Size
252KB
-
Sample
240919-fzxprssera
-
MD5
eaa8781d573779faffc72c3b5ac4cec5
-
SHA1
499bc6f0d96b1e736e06fc0fa274744397909b92
-
SHA256
d820862b1a873017018386baef7d12eaccae4b735e68348240d7ad36c475bed7
-
SHA512
8b4984d2a0dc8e138b8a47676eac0e8c7efb2a10589d023c1b0a2bc5a729b41d540f4996de63f887c1e70eac5508cd8c49058a79ca701889d703c638f3839c82
-
SSDEEP
3072:bP95HJNocTx9YE9/7ImOequZmwjFvjQsYRmW:x5pNoSJz5Zm+vjQsYn
Malware Config
Targets
-
-
Target
eaa8781d573779faffc72c3b5ac4cec5_JaffaCakes118
-
Size
252KB
-
MD5
eaa8781d573779faffc72c3b5ac4cec5
-
SHA1
499bc6f0d96b1e736e06fc0fa274744397909b92
-
SHA256
d820862b1a873017018386baef7d12eaccae4b735e68348240d7ad36c475bed7
-
SHA512
8b4984d2a0dc8e138b8a47676eac0e8c7efb2a10589d023c1b0a2bc5a729b41d540f4996de63f887c1e70eac5508cd8c49058a79ca701889d703c638f3839c82
-
SSDEEP
3072:bP95HJNocTx9YE9/7ImOequZmwjFvjQsYRmW:x5pNoSJz5Zm+vjQsYn
Score8/10-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Indicator Removal
1File Deletion
1Modify Registry
4Subvert Trust Controls
1Install Root Certificate
1