General
-
Target
eab33c19ee52cde673807c8dc590140e_JaffaCakes118
-
Size
27KB
-
Sample
240919-ghwxkstfqm
-
MD5
eab33c19ee52cde673807c8dc590140e
-
SHA1
627bdc556fa65d02ff3ff1dceb5ee27cd30a3e2e
-
SHA256
41ba98d2771eb959414721f1782c8eb852e8cba0e6b6d63a6573aa106b3a2304
-
SHA512
27db00f128ebd8f995dbdf70ce70e6b94c1755c50b4d959986604e23cdd35ef227626b6920ed31ac11b6a437fb7d55a77beee26e553fee044826f74553b69ebf
-
SSDEEP
768:VkxOfJYwXKCWF4FnWsBud9LnsbKvVrDUS7m1rD:UOywX7qsWsBuns4lUS7m1X
Malware Config
Targets
-
-
Target
E-Post Label.vbs
-
Size
249KB
-
MD5
26a2367b6a0035d899ff71de3322c0a6
-
SHA1
887b82684544efe2441603763a1f8a34ddee4358
-
SHA256
0a2e4facb3402296c3d0734d3515a6f428819f6dfb4d9a06fc8d6d75fc3953d2
-
SHA512
3985000c57cd0ff1d65bb7a1d94d8505df69b4c376556fc74bd5a4fcd083f323de4bf03c15844fd30283ae7ec564fcce973a618eb7f893a3ef67ea68a22a3df8
-
SSDEEP
768:s109A1DgI0MTlpSqJpDET4ETR+GJosPJ+yE0voKETTjiPLhcUkrNoc:3MqPJ+L+DOCPLFkBr
Score10/10-
Modifies WinLogon for persistence
-
Adds policy Run key to start application
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Scheduled Task/Job
1Scheduled Task
1