General
-
Target
eabbc08a8189ea8dde19c9506688f59d_JaffaCakes118
-
Size
16KB
-
Sample
240919-gwxq2avajh
-
MD5
eabbc08a8189ea8dde19c9506688f59d
-
SHA1
1105140d0052f99a9e97bc5f6384fde7e80c41ed
-
SHA256
1aa8d41eb19116f0ece101067494bd602a78ac30c8dfa194b24ae0b444eb73fc
-
SHA512
57539fd1eedba509e262fe8a148bb1b23d3cbb9f9bae2ece0e9efdddfaadf59082d4dc57fb80ca95f0f813ba00d8bfca824f2a46bac41e779a44c44ed4ee18f4
-
SSDEEP
384:ruYgL+iWP3hgE7Q2BhMfVAgtCwLYU50U9gsZjH:XFhH7fMf6PwLYoVH
Malware Config
Targets
-
-
Target
eabbc08a8189ea8dde19c9506688f59d_JaffaCakes118
-
Size
16KB
-
MD5
eabbc08a8189ea8dde19c9506688f59d
-
SHA1
1105140d0052f99a9e97bc5f6384fde7e80c41ed
-
SHA256
1aa8d41eb19116f0ece101067494bd602a78ac30c8dfa194b24ae0b444eb73fc
-
SHA512
57539fd1eedba509e262fe8a148bb1b23d3cbb9f9bae2ece0e9efdddfaadf59082d4dc57fb80ca95f0f813ba00d8bfca824f2a46bac41e779a44c44ed4ee18f4
-
SSDEEP
384:ruYgL+iWP3hgE7Q2BhMfVAgtCwLYU50U9gsZjH:XFhH7fMf6PwLYoVH
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Indicator Removal
1File Deletion
1Modify Registry
3