General
-
Target
ead3e693a1caf5b1f180540b79254443_JaffaCakes118
-
Size
240KB
-
Sample
240919-h2mcxsxarr
-
MD5
ead3e693a1caf5b1f180540b79254443
-
SHA1
9efc46c0f6c9f949bd438419cd84c5bc99893e2c
-
SHA256
e28f0aa659d654dcb2b2f2b8241605b12d5ec64e728af8e4fde0d2b039c1727a
-
SHA512
d6e5a4b048d05186b91a1f5007477c3d7c94137eeffc7e4e08284826005300e266c05c31a65cf037bf627c4432991d8773f90f5a2e34d2c7e3b89a3f8662b7ad
-
SSDEEP
3072:L29fHPGOl8QR13yYyW67RLT7cuxOXE85rwV9b1n3s3A:L293KQL3DG8iOXE8dw71ne
Malware Config
Targets
-
-
Target
ead3e693a1caf5b1f180540b79254443_JaffaCakes118
-
Size
240KB
-
MD5
ead3e693a1caf5b1f180540b79254443
-
SHA1
9efc46c0f6c9f949bd438419cd84c5bc99893e2c
-
SHA256
e28f0aa659d654dcb2b2f2b8241605b12d5ec64e728af8e4fde0d2b039c1727a
-
SHA512
d6e5a4b048d05186b91a1f5007477c3d7c94137eeffc7e4e08284826005300e266c05c31a65cf037bf627c4432991d8773f90f5a2e34d2c7e3b89a3f8662b7ad
-
SSDEEP
3072:L29fHPGOl8QR13yYyW67RLT7cuxOXE85rwV9b1n3s3A:L293KQL3DG8iOXE8dw71ne
Score8/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1