General
-
Target
ee768a45bb367321c3fc13a29be20451_JaffaCakes118
-
Size
100KB
-
Sample
240920-1ehekazaqn
-
MD5
ee768a45bb367321c3fc13a29be20451
-
SHA1
ad2c0a8466b20b92764e130be77af867b0e38b55
-
SHA256
832e833ea24b923f47dfbac992366388074d16c98353c3138d060485973653b3
-
SHA512
5e1e352f2982fa400b152358108904308e81618fa57abc1e34fd0c59419c65e16a1daed5e9fcf2cad3ca69f800ca469e7093702f7442d8c8329999a9597ac64c
-
SSDEEP
1536:UQtGz82NTzwK8MGAc4ohrPXo+73Rez8b0SyKNIjnZrJ:CwKLurPX7CKCnlJ
Malware Config
Targets
-
-
Target
ee768a45bb367321c3fc13a29be20451_JaffaCakes118
-
Size
100KB
-
MD5
ee768a45bb367321c3fc13a29be20451
-
SHA1
ad2c0a8466b20b92764e130be77af867b0e38b55
-
SHA256
832e833ea24b923f47dfbac992366388074d16c98353c3138d060485973653b3
-
SHA512
5e1e352f2982fa400b152358108904308e81618fa57abc1e34fd0c59419c65e16a1daed5e9fcf2cad3ca69f800ca469e7093702f7442d8c8329999a9597ac64c
-
SSDEEP
1536:UQtGz82NTzwK8MGAc4ohrPXo+73Rez8b0SyKNIjnZrJ:CwKLurPX7CKCnlJ
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2