General
-
Target
ecdda6fdb5072617d936eb827c7187f7_JaffaCakes118
-
Size
152KB
-
Sample
240920-fd62bayhla
-
MD5
ecdda6fdb5072617d936eb827c7187f7
-
SHA1
3e8da0b81b15339935929e6d77ca1e686a11be85
-
SHA256
a6cfc30230f60be473e541ca02cc81141ee7091efbad6b1edcea7621e905d783
-
SHA512
44f2d0963b9b466447a40449fb26e82e345db8bb476fc4af63536eade02d2eba5529a4ebdb91554e71606eb25e9c4ad6b5cc5c6e7f107e6eede443ae51a244a1
-
SSDEEP
3072:7mlwPTYhjIgx+7MxJUbaxI3zQyzLBuT+ZAok:6x+7Mxa0yzd1k
Malware Config
Targets
-
-
Target
ecdda6fdb5072617d936eb827c7187f7_JaffaCakes118
-
Size
152KB
-
MD5
ecdda6fdb5072617d936eb827c7187f7
-
SHA1
3e8da0b81b15339935929e6d77ca1e686a11be85
-
SHA256
a6cfc30230f60be473e541ca02cc81141ee7091efbad6b1edcea7621e905d783
-
SHA512
44f2d0963b9b466447a40449fb26e82e345db8bb476fc4af63536eade02d2eba5529a4ebdb91554e71606eb25e9c4ad6b5cc5c6e7f107e6eede443ae51a244a1
-
SSDEEP
3072:7mlwPTYhjIgx+7MxJUbaxI3zQyzLBuT+ZAok:6x+7Mxa0yzd1k
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2