General
-
Target
ece5858c70983dd9d652a0a1de80743e_JaffaCakes118
-
Size
256KB
-
Sample
240920-fr2zhszdqh
-
MD5
ece5858c70983dd9d652a0a1de80743e
-
SHA1
0eae8ab45f599b92a9e418650fda9fbac094b6c8
-
SHA256
9505d638bcf08341b06d9ecc14979285d5cfa0099c95ed5798943714ce01ca63
-
SHA512
66b7f46205ea6c4100e35913c5ab0957d6e3dbb4e90b0f211f5d0e94b09b0dc3ab7472d5a9327d8865c38472f5825ad1d1bf9cfb01a59aaef203522bff22bd7e
-
SSDEEP
3072:4vvCbVjE/ZZevZR7hm4wsX523PK9gSxbyZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ2:bzThm4wC523i/TTHUkjHxw/Y
Malware Config
Targets
-
-
Target
ece5858c70983dd9d652a0a1de80743e_JaffaCakes118
-
Size
256KB
-
MD5
ece5858c70983dd9d652a0a1de80743e
-
SHA1
0eae8ab45f599b92a9e418650fda9fbac094b6c8
-
SHA256
9505d638bcf08341b06d9ecc14979285d5cfa0099c95ed5798943714ce01ca63
-
SHA512
66b7f46205ea6c4100e35913c5ab0957d6e3dbb4e90b0f211f5d0e94b09b0dc3ab7472d5a9327d8865c38472f5825ad1d1bf9cfb01a59aaef203522bff22bd7e
-
SSDEEP
3072:4vvCbVjE/ZZevZR7hm4wsX523PK9gSxbyZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ2:bzThm4wC523i/TTHUkjHxw/Y
Score10/10-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Modifies WinLogon
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
4