General
-
Target
ed010667eff2b838bdb1c53a593d1ac5_JaffaCakes118
-
Size
216KB
-
Sample
240920-g3zh7ssemf
-
MD5
ed010667eff2b838bdb1c53a593d1ac5
-
SHA1
38c5fa76ed5e21d1e7a302380a4860941f4703b7
-
SHA256
0a016010ea0696994f8234b63901ab5b52a96c8dbe40927c488b0d71d3e9862a
-
SHA512
93ca15a0259eb79662b14b815ef5ea9d4c3d3944d770b2c070e1ffdd814d81198b2ac7d3ef1d954376bba36149a62d94ef62d0d263ae86125a4f3147868a4b3e
-
SSDEEP
3072:CFvd/kFooHFGFooobAqzNOEbOKZbtpGPsLx:CFvtMPseNmKJtpL
Malware Config
Targets
-
-
Target
ed010667eff2b838bdb1c53a593d1ac5_JaffaCakes118
-
Size
216KB
-
MD5
ed010667eff2b838bdb1c53a593d1ac5
-
SHA1
38c5fa76ed5e21d1e7a302380a4860941f4703b7
-
SHA256
0a016010ea0696994f8234b63901ab5b52a96c8dbe40927c488b0d71d3e9862a
-
SHA512
93ca15a0259eb79662b14b815ef5ea9d4c3d3944d770b2c070e1ffdd814d81198b2ac7d3ef1d954376bba36149a62d94ef62d0d263ae86125a4f3147868a4b3e
-
SSDEEP
3072:CFvd/kFooHFGFooobAqzNOEbOKZbtpGPsLx:CFvtMPseNmKJtpL
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2