General
-
Target
ed4670f1094555a4d2670ccc19772a20_JaffaCakes118
-
Size
1.8MB
-
Sample
240920-k6dmpayhnk
-
MD5
ed4670f1094555a4d2670ccc19772a20
-
SHA1
75c8c9602bf38eefdc1c4db7502772e1fe4afa7f
-
SHA256
ca5caf81926a4f2bd191ac8d521224dd9b2e9fe7eaad3c3cb65f1a4d3bc969c1
-
SHA512
c67587e7b3017309571beb0f00f3e47ba4fa7edb0010b8d30a56f0dbae2496889c4024b08b89b8982a023f94887cd4488b08e2f2a61d04da270b8b1cafb03f34
-
SSDEEP
49152:ibyWxwChYAgsMMMMMM0+lJbYD5iZhC7QMMBo+:CylAMMMMMMh82h
Malware Config
Targets
-
-
Target
ed4670f1094555a4d2670ccc19772a20_JaffaCakes118
-
Size
1.8MB
-
MD5
ed4670f1094555a4d2670ccc19772a20
-
SHA1
75c8c9602bf38eefdc1c4db7502772e1fe4afa7f
-
SHA256
ca5caf81926a4f2bd191ac8d521224dd9b2e9fe7eaad3c3cb65f1a4d3bc969c1
-
SHA512
c67587e7b3017309571beb0f00f3e47ba4fa7edb0010b8d30a56f0dbae2496889c4024b08b89b8982a023f94887cd4488b08e2f2a61d04da270b8b1cafb03f34
-
SSDEEP
49152:ibyWxwChYAgsMMMMMM0+lJbYD5iZhC7QMMBo+:CylAMMMMMMh82h
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
4