General
-
Target
ed8ed40400aea702452fc0feb0756247_JaffaCakes118
-
Size
100KB
-
Sample
240920-pcs8havhlc
-
MD5
ed8ed40400aea702452fc0feb0756247
-
SHA1
d61bf52539c465d3cd36c226dfaf4e203e0182af
-
SHA256
ab5337d052ed7b582a27a552020dd62676b2a4002748908eccab66e83ac01722
-
SHA512
ecabaa52b5cb7fca8166410ee4d2648a60af57e6a63820188e773df21ec0ad4688fc14e34b77457ba95c438927a3091784eab2b23bea1a5700ce4ecad284e0d4
-
SSDEEP
1536:+wtGx82NTzwYMGAc4ohrPXo+73Rez8b0SyuNIjnZq:ewHurPX7CuCnY
Malware Config
Targets
-
-
Target
ed8ed40400aea702452fc0feb0756247_JaffaCakes118
-
Size
100KB
-
MD5
ed8ed40400aea702452fc0feb0756247
-
SHA1
d61bf52539c465d3cd36c226dfaf4e203e0182af
-
SHA256
ab5337d052ed7b582a27a552020dd62676b2a4002748908eccab66e83ac01722
-
SHA512
ecabaa52b5cb7fca8166410ee4d2648a60af57e6a63820188e773df21ec0ad4688fc14e34b77457ba95c438927a3091784eab2b23bea1a5700ce4ecad284e0d4
-
SSDEEP
1536:+wtGx82NTzwYMGAc4ohrPXo+73Rez8b0SyuNIjnZq:ewHurPX7CuCnY
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2