General
-
Target
edd49c94e4b8af4197cebdef16db1c47_JaffaCakes118
-
Size
18KB
-
Sample
240920-r9cywsseqq
-
MD5
edd49c94e4b8af4197cebdef16db1c47
-
SHA1
34e28916827122e4e34c5d1fe6014137b35f9798
-
SHA256
22ef0fc7b07788143eac54a8da40ad4d576ee70934120db5d1ed87c2c6c519f0
-
SHA512
927fce05315f8b160ec4b7f4c5684e9939db13d9b053d12d8cbf42713d449fac753bfc4f529b1a0bf529bf8ffc855f3d78dfa6bb619ff01f14925aff440f4ea5
-
SSDEEP
384:B3ihkJoR/Edf4ONy+W2bW+GGUvTbS1MEUaNJawcudoD7UNh:BiWxy+TgHXcJnbcuyD7UN
Malware Config
Targets
-
-
Target
edd49c94e4b8af4197cebdef16db1c47_JaffaCakes118
-
Size
18KB
-
MD5
edd49c94e4b8af4197cebdef16db1c47
-
SHA1
34e28916827122e4e34c5d1fe6014137b35f9798
-
SHA256
22ef0fc7b07788143eac54a8da40ad4d576ee70934120db5d1ed87c2c6c519f0
-
SHA512
927fce05315f8b160ec4b7f4c5684e9939db13d9b053d12d8cbf42713d449fac753bfc4f529b1a0bf529bf8ffc855f3d78dfa6bb619ff01f14925aff440f4ea5
-
SSDEEP
384:B3ihkJoR/Edf4ONy+W2bW+GGUvTbS1MEUaNJawcudoD7UNh:BiWxy+TgHXcJnbcuyD7UN
Score10/10-
Modifies WinLogon for persistence
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Indicator Removal
1File Deletion
1Modify Registry
4