General
-
Target
edc22948aaf3f9f2d33a729178e346bd_JaffaCakes118
-
Size
156KB
-
Sample
240920-rg47nszhka
-
MD5
edc22948aaf3f9f2d33a729178e346bd
-
SHA1
2283c2ac77cfd397e393c16258a490f5a9e49188
-
SHA256
000f4c6a8f7403757c5972f84c51244581da2899491b479b98c0b383ba261f9a
-
SHA512
344da62cf7bd0a31c6e172063103988094b8b188e2a9ef7a86eccf49655115e53a7bfa8791ca301704477445a484bc01bf29f966c1e2a25fe5643f014141e598
-
SSDEEP
3072:vLySLYWrO0VctCPmJIHERgRyRSIuznLstk4oQZiElD:WTGPctCrE/RQLpWL
Malware Config
Targets
-
-
Target
edc22948aaf3f9f2d33a729178e346bd_JaffaCakes118
-
Size
156KB
-
MD5
edc22948aaf3f9f2d33a729178e346bd
-
SHA1
2283c2ac77cfd397e393c16258a490f5a9e49188
-
SHA256
000f4c6a8f7403757c5972f84c51244581da2899491b479b98c0b383ba261f9a
-
SHA512
344da62cf7bd0a31c6e172063103988094b8b188e2a9ef7a86eccf49655115e53a7bfa8791ca301704477445a484bc01bf29f966c1e2a25fe5643f014141e598
-
SSDEEP
3072:vLySLYWrO0VctCPmJIHERgRyRSIuznLstk4oQZiElD:WTGPctCrE/RQLpWL
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2