General
-
Target
edc2bfd48c5ae0cf93fa992ef6f2e8fa_JaffaCakes118
-
Size
262KB
-
Sample
240920-rh5vlazhnd
-
MD5
edc2bfd48c5ae0cf93fa992ef6f2e8fa
-
SHA1
7e141a91d410aaf3999072222fa97e6b26ec51cc
-
SHA256
8b14fd7fd075604e95837754cd7111494433edb739b1df69af0cf3b7e4c451c6
-
SHA512
5b0b138719afcf6edb4013801a1aad31c4363acb065794315b0ca571035d2a75272fcf4742a89ce7cfefbb999562ca621beee6a19b7d1482fd8077dce029d558
-
SSDEEP
6144:OuFUFZmDNcjypnMtiQPP26p7hSnzh1FiPIVN6J0CInx8SmoS:9UF8ejyRMtiQPP24Kzh1E4Nu0R8SmoS
Malware Config
Targets
-
-
Target
edc2bfd48c5ae0cf93fa992ef6f2e8fa_JaffaCakes118
-
Size
262KB
-
MD5
edc2bfd48c5ae0cf93fa992ef6f2e8fa
-
SHA1
7e141a91d410aaf3999072222fa97e6b26ec51cc
-
SHA256
8b14fd7fd075604e95837754cd7111494433edb739b1df69af0cf3b7e4c451c6
-
SHA512
5b0b138719afcf6edb4013801a1aad31c4363acb065794315b0ca571035d2a75272fcf4742a89ce7cfefbb999562ca621beee6a19b7d1482fd8077dce029d558
-
SSDEEP
6144:OuFUFZmDNcjypnMtiQPP26p7hSnzh1FiPIVN6J0CInx8SmoS:9UF8ejyRMtiQPP24Kzh1E4Nu0R8SmoS
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
UAC bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
5