General
-
Target
edc448f707c6e7e6799a3dba8103c1f7_JaffaCakes118
-
Size
176KB
-
Sample
240920-rk5mls1crj
-
MD5
edc448f707c6e7e6799a3dba8103c1f7
-
SHA1
202fd020ba5f212fc60cf3fb61fc7c7b65990813
-
SHA256
80cf6ac496ce8e5d380a255c7776130e49631e7b2b82d906fd1165e88fe9f598
-
SHA512
024d8942550dedbb98ab958b3f2d4d7c7ea9931ad22a64300acfe4e735518b065a817570797e7cdb2c120df424c3cd6d59e1327e96b071c2422323a6c6fde313
-
SSDEEP
3072:XGvJwJqqh7dxrGi3npQjPBHiuTmWy1qgAtjQ7vK8JLXeZ2eJj3jKp/oL9s:XRqqh7LrGiZQjPBHiuTmWy1qgAtjQ7vq
Malware Config
Targets
-
-
Target
edc448f707c6e7e6799a3dba8103c1f7_JaffaCakes118
-
Size
176KB
-
MD5
edc448f707c6e7e6799a3dba8103c1f7
-
SHA1
202fd020ba5f212fc60cf3fb61fc7c7b65990813
-
SHA256
80cf6ac496ce8e5d380a255c7776130e49631e7b2b82d906fd1165e88fe9f598
-
SHA512
024d8942550dedbb98ab958b3f2d4d7c7ea9931ad22a64300acfe4e735518b065a817570797e7cdb2c120df424c3cd6d59e1327e96b071c2422323a6c6fde313
-
SSDEEP
3072:XGvJwJqqh7dxrGi3npQjPBHiuTmWy1qgAtjQ7vK8JLXeZ2eJj3jKp/oL9s:XRqqh7LrGiZQjPBHiuTmWy1qgAtjQ7vq
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2