General
-
Target
ee3fe5b0090aabac309aee6d0e827d64_JaffaCakes118
-
Size
240KB
-
Sample
240920-xv1djashkh
-
MD5
ee3fe5b0090aabac309aee6d0e827d64
-
SHA1
7b284a42f343108f18e6d498137737a3301f057a
-
SHA256
be5c0e81fdad2d7eaef8dd2b29a28baf419a9f822adbaa8fe08d2c5dfff864d6
-
SHA512
7c6eba19600f76bf6f2b7418f26d8595053ba039cecf498fc4c1d3927ac2290784b8539f104c7530e0236cce74e68c9eac8e547adac0c5cddf6ab36aa2243aec
-
SSDEEP
6144:kTc3dwqsNTNEXGlQR58EqxF6snji81RUinKq3aEESliD:kidQKjeaEEp
Malware Config
Targets
-
-
Target
ee3fe5b0090aabac309aee6d0e827d64_JaffaCakes118
-
Size
240KB
-
MD5
ee3fe5b0090aabac309aee6d0e827d64
-
SHA1
7b284a42f343108f18e6d498137737a3301f057a
-
SHA256
be5c0e81fdad2d7eaef8dd2b29a28baf419a9f822adbaa8fe08d2c5dfff864d6
-
SHA512
7c6eba19600f76bf6f2b7418f26d8595053ba039cecf498fc4c1d3927ac2290784b8539f104c7530e0236cce74e68c9eac8e547adac0c5cddf6ab36aa2243aec
-
SSDEEP
6144:kTc3dwqsNTNEXGlQR58EqxF6snji81RUinKq3aEESliD:kidQKjeaEEp
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2