General
-
Target
ee655298386a87abb02860e9aff3a1d1_JaffaCakes118
-
Size
313KB
-
Sample
240920-zk575sxdpr
-
MD5
ee655298386a87abb02860e9aff3a1d1
-
SHA1
3c4731ac7a563bbb3f0d0ff83e662b0a1d6092c1
-
SHA256
76d38234c0aa2692418edd02ab9ade3f79ba3ef84fd753385ba414e429329c23
-
SHA512
282405d2faff65ba06a476743ceb36d1879b0c2c929af3af71201ec13bac1bca13848c79cc91cffd64a0ec0258bae13edc6f62af98e986ce4700811189b5d59f
-
SSDEEP
6144:LFOztnVeEta0etzIcaM++/F8waJgIiFxqkcEHWWHQCLOsY8NDWczyOIipvxVKnzl:LFOztnAEs0etbaMv/+Wf
Malware Config
Targets
-
-
Target
ee655298386a87abb02860e9aff3a1d1_JaffaCakes118
-
Size
313KB
-
MD5
ee655298386a87abb02860e9aff3a1d1
-
SHA1
3c4731ac7a563bbb3f0d0ff83e662b0a1d6092c1
-
SHA256
76d38234c0aa2692418edd02ab9ade3f79ba3ef84fd753385ba414e429329c23
-
SHA512
282405d2faff65ba06a476743ceb36d1879b0c2c929af3af71201ec13bac1bca13848c79cc91cffd64a0ec0258bae13edc6f62af98e986ce4700811189b5d59f
-
SSDEEP
6144:LFOztnVeEta0etzIcaM++/F8waJgIiFxqkcEHWWHQCLOsY8NDWczyOIipvxVKnzl:LFOztnAEs0etbaMv/+Wf
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-