General
-
Target
f0d35a0c2eccf5d7804c37c07c755896_JaffaCakes118
-
Size
164KB
-
Sample
240921-3fgwjazfmr
-
MD5
f0d35a0c2eccf5d7804c37c07c755896
-
SHA1
fe4ed4b6bd54a6fb5398ff4243dede96c38bb475
-
SHA256
c2dc47e157bdcc9a540b924ca1c079c680863a9631020f35b19e371ad3c6f537
-
SHA512
205989f5c8633f2c5722442dd2b7ab0c9eedb9c11e37dd8142bfefe4b0c437a485f4800980b6500a44794d7b17a55ce7a22f6301fb87c68e9b7a7839e3cd8211
-
SSDEEP
3072:7LF7Du+WxLPt0fyCJBpn5Fu1k42FEmQJi:7LF7i+yVkJBpn5sJ2F6I
Malware Config
Targets
-
-
Target
f0d35a0c2eccf5d7804c37c07c755896_JaffaCakes118
-
Size
164KB
-
MD5
f0d35a0c2eccf5d7804c37c07c755896
-
SHA1
fe4ed4b6bd54a6fb5398ff4243dede96c38bb475
-
SHA256
c2dc47e157bdcc9a540b924ca1c079c680863a9631020f35b19e371ad3c6f537
-
SHA512
205989f5c8633f2c5722442dd2b7ab0c9eedb9c11e37dd8142bfefe4b0c437a485f4800980b6500a44794d7b17a55ce7a22f6301fb87c68e9b7a7839e3cd8211
-
SSDEEP
3072:7LF7Du+WxLPt0fyCJBpn5Fu1k42FEmQJi:7LF7i+yVkJBpn5sJ2F6I
Score8/10-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Indicator Removal
1File Deletion
1Modify Registry
3