General
-
Target
ef1036404e979d5716bb98e83068066a_JaffaCakes118
-
Size
252KB
-
Sample
240921-e14zssvenk
-
MD5
ef1036404e979d5716bb98e83068066a
-
SHA1
3c9b31eddd893cda34b16a6a6fdefe90a62928ce
-
SHA256
0db749064f487ac547856a40279026e99e6fc65a81fb3c883f5998490817558e
-
SHA512
10b90dc5ed74686b69f5c3a8664772843f3e00b77c461e7d5c855e17fbcd7704a476ceff56ba1abf96c42520602bdec87282d248b63af8e2331b59cfde84de65
-
SSDEEP
6144:x+AEyrimEU/EztV++Jbtd4lfn8hFXbTom85FMnH:xNVrimr/EztV++JZd4lfnSTo7F
Malware Config
Targets
-
-
Target
ef1036404e979d5716bb98e83068066a_JaffaCakes118
-
Size
252KB
-
MD5
ef1036404e979d5716bb98e83068066a
-
SHA1
3c9b31eddd893cda34b16a6a6fdefe90a62928ce
-
SHA256
0db749064f487ac547856a40279026e99e6fc65a81fb3c883f5998490817558e
-
SHA512
10b90dc5ed74686b69f5c3a8664772843f3e00b77c461e7d5c855e17fbcd7704a476ceff56ba1abf96c42520602bdec87282d248b63af8e2331b59cfde84de65
-
SSDEEP
6144:x+AEyrimEU/EztV++Jbtd4lfn8hFXbTom85FMnH:xNVrimr/EztV++JZd4lfnSTo7F
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2