General
-
Target
ef0e9664f27e0d9c7ac3bdcce41a66d1_JaffaCakes118
-
Size
240KB
-
Sample
240921-eyam6svdmj
-
MD5
ef0e9664f27e0d9c7ac3bdcce41a66d1
-
SHA1
1bf832213b27353512115862c606be8fff355076
-
SHA256
d5fc6a14ea415f0a1ed4eb227861aa0591c55930279203cc48b854e2a1367a3c
-
SHA512
c9e9be1b6ffb96b1e499c9fe1ec3e85454adadb8c95c72469c2cf41009bbd9323ccf0dd1c753d8b8b0d337f1cd894c63f0a85a64a73dbe6427899efc0b987e17
-
SSDEEP
6144:JUC3dwqsNwemAB0EqxF6snji81RUinKchhyZS3c:bdQQJsAM
Malware Config
Targets
-
-
Target
ef0e9664f27e0d9c7ac3bdcce41a66d1_JaffaCakes118
-
Size
240KB
-
MD5
ef0e9664f27e0d9c7ac3bdcce41a66d1
-
SHA1
1bf832213b27353512115862c606be8fff355076
-
SHA256
d5fc6a14ea415f0a1ed4eb227861aa0591c55930279203cc48b854e2a1367a3c
-
SHA512
c9e9be1b6ffb96b1e499c9fe1ec3e85454adadb8c95c72469c2cf41009bbd9323ccf0dd1c753d8b8b0d337f1cd894c63f0a85a64a73dbe6427899efc0b987e17
-
SSDEEP
6144:JUC3dwqsNwemAB0EqxF6snji81RUinKchhyZS3c:bdQQJsAM
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2