General
-
Target
ef2fc9b1f98aa1f060dc6cf2679f135e_JaffaCakes118
-
Size
176KB
-
Sample
240921-gnfgsaxgmc
-
MD5
ef2fc9b1f98aa1f060dc6cf2679f135e
-
SHA1
42bca7c8e0672f0212a7df45e1681d4be8fa7be4
-
SHA256
5e1ca7f2d94c381ed91b659e24b20671daa055381c1c8822bd9781e58aea6889
-
SHA512
ed0e4d99b9de07567452a37091d38436072f2e13579a5f7dab50f68da7538de4caa9f130f1fc78168d2fab459aa05954e74b27fc5a26254f79a06bcd4036f140
-
SSDEEP
3072:yfRo/jynvgWK/fObT/bGiSEIGsbv0OpxYTNPybtDKk6SS3X:NG3K/fObT/bGiSE5sj3xYTNPybtDKk6H
Malware Config
Targets
-
-
Target
ef2fc9b1f98aa1f060dc6cf2679f135e_JaffaCakes118
-
Size
176KB
-
MD5
ef2fc9b1f98aa1f060dc6cf2679f135e
-
SHA1
42bca7c8e0672f0212a7df45e1681d4be8fa7be4
-
SHA256
5e1ca7f2d94c381ed91b659e24b20671daa055381c1c8822bd9781e58aea6889
-
SHA512
ed0e4d99b9de07567452a37091d38436072f2e13579a5f7dab50f68da7538de4caa9f130f1fc78168d2fab459aa05954e74b27fc5a26254f79a06bcd4036f140
-
SSDEEP
3072:yfRo/jynvgWK/fObT/bGiSEIGsbv0OpxYTNPybtDKk6SS3X:NG3K/fObT/bGiSE5sj3xYTNPybtDKk6H
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2