General
-
Target
f5c048717a579397769ae992b5ed8f4e_JaffaCakes118
-
Size
200KB
-
Sample
240925-ly6tyascjc
-
MD5
f5c048717a579397769ae992b5ed8f4e
-
SHA1
ff9b78ebd72694b912a6ba0e3c898224622913fc
-
SHA256
b206c1803980c9fab16240fe85344219804216af0811f3fd0e15ee3aa535fcce
-
SHA512
04809bc0c4a5bff43cf3164324488fa530046884b540b6fae11bcd38a15218786863d81020fc3878130720979ef701477266e8cf4482c54a2e29052c79961162
-
SSDEEP
3072:AU9Vv0tQ9nLHbB9WHCS0AgTlhsp3mWEsg:14QxL7B9WHK9Jhsp3ar
Malware Config
Targets
-
-
Target
f5c048717a579397769ae992b5ed8f4e_JaffaCakes118
-
Size
200KB
-
MD5
f5c048717a579397769ae992b5ed8f4e
-
SHA1
ff9b78ebd72694b912a6ba0e3c898224622913fc
-
SHA256
b206c1803980c9fab16240fe85344219804216af0811f3fd0e15ee3aa535fcce
-
SHA512
04809bc0c4a5bff43cf3164324488fa530046884b540b6fae11bcd38a15218786863d81020fc3878130720979ef701477266e8cf4482c54a2e29052c79961162
-
SSDEEP
3072:AU9Vv0tQ9nLHbB9WHCS0AgTlhsp3mWEsg:14QxL7B9WHK9Jhsp3ar
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2