General
-
Target
f5f3d76872461c9bb8886fac0c1fc232_JaffaCakes118
-
Size
244KB
-
Sample
240925-n2ekzaxbqg
-
MD5
f5f3d76872461c9bb8886fac0c1fc232
-
SHA1
1fc04ab8e04b36cc536f374cad71bef3d74e59b0
-
SHA256
ae36c4f7de8e74a16d017bb944ae9e3d97d89489438fdb1b60d9d1794f579392
-
SHA512
81e671938655448519f320eca6e4c08e820a47cdbf393480406d6ce127b26c1e930938ed0088eeb433b9a45e22dd0e164117221048048acceab15e8c18f02496
-
SSDEEP
3072:exBcTBPt+MxJwVEi/8HAuPX6HGJfKV2DVLoF4x7H9PoSI:MBEBl+ywVEi/8HAuiHCftDVLoF4B9hI
Malware Config
Targets
-
-
Target
f5f3d76872461c9bb8886fac0c1fc232_JaffaCakes118
-
Size
244KB
-
MD5
f5f3d76872461c9bb8886fac0c1fc232
-
SHA1
1fc04ab8e04b36cc536f374cad71bef3d74e59b0
-
SHA256
ae36c4f7de8e74a16d017bb944ae9e3d97d89489438fdb1b60d9d1794f579392
-
SHA512
81e671938655448519f320eca6e4c08e820a47cdbf393480406d6ce127b26c1e930938ed0088eeb433b9a45e22dd0e164117221048048acceab15e8c18f02496
-
SSDEEP
3072:exBcTBPt+MxJwVEi/8HAuPX6HGJfKV2DVLoF4x7H9PoSI:MBEBl+ywVEi/8HAuiHCftDVLoF4B9hI
Score8/10-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Indicator Removal
1File Deletion
1Modify Registry
4