General
-
Target
f9f30b7f542749d343862f6b7b35aed7_JaffaCakes118
-
Size
3.4MB
-
Sample
240927-htjbastcqh
-
MD5
f9f30b7f542749d343862f6b7b35aed7
-
SHA1
f3b220fdd7c3b9b534c88a53d9ef26b67fe6345e
-
SHA256
7b79f71dab448bf9fb7e6686894fbb342bacdfe6e058a0d0efbf3453fa366da8
-
SHA512
7edd1dda6363b375024dddf5f5d5cc214dc3602c2a72012bf851cab3979e8ae6f06cf72e58f6f8d7aac7642519ac6f6f6c162fc92cbddcc625b2776b985b6202
-
SSDEEP
49152:xj3vbky6xLIy2volN4mVppF4DhbTghyZGEy7rCX26Th1JO0DYpHRKMJnoYEAp7m5:RfbWRdzONbTghIGLfCmY80E5noYE7
Malware Config
Targets
-
-
Target
f9f30b7f542749d343862f6b7b35aed7_JaffaCakes118
-
Size
3.4MB
-
MD5
f9f30b7f542749d343862f6b7b35aed7
-
SHA1
f3b220fdd7c3b9b534c88a53d9ef26b67fe6345e
-
SHA256
7b79f71dab448bf9fb7e6686894fbb342bacdfe6e058a0d0efbf3453fa366da8
-
SHA512
7edd1dda6363b375024dddf5f5d5cc214dc3602c2a72012bf851cab3979e8ae6f06cf72e58f6f8d7aac7642519ac6f6f6c162fc92cbddcc625b2776b985b6202
-
SSDEEP
49152:xj3vbky6xLIy2volN4mVppF4DhbTghyZGEy7rCX26Th1JO0DYpHRKMJnoYEAp7m5:RfbWRdzONbTghIGLfCmY80E5noYE7
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Adds Run key to start application
-
Hide Artifacts: Hidden Files and Directories
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
2