General
-
Target
f9f3b2808d2c21222aaae3c81b33c119_JaffaCakes118
-
Size
232KB
-
Sample
240927-hvsw5a1apn
-
MD5
f9f3b2808d2c21222aaae3c81b33c119
-
SHA1
863a3a528efdeded966d252a0a2328b19ba2811a
-
SHA256
4525da8963c5e0fac076ef92df23ba17741255d0b0b58affcc037ce4596a9963
-
SHA512
8570397a65fd11a6bdaa4e5fe7f1c5cffa0bc8df3fa202dd380827809efba43a8b6cf6fae0d9acaba7d46db5298598f9e65619ee6ffab8a6f661886f6a72334c
-
SSDEEP
6144:V63PFKs78g2KyEOaWEqxF6snji81RUinKdNOAK:yPh+mFU
Malware Config
Targets
-
-
Target
f9f3b2808d2c21222aaae3c81b33c119_JaffaCakes118
-
Size
232KB
-
MD5
f9f3b2808d2c21222aaae3c81b33c119
-
SHA1
863a3a528efdeded966d252a0a2328b19ba2811a
-
SHA256
4525da8963c5e0fac076ef92df23ba17741255d0b0b58affcc037ce4596a9963
-
SHA512
8570397a65fd11a6bdaa4e5fe7f1c5cffa0bc8df3fa202dd380827809efba43a8b6cf6fae0d9acaba7d46db5298598f9e65619ee6ffab8a6f661886f6a72334c
-
SSDEEP
6144:V63PFKs78g2KyEOaWEqxF6snji81RUinKdNOAK:yPh+mFU
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2