General
-
Target
fe2faf7099f400cb8152a59b8a31566f_JaffaCakes118
-
Size
1.2MB
-
Sample
240929-kwz3yazdka
-
MD5
fe2faf7099f400cb8152a59b8a31566f
-
SHA1
57e797967298ecc8dfb589215e5c1da4544b9dd1
-
SHA256
5fbc21f52da7330d5a7e6a23caea2910f8c1148371d5f40e4af3b60ebf527718
-
SHA512
8c67a5e7f32574c9a91d6180485400a17d604007221c4c532ebf83727bd5012e3a2adfec8e64d105157946db441d2f06200b7e98ec8f7ddb0e3c8acaaa42b9ef
-
SSDEEP
12288:eoZcOxTT0Iq2ZtuR8nT7nTMfGCwQ/MWgtW0Y8hDUAtfZTL/Ff0KY5n:eIB48vouCx/MpWkNX98zn
Malware Config
Targets
-
-
Target
fe2faf7099f400cb8152a59b8a31566f_JaffaCakes118
-
Size
1.2MB
-
MD5
fe2faf7099f400cb8152a59b8a31566f
-
SHA1
57e797967298ecc8dfb589215e5c1da4544b9dd1
-
SHA256
5fbc21f52da7330d5a7e6a23caea2910f8c1148371d5f40e4af3b60ebf527718
-
SHA512
8c67a5e7f32574c9a91d6180485400a17d604007221c4c532ebf83727bd5012e3a2adfec8e64d105157946db441d2f06200b7e98ec8f7ddb0e3c8acaaa42b9ef
-
SSDEEP
12288:eoZcOxTT0Iq2ZtuR8nT7nTMfGCwQ/MWgtW0Y8hDUAtfZTL/Ff0KY5n:eIB48vouCx/MpWkNX98zn
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Impair Defenses
1Safe Mode Boot
1Indicator Removal
1File Deletion
1Modify Registry
2