General
-
Target
01075362e8ad9825aba5817265b22dfb_JaffaCakes118
-
Size
273KB
-
Sample
240930-nczjvasbqj
-
MD5
01075362e8ad9825aba5817265b22dfb
-
SHA1
0f29b9cabc50f98314c695f6e8707789aa07c609
-
SHA256
b3d6ecebfc5b907b00d7045f0a044935571c5fd24c9701b1b1862c812d3ed0d3
-
SHA512
bf84517b0b551b742ecef48806700c3843bb355b6df65f71d2d6b16e9d1fe53b5f8e240e8f9f7f20dfb5014e9ad4a960c3502eae1ffabf007abf5c7c7ff49c28
-
SSDEEP
3072:obpDCw1p3vmLvsZIaVwiwDcIbDHDCm/DER4eQSq54p1YYhD/6KgXEFb8K8P:gDCwfG1bnxLERRLT3YYhLrgXEij
Malware Config
Targets
-
-
Target
01075362e8ad9825aba5817265b22dfb_JaffaCakes118
-
Size
273KB
-
MD5
01075362e8ad9825aba5817265b22dfb
-
SHA1
0f29b9cabc50f98314c695f6e8707789aa07c609
-
SHA256
b3d6ecebfc5b907b00d7045f0a044935571c5fd24c9701b1b1862c812d3ed0d3
-
SHA512
bf84517b0b551b742ecef48806700c3843bb355b6df65f71d2d6b16e9d1fe53b5f8e240e8f9f7f20dfb5014e9ad4a960c3502eae1ffabf007abf5c7c7ff49c28
-
SSDEEP
3072:obpDCw1p3vmLvsZIaVwiwDcIbDHDCm/DER4eQSq54p1YYhD/6KgXEFb8K8P:gDCwfG1bnxLERRLT3YYhLrgXEij
Score10/10-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Safe Mode Boot
1Modify Registry
5