General
-
Target
0849de00be1d10fc02a19dd664a8c785_JaffaCakes118
-
Size
17KB
-
Sample
241002-b2tcxavbme
-
MD5
0849de00be1d10fc02a19dd664a8c785
-
SHA1
a1502d2bddfb5c4df75cdc52f6fce68a5072634e
-
SHA256
cb321cc14bf0fd2d936f2c9d6e62d1ebdae28b6f91e62fabbf1730d6feb21c27
-
SHA512
a738f3627819ad8b86a479bcdad67c25849a7ea635fd7ead71e0472c520070a610ce1f87b6b86d3cb7da868fb5b1dc0f8016ae3723d43fe6a845dc9013c4edcc
-
SSDEEP
384:OA6mTF4kYwAzBictaLUmZT5VOkEFmKJZt/SdUHRuh:OAnekYwAfsZTXOkWmK/SdOo
Malware Config
Targets
-
-
Target
0849de00be1d10fc02a19dd664a8c785_JaffaCakes118
-
Size
17KB
-
MD5
0849de00be1d10fc02a19dd664a8c785
-
SHA1
a1502d2bddfb5c4df75cdc52f6fce68a5072634e
-
SHA256
cb321cc14bf0fd2d936f2c9d6e62d1ebdae28b6f91e62fabbf1730d6feb21c27
-
SHA512
a738f3627819ad8b86a479bcdad67c25849a7ea635fd7ead71e0472c520070a610ce1f87b6b86d3cb7da868fb5b1dc0f8016ae3723d43fe6a845dc9013c4edcc
-
SSDEEP
384:OA6mTF4kYwAzBictaLUmZT5VOkEFmKJZt/SdUHRuh:OAnekYwAfsZTXOkWmK/SdOo
Score8/10-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Indicator Removal
1File Deletion
1Modify Registry
3