General
-
Target
0a9a0027365b7108f218687998b7ed71_JaffaCakes118
-
Size
431KB
-
Sample
241002-peccrsvgmp
-
MD5
0a9a0027365b7108f218687998b7ed71
-
SHA1
e820d45738c2fdd259a164e565c48613f3f29445
-
SHA256
e782a0272da59494d8fd43563d78c2d8140d8c3d5e24ea7413fe723a137087d4
-
SHA512
fd04128d968f433c055682bc600cc44c9e11a7df24bbe5e4f9e5f86edba1fa5349b2dedb3deb1ac5939a15f4fb387e71da180d8d94cb1abba0ae753d475d585e
-
SSDEEP
12288:dMKWY43DziwNKvzSJRg4wr4/ihGrd6Me9Tofv7+s+OqL:dMKWT2wKOQ4wrOPrgMsyviz
Malware Config
Targets
-
-
Target
0a9a0027365b7108f218687998b7ed71_JaffaCakes118
-
Size
431KB
-
MD5
0a9a0027365b7108f218687998b7ed71
-
SHA1
e820d45738c2fdd259a164e565c48613f3f29445
-
SHA256
e782a0272da59494d8fd43563d78c2d8140d8c3d5e24ea7413fe723a137087d4
-
SHA512
fd04128d968f433c055682bc600cc44c9e11a7df24bbe5e4f9e5f86edba1fa5349b2dedb3deb1ac5939a15f4fb387e71da180d8d94cb1abba0ae753d475d585e
-
SSDEEP
12288:dMKWY43DziwNKvzSJRg4wr4/ihGrd6Me9Tofv7+s+OqL:dMKWT2wKOQ4wrOPrgMsyviz
Score8/10-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-