General
-
Target
154a9ed5160e9b2d7a9d04e77bdddfea_JaffaCakes118
-
Size
17KB
-
Sample
241004-3dj8wasbqq
-
MD5
154a9ed5160e9b2d7a9d04e77bdddfea
-
SHA1
cfc204494d54b2b81897dac077e1816b83ed2c3a
-
SHA256
03770ca9694b59a736bf3b9184aed1ee4745d075cb3d093c1c723363aa93b8c3
-
SHA512
95c074f29aae271f72013577e784bf9ffa8eea0ca855dfc8946a9c135f1696a23a302ad085a7e3ff06adb11f725fa2b07a204cc904e070f98baf922c2cb16751
-
SSDEEP
384:FFd8vKX0cmZO2Zp+Nye8pqrmub8TyztsDN:FnVX0oKK8o8TyJc
Malware Config
Targets
-
-
Target
154a9ed5160e9b2d7a9d04e77bdddfea_JaffaCakes118
-
Size
17KB
-
MD5
154a9ed5160e9b2d7a9d04e77bdddfea
-
SHA1
cfc204494d54b2b81897dac077e1816b83ed2c3a
-
SHA256
03770ca9694b59a736bf3b9184aed1ee4745d075cb3d093c1c723363aa93b8c3
-
SHA512
95c074f29aae271f72013577e784bf9ffa8eea0ca855dfc8946a9c135f1696a23a302ad085a7e3ff06adb11f725fa2b07a204cc904e070f98baf922c2cb16751
-
SSDEEP
384:FFd8vKX0cmZO2Zp+Nye8pqrmub8TyztsDN:FnVX0oKK8o8TyJc
Score8/10-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1