General
-
Target
126b408839b1bfacf4616c832bba8be2_JaffaCakes118
-
Size
169KB
-
Sample
241004-je84vawbqb
-
MD5
126b408839b1bfacf4616c832bba8be2
-
SHA1
c9f08cfbcd9885ad0571b75547b901c7d50c20a7
-
SHA256
bd6f7d4dd5a4ea81960e7fff7a23e8e2642628fcd02ff05e86c842c4a4836941
-
SHA512
485c7b3f7daffdb2065f67454ba54ee72cf67960c50543e62f519969aa070f4d9a8e6ee7bc131b6a166d4b2bddcf73e8a31f51142d6ce98dc343097d14f96d77
-
SSDEEP
3072:obpDCw1p3vmLvsZIaVwiwDcIbDHDCm/DE5aXbMK:gDCwfG1bnxLEMXbh
Malware Config
Targets
-
-
Target
126b408839b1bfacf4616c832bba8be2_JaffaCakes118
-
Size
169KB
-
MD5
126b408839b1bfacf4616c832bba8be2
-
SHA1
c9f08cfbcd9885ad0571b75547b901c7d50c20a7
-
SHA256
bd6f7d4dd5a4ea81960e7fff7a23e8e2642628fcd02ff05e86c842c4a4836941
-
SHA512
485c7b3f7daffdb2065f67454ba54ee72cf67960c50543e62f519969aa070f4d9a8e6ee7bc131b6a166d4b2bddcf73e8a31f51142d6ce98dc343097d14f96d77
-
SSDEEP
3072:obpDCw1p3vmLvsZIaVwiwDcIbDHDCm/DE5aXbMK:gDCwfG1bnxLEMXbh
Score10/10-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Safe Mode Boot
1Modify Registry
5