General
-
Target
144ffc847e0af48bc8cc5c5f55987ff0_JaffaCakes118
-
Size
58KB
-
Sample
241004-v7cf5axblj
-
MD5
144ffc847e0af48bc8cc5c5f55987ff0
-
SHA1
5763295515362b40ee50412826adf188503edbf8
-
SHA256
e1e542f788b0e866708693fc013471527aa258682b0203dfba085b34d0de28d7
-
SHA512
b16ad0f62b85c0e51b4004a8c8e0c51fac6040933c6454860f8168d2922d6f207192b97f731ad99b43db6816c6abd659972c28aeccdac2c71de5c8449d0a2ac7
-
SSDEEP
1536:hQppshyevQJ3LLISCFWamrZqrVwnQjsOFg:WpsKwcrNQTF
Malware Config
Targets
-
-
Target
144ffc847e0af48bc8cc5c5f55987ff0_JaffaCakes118
-
Size
58KB
-
MD5
144ffc847e0af48bc8cc5c5f55987ff0
-
SHA1
5763295515362b40ee50412826adf188503edbf8
-
SHA256
e1e542f788b0e866708693fc013471527aa258682b0203dfba085b34d0de28d7
-
SHA512
b16ad0f62b85c0e51b4004a8c8e0c51fac6040933c6454860f8168d2922d6f207192b97f731ad99b43db6816c6abd659972c28aeccdac2c71de5c8449d0a2ac7
-
SSDEEP
1536:hQppshyevQJ3LLISCFWamrZqrVwnQjsOFg:WpsKwcrNQTF
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-