General
-
Target
267983007f4137f39d75aeb64f73692d_JaffaCakes118
-
Size
2.9MB
-
Sample
241008-2g3c7ayajd
-
MD5
267983007f4137f39d75aeb64f73692d
-
SHA1
afb67f4577e5d3ca397f56fb11541ed9101f43d0
-
SHA256
da0af42e71c0a4b0196ce5ab1aba6e443ed626968004737391c02484a34bfc62
-
SHA512
4982beae960c55c33e6b4903a23df4ddd20a14c555f0484dd259a392d790c2186189cb4374ebb80f091d1dbfc73fcc1be1ae9838d49dcb85a2ce586443fcd466
-
SSDEEP
49152:p5zRe2fP5GAFya0MUkU1xIIsVZRMRvbE1+YPAgMgvKwleOzd:pu2fP5GAAaukHIsPR0E4pgMIeOR
Malware Config
Targets
-
-
Target
267983007f4137f39d75aeb64f73692d_JaffaCakes118
-
Size
2.9MB
-
MD5
267983007f4137f39d75aeb64f73692d
-
SHA1
afb67f4577e5d3ca397f56fb11541ed9101f43d0
-
SHA256
da0af42e71c0a4b0196ce5ab1aba6e443ed626968004737391c02484a34bfc62
-
SHA512
4982beae960c55c33e6b4903a23df4ddd20a14c555f0484dd259a392d790c2186189cb4374ebb80f091d1dbfc73fcc1be1ae9838d49dcb85a2ce586443fcd466
-
SSDEEP
49152:p5zRe2fP5GAFya0MUkU1xIIsVZRMRvbE1+YPAgMgvKwleOzd:pu2fP5GAAaukHIsPR0E4pgMIeOR
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1