General
-
Target
259ee24d3603364398a8a91cd9229674_JaffaCakes118
-
Size
257KB
-
Sample
241008-z64lfaxfjn
-
MD5
259ee24d3603364398a8a91cd9229674
-
SHA1
7b29e606cbf26836995e46c9cadd7b3c43bb89e9
-
SHA256
307b43b76e2c1c5872e44bfaa0705737bde660d0eaecc476896bb4b331eb164b
-
SHA512
40b64fa230b5f17909f0a908c698cd2227b0b1fc76c60f24fee6c367a37bf0ac9a81700ddee2416fe0259e868da1d4cc76aab7b3e4f0aa01d0b7e56b3f88a841
-
SSDEEP
6144:LJfpLvUlA+4M6JfyXSW+Y2EVhqBcoTZcNP:thLvi5nBL+Y2KhqN1QP
Malware Config
Targets
-
-
Target
Given.exe
-
Size
287KB
-
MD5
6b390af9632f012427a933c5eeb7bab3
-
SHA1
0c9d0ecdecf5345979f69531a21351d010df1506
-
SHA256
99b03942ece46f958ed08ad90f8429a60379110e9ec0bb412f73e2086bd55b82
-
SHA512
cc156a2a995f9ca72f9677cf03b83f50b313ca7ddd7074ac8f6b91272482dd0abaaa553a263da4f9b238dcd1cf5f385587eebfd26fdaa9739bdd67d7d8bbd034
-
SSDEEP
6144:qY94NC4HMKYjliZBVaPagdaTAaHdib8+EAuweqCRoASeaA0AHR:59ONRQlO8CgUbiI+EKeqyoASNAx
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1