General
-
Target
2812609c58db5ce1699f2754d3d4bb6d_JaffaCakes118
-
Size
112KB
-
Sample
241009-ba3r9szepd
-
MD5
2812609c58db5ce1699f2754d3d4bb6d
-
SHA1
b9485d5e9b43dcf374f5a25f1d2c0eb4ee4c0932
-
SHA256
e710dcf68d8a91063e085bf4a63e1fb960f93424aefebc035a7c78af623c1ec1
-
SHA512
9e761d5a5e46f569d628bc0b0cd86d9401aafb1a17fea946af5baf6d076bba0bc2073f2d9f20c8de6a24efac25d5ac4bcf9eb48614f8d9311985456458a2298d
-
SSDEEP
3072:DVi+GaaeMfzwqkOD/bRKBl5+02g3/Qk13:Zi+GaaeMfEqke/bo3R3
Malware Config
Targets
-
-
Target
2812609c58db5ce1699f2754d3d4bb6d_JaffaCakes118
-
Size
112KB
-
MD5
2812609c58db5ce1699f2754d3d4bb6d
-
SHA1
b9485d5e9b43dcf374f5a25f1d2c0eb4ee4c0932
-
SHA256
e710dcf68d8a91063e085bf4a63e1fb960f93424aefebc035a7c78af623c1ec1
-
SHA512
9e761d5a5e46f569d628bc0b0cd86d9401aafb1a17fea946af5baf6d076bba0bc2073f2d9f20c8de6a24efac25d5ac4bcf9eb48614f8d9311985456458a2298d
-
SSDEEP
3072:DVi+GaaeMfzwqkOD/bRKBl5+02g3/Qk13:Zi+GaaeMfEqke/bo3R3
Score8/10-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1