General
-
Target
2957c436a7adcf35ea1f55e80063053f_JaffaCakes118
-
Size
40KB
-
Sample
241009-c49y4swakm
-
MD5
2957c436a7adcf35ea1f55e80063053f
-
SHA1
319a6eadf73d0c1de47693ecae385ac9cea0ee25
-
SHA256
e3063ca257c155a54a05a2f717a036775c6d056247646e0d3556c8d5b73d23fb
-
SHA512
e4a6b13db23cddc2467fa51ab8b40a3e86b347eb3df158f5007862b8055bdcadb9fdcf84bf5eea86716892234f22e784ada90dde580b4f1c1df97af65cff5f88
-
SSDEEP
768:daNIX6DV6Q2GH8qiNHXwHvbSCehr8HR0pvc:dOLPH8qgKgrQ4vc
Malware Config
Targets
-
-
Target
2957c436a7adcf35ea1f55e80063053f_JaffaCakes118
-
Size
40KB
-
MD5
2957c436a7adcf35ea1f55e80063053f
-
SHA1
319a6eadf73d0c1de47693ecae385ac9cea0ee25
-
SHA256
e3063ca257c155a54a05a2f717a036775c6d056247646e0d3556c8d5b73d23fb
-
SHA512
e4a6b13db23cddc2467fa51ab8b40a3e86b347eb3df158f5007862b8055bdcadb9fdcf84bf5eea86716892234f22e784ada90dde580b4f1c1df97af65cff5f88
-
SSDEEP
768:daNIX6DV6Q2GH8qiNHXwHvbSCehr8HR0pvc:dOLPH8qgKgrQ4vc
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2