General
-
Target
2cae6bd4e939b318726eebb347db0a26_JaffaCakes118
-
Size
156KB
-
Sample
241009-hjk25szenm
-
MD5
2cae6bd4e939b318726eebb347db0a26
-
SHA1
cc483831ae6d36c68d93c18bebf679fdb5998c4f
-
SHA256
66b1cedebf2ba85843b15035150ee53717b811f86d860eef200ead4c72b9d2ce
-
SHA512
a2200b04334f88385e5cede2db14037649761599709525f99e19e51ac5cfc58027458915e41737f8835a1394e81a830d30c6f4e721b2a818559e0707eba5a919
-
SSDEEP
3072:/iOiZ60JXlBQnzIm7AdKB6ZmM3l0BrfqpNrcZ:T8JddKU10BrfqpNm
Malware Config
Targets
-
-
Target
2cae6bd4e939b318726eebb347db0a26_JaffaCakes118
-
Size
156KB
-
MD5
2cae6bd4e939b318726eebb347db0a26
-
SHA1
cc483831ae6d36c68d93c18bebf679fdb5998c4f
-
SHA256
66b1cedebf2ba85843b15035150ee53717b811f86d860eef200ead4c72b9d2ce
-
SHA512
a2200b04334f88385e5cede2db14037649761599709525f99e19e51ac5cfc58027458915e41737f8835a1394e81a830d30c6f4e721b2a818559e0707eba5a919
-
SSDEEP
3072:/iOiZ60JXlBQnzIm7AdKB6ZmM3l0BrfqpNrcZ:T8JddKU10BrfqpNm
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2