General
-
Target
3862f48718bfcfdacd4d1172b3773cfb_JaffaCakes118
-
Size
2.8MB
-
Sample
241012-evg8vaxdkr
-
MD5
3862f48718bfcfdacd4d1172b3773cfb
-
SHA1
0369d15415ade36f6a69e9c36f38f968a2fe5fec
-
SHA256
2fbdb052e2bbad5342d60d25f7c39fb6b7ecdc88937986108be3e1f9d212f81b
-
SHA512
730907add38beedfa02f446d365dcb3508a6c345c90d690d5de4c35533335fb61786eec7184ff1599ea72ba4690b2834d654e9b7a3036d2f3a97f5978e3dfbc9
-
SSDEEP
49152:67N1ahCD0V7N1ahC+0V7N1ahCE0V7N1ahCI0:6727r7x7
Malware Config
Targets
-
-
Target
3862f48718bfcfdacd4d1172b3773cfb_JaffaCakes118
-
Size
2.8MB
-
MD5
3862f48718bfcfdacd4d1172b3773cfb
-
SHA1
0369d15415ade36f6a69e9c36f38f968a2fe5fec
-
SHA256
2fbdb052e2bbad5342d60d25f7c39fb6b7ecdc88937986108be3e1f9d212f81b
-
SHA512
730907add38beedfa02f446d365dcb3508a6c345c90d690d5de4c35533335fb61786eec7184ff1599ea72ba4690b2834d654e9b7a3036d2f3a97f5978e3dfbc9
-
SSDEEP
49152:67N1ahCD0V7N1ahC+0V7N1ahCE0V7N1ahCI0:6727r7x7
Score10/10-
FakeAV, RogueAntivirus
FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
-
FakeAV payload
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1