General
-
Target
3a9b6af6c326ad2778adebfbdf55e29d_JaffaCakes118
-
Size
17KB
-
Sample
241012-r78b1swclf
-
MD5
3a9b6af6c326ad2778adebfbdf55e29d
-
SHA1
2f5fc5b6ac35ad9a03f1ff0b582059cbece3d3d0
-
SHA256
b7e95589b814bccafc5dfa9736ad2df6e543544cb5edfb09091d1af3c85d3eed
-
SHA512
2c882c4e2ec82df858bbdd124ae23ce104e6e7fc222c27571f9ea854619dcb456f718fb021520857b5941c913c68763c13aab65af840dee70694a31ed1f34e46
-
SSDEEP
384:3FXiG/3dcmZO2Zp+Nye8pqrmub8TyztsDN:3lt3doKK8o8TyJc
Malware Config
Targets
-
-
Target
3a9b6af6c326ad2778adebfbdf55e29d_JaffaCakes118
-
Size
17KB
-
MD5
3a9b6af6c326ad2778adebfbdf55e29d
-
SHA1
2f5fc5b6ac35ad9a03f1ff0b582059cbece3d3d0
-
SHA256
b7e95589b814bccafc5dfa9736ad2df6e543544cb5edfb09091d1af3c85d3eed
-
SHA512
2c882c4e2ec82df858bbdd124ae23ce104e6e7fc222c27571f9ea854619dcb456f718fb021520857b5941c913c68763c13aab65af840dee70694a31ed1f34e46
-
SSDEEP
384:3FXiG/3dcmZO2Zp+Nye8pqrmub8TyztsDN:3lt3doKK8o8TyJc
Score8/10-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1