General
-
Target
3cc16e621524a79f1d1eeffb838e1c80_JaffaCakes118
-
Size
320KB
-
Sample
241013-aewzvatapp
-
MD5
3cc16e621524a79f1d1eeffb838e1c80
-
SHA1
d95679b712f2cf683a76d1836d8872988c273f1d
-
SHA256
056f8246339f56045ce9721b8dab3f16032f6d2094f439115f82071598dc01ee
-
SHA512
ce7d5e08df4623eb990962bfba67baa488f3d5f011e879d808492381810c2854c67f407a339aaaffa74d4bc547a94c1c19f3e28399479c9e95cde0ed8bde1658
-
SSDEEP
6144:Hy/x6/5n/NbYl/a+fCf8SLJOIrhTyMMGR/q:S/xqn/NH+qL8nMMs/
Malware Config
Targets
-
-
Target
3cc16e621524a79f1d1eeffb838e1c80_JaffaCakes118
-
Size
320KB
-
MD5
3cc16e621524a79f1d1eeffb838e1c80
-
SHA1
d95679b712f2cf683a76d1836d8872988c273f1d
-
SHA256
056f8246339f56045ce9721b8dab3f16032f6d2094f439115f82071598dc01ee
-
SHA512
ce7d5e08df4623eb990962bfba67baa488f3d5f011e879d808492381810c2854c67f407a339aaaffa74d4bc547a94c1c19f3e28399479c9e95cde0ed8bde1658
-
SSDEEP
6144:Hy/x6/5n/NbYl/a+fCf8SLJOIrhTyMMGR/q:S/xqn/NH+qL8nMMs/
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2