General
-
Target
432106dc16884c262d897e548472b07a_JaffaCakes118
-
Size
2.8MB
-
Sample
241014-t3ej9ayeln
-
MD5
432106dc16884c262d897e548472b07a
-
SHA1
11f225bb7db5b5ba12ffbe7e6727fb84096998ad
-
SHA256
b3d25f29ad554a51031232d463a53e4afa2e216fd599efc6b5d4d92704976cde
-
SHA512
7f4d1eb2a1ead129ae23e042e1384c640daa7426c951619383e67d2fa625ae4fd965c14164c60be5c03714510310ad04c5ba83522328c4a9ec3ecb10f35d855b
-
SSDEEP
49152:67N1ahCg0V7N1ahCc0V7N1ahCf0V7N1ahCL0:67t7J7i7
Malware Config
Targets
-
-
Target
432106dc16884c262d897e548472b07a_JaffaCakes118
-
Size
2.8MB
-
MD5
432106dc16884c262d897e548472b07a
-
SHA1
11f225bb7db5b5ba12ffbe7e6727fb84096998ad
-
SHA256
b3d25f29ad554a51031232d463a53e4afa2e216fd599efc6b5d4d92704976cde
-
SHA512
7f4d1eb2a1ead129ae23e042e1384c640daa7426c951619383e67d2fa625ae4fd965c14164c60be5c03714510310ad04c5ba83522328c4a9ec3ecb10f35d855b
-
SSDEEP
49152:67N1ahCg0V7N1ahCc0V7N1ahCf0V7N1ahCL0:67t7J7i7
Score10/10-
FakeAV, RogueAntivirus
FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
-
FakeAV payload
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1