General
-
Target
7bff8ab66eac43bd12cfc660c7c60404_JaffaCakes118
-
Size
724KB
-
Sample
241029-gkxxnatren
-
MD5
7bff8ab66eac43bd12cfc660c7c60404
-
SHA1
1f3b29634a32a38c0d22aaacd786f2c2171843e2
-
SHA256
e013db289b8def32b6cc108e0d76f31586b6f3dd10c9d1473385af2395e6a0ff
-
SHA512
fbea8708371465aa13759e5d41b31f237622b418b5da9ce252557be89bab2a33524fcb16984e4cb496932821cda89c0dbc9c0c366dfbb82919e96c27e15740bb
-
SSDEEP
12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0dDNVX+pd167QhEQJ:n67MnVnpA1lmTx8MmA07AaSuDSwdTE6o
Malware Config
Targets
-
-
Target
7bff8ab66eac43bd12cfc660c7c60404_JaffaCakes118
-
Size
724KB
-
MD5
7bff8ab66eac43bd12cfc660c7c60404
-
SHA1
1f3b29634a32a38c0d22aaacd786f2c2171843e2
-
SHA256
e013db289b8def32b6cc108e0d76f31586b6f3dd10c9d1473385af2395e6a0ff
-
SHA512
fbea8708371465aa13759e5d41b31f237622b418b5da9ce252557be89bab2a33524fcb16984e4cb496932821cda89c0dbc9c0c366dfbb82919e96c27e15740bb
-
SSDEEP
12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0dDNVX+pd167QhEQJ:n67MnVnpA1lmTx8MmA07AaSuDSwdTE6o
Score10/10-
FakeAV, RogueAntivirus
FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
-
Fakeav family
-
FakeAV payload
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1