General

  • Target

    8e2042a569481329b1978fb9e57a25cf_JaffaCakes118

  • Size

    165KB

  • Sample

    241103-3xeshaxhlh

  • MD5

    8e2042a569481329b1978fb9e57a25cf

  • SHA1

    5b434af44cf26c7ea80a90d4cfc318b7bc6e703a

  • SHA256

    29b6ce0a1fa45c510fa103cd625ba7c021cea786e42880f2c28f3d6a36329a06

  • SHA512

    e9a5e3dacd305b5927e2fd8df8e452305b77f5f8da5a2508c1c7f39ac77431c226647f3b9b1de1040931b4cca67af02c3b4b186f8f4d75c58f7594c2d01c2f4e

  • SSDEEP

    3072:nNwGlIIJ67Tc0LYLc82/u4pqRuO+dxGQiHnwFCJIPGHOA:nNNlIIcfcgYg82/u4auO+jdgHOA

Score
10/10

Malware Config

Targets

    • Target

      8e2042a569481329b1978fb9e57a25cf_JaffaCakes118

    • Size

      165KB

    • MD5

      8e2042a569481329b1978fb9e57a25cf

    • SHA1

      5b434af44cf26c7ea80a90d4cfc318b7bc6e703a

    • SHA256

      29b6ce0a1fa45c510fa103cd625ba7c021cea786e42880f2c28f3d6a36329a06

    • SHA512

      e9a5e3dacd305b5927e2fd8df8e452305b77f5f8da5a2508c1c7f39ac77431c226647f3b9b1de1040931b4cca67af02c3b4b186f8f4d75c58f7594c2d01c2f4e

    • SSDEEP

      3072:nNwGlIIJ67Tc0LYLc82/u4pqRuO+dxGQiHnwFCJIPGHOA:nNNlIIcfcgYg82/u4auO+jdgHOA

    Score
    10/10
    • Modifies Windows Defender Real-time Protection settings

    • Windows security bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks