General
-
Target
fce916fd22304adba9632f06ffd82a0e_JaffaCakes118
-
Size
5.7MB
-
Sample
241218-ypf85szley
-
MD5
fce916fd22304adba9632f06ffd82a0e
-
SHA1
a9266bb2dd5df32a61eb9fc9e4e59bb257996d1a
-
SHA256
28120bf835ecf2fbd9f30e5281ad7ba0c7bdfd85a5c95d7fd4db73f718fbb21c
-
SHA512
c8402d53ea9aaa3959be1b725c0e6e6e7db1ff69cb055f1af1a1e41fe753b4d59e15402d4c0beeee225e0bc0684e1a90f423228fec6d2b66a80245b273afd5c4
-
SSDEEP
49152:67N1ahCK0V7N1ahCD0V7N1ahCW0V7N1ahCY0V7N1ahCX0V7N1ahC50V7N1ahCI05:67X727j7l7a7s7V7
Malware Config
Targets
-
-
Target
fce916fd22304adba9632f06ffd82a0e_JaffaCakes118
-
Size
5.7MB
-
MD5
fce916fd22304adba9632f06ffd82a0e
-
SHA1
a9266bb2dd5df32a61eb9fc9e4e59bb257996d1a
-
SHA256
28120bf835ecf2fbd9f30e5281ad7ba0c7bdfd85a5c95d7fd4db73f718fbb21c
-
SHA512
c8402d53ea9aaa3959be1b725c0e6e6e7db1ff69cb055f1af1a1e41fe753b4d59e15402d4c0beeee225e0bc0684e1a90f423228fec6d2b66a80245b273afd5c4
-
SSDEEP
49152:67N1ahCK0V7N1ahCD0V7N1ahCW0V7N1ahCY0V7N1ahCX0V7N1ahC50V7N1ahCI05:67X727j7l7a7s7V7
Score10/10-
FakeAV, RogueAntivirus
FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
-
Fakeav family
-
FakeAV payload
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1