General

  • Target

    JaffaCakes118_4399174699e769f7c0bf3fe7bfa91902

  • Size

    34KB

  • Sample

    250127-zp8h3avndz

  • MD5

    4399174699e769f7c0bf3fe7bfa91902

  • SHA1

    81212c4a86a1db211dc8d2277e5a12818e6d7468

  • SHA256

    dc1545d1a80b3980f15bcfd5925c4f6b7edcd5ad8f22b80a9d9e5a77d31ee393

  • SHA512

    5f9dbc0184f90f4279ee460cf387cc49458b8c9d9542da05097ab5c603c32bd57dd2d0dbc2f47bdd6432fae57dd16d3c4e2bea1ec54612258424073583a20352

  • SSDEEP

    768:0psLyHO8UcU/qsAhLzWEc4QFjT80La1ZO5w:6u8UcU/qsAhLzcLT7La1w5w

Malware Config

Targets

    • Target

      JaffaCakes118_4399174699e769f7c0bf3fe7bfa91902

    • Size

      34KB

    • MD5

      4399174699e769f7c0bf3fe7bfa91902

    • SHA1

      81212c4a86a1db211dc8d2277e5a12818e6d7468

    • SHA256

      dc1545d1a80b3980f15bcfd5925c4f6b7edcd5ad8f22b80a9d9e5a77d31ee393

    • SHA512

      5f9dbc0184f90f4279ee460cf387cc49458b8c9d9542da05097ab5c603c32bd57dd2d0dbc2f47bdd6432fae57dd16d3c4e2bea1ec54612258424073583a20352

    • SSDEEP

      768:0psLyHO8UcU/qsAhLzWEc4QFjT80La1ZO5w:6u8UcU/qsAhLzcLT7La1w5w

    • Modifies WinLogon for persistence

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks