General
-
Target
JaffaCakes118_99a7a6f69d36dd597ffb59d98dd10b59
-
Size
62KB
-
Sample
250331-smm11sswcx
-
MD5
99a7a6f69d36dd597ffb59d98dd10b59
-
SHA1
1ce3239828ec80d634f50460ee455f19b4d33aaa
-
SHA256
641ea9b83ed7b5ddb6f56069c4507c19b71071b7ba851a495f9986d78765c3e7
-
SHA512
fc1923a82d7b53e70bfda69aec64fb80f0f27928a6ea702e3bca730dcccf6a3c6914dc4b9a050883067e170bb514bb50f7e253da7825ef58e62068c2a4161f24
-
SSDEEP
768:oBoZKpLJWwyGpAr1DW+o41Sl2khnfZRV2k4RCBdapcZc1pbtQN:OospfpAJWACz0kXBTc7tQN
Malware Config
Targets
-
-
Target
JaffaCakes118_99a7a6f69d36dd597ffb59d98dd10b59
-
Size
62KB
-
MD5
99a7a6f69d36dd597ffb59d98dd10b59
-
SHA1
1ce3239828ec80d634f50460ee455f19b4d33aaa
-
SHA256
641ea9b83ed7b5ddb6f56069c4507c19b71071b7ba851a495f9986d78765c3e7
-
SHA512
fc1923a82d7b53e70bfda69aec64fb80f0f27928a6ea702e3bca730dcccf6a3c6914dc4b9a050883067e170bb514bb50f7e253da7825ef58e62068c2a4161f24
-
SSDEEP
768:oBoZKpLJWwyGpAr1DW+o41Sl2khnfZRV2k4RCBdapcZc1pbtQN:OospfpAJWACz0kXBTc7tQN
Score10/10-
Modifies firewall policy service
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Network Share Discovery
Attempt to gather information on host network.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
2