General
-
Target
1f486fce9885728e55330e33adb0220a_JaffaCakes118
-
Size
405KB
-
Sample
240702-pcm2gs1erh
-
MD5
1f486fce9885728e55330e33adb0220a
-
SHA1
6533b2736e5fb84ee5c9bdef2600e2b333f1858d
-
SHA256
42d412d8f6d6725326275f413cbe880c3489f4322d278a34830c42a5c47389e2
-
SHA512
33f43d31e565787d2debfbd7d597fbb68377fcc2d115f2e2f09ab00de025155d9173079e87f628a59323a67f0d6aa10ee23d53e06c34dd61944aa808ac4b0491
-
SSDEEP
6144:BZoHFN7FE0kNAIbxLSRcNoMdy/GyzB7+IkV+QglRVXR3569Q3FCbdolhdILJUguY:3oHZ/hINSwye4XjXa9Q3kolRguyzC9nq
Behavioral task
behavioral1
Sample
Facebook Account Hacker.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Facebook Account Hacker.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
Facebook Account Hacker.exe
-
Size
1002KB
-
MD5
810ee30f3831206f115a9de523d553ea
-
SHA1
cce8aa42fff602345db5baa6b20bf663481ccb07
-
SHA256
16af77f601bb55b12c0d4f4ec36c600fa651bb3c085b6342bd93437d287024d1
-
SHA512
ec00695ba3aacb276b7a4f12f116e171f978363f5fc4f9c7f6a00ecfa8d4f61fa198f747ba0d107155b7992366655af78c7a00d034845d03a87b477ef7c2f305
-
SSDEEP
24576:M3nbWmJVJFwSddIXvfhqbiaxvRxq9ULjpc:yamdZdcBYtPpc
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1