General

  • Target

    e55a425444e1fe5240db362c73789d4d_JaffaCakes118

  • Size

    119KB

  • Sample

    240407-tw7mfsha37

  • MD5

    e55a425444e1fe5240db362c73789d4d

  • SHA1

    a005ea2da5c7f501382e83e4c96c1c6bd3f10829

  • SHA256

    46266a6cacabe8553ffee6b699662c4b8a2e7ce6b0beef281a0fe0d248d10dc4

  • SHA512

    8bbaed3b22745af776fecbe0880118375a0fce8638a165fd8370c4b9b6b6a3134d3e78669ae3eb4794dd8e260fb5cf6501be5b37e198a4921099e245139cf0ea

  • SSDEEP

    1536:fyMub0kgePQ6jbXX+oka5t9druCx3nus3ANmZ48sYNlITW9jLpV23NLO9pC/23:fHdePQ6Owdjx3nvu82WNiNC9B

Malware Config

Targets

    • Target

      e55a425444e1fe5240db362c73789d4d_JaffaCakes118

    • Size

      119KB

    • MD5

      e55a425444e1fe5240db362c73789d4d

    • SHA1

      a005ea2da5c7f501382e83e4c96c1c6bd3f10829

    • SHA256

      46266a6cacabe8553ffee6b699662c4b8a2e7ce6b0beef281a0fe0d248d10dc4

    • SHA512

      8bbaed3b22745af776fecbe0880118375a0fce8638a165fd8370c4b9b6b6a3134d3e78669ae3eb4794dd8e260fb5cf6501be5b37e198a4921099e245139cf0ea

    • SSDEEP

      1536:fyMub0kgePQ6jbXX+oka5t9druCx3nus3ANmZ48sYNlITW9jLpV23NLO9pC/23:fHdePQ6Owdjx3nvu82WNiNC9B

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks