General

  • Target

    e576dac1188eb161d153d2ec0099b8ea_JaffaCakes118

  • Size

    138KB

  • Sample

    240407-vzjv8shg4x

  • MD5

    e576dac1188eb161d153d2ec0099b8ea

  • SHA1

    4546fb05df1275d5f1e284a5e638c3fa622bd6fe

  • SHA256

    4547ada9000728f06d6834f6e5c38eb7018cb1f78f816c0d3d23ebc976d49211

  • SHA512

    839c68aa8d3ad37d0927c70007d783d897d02edb426bf177dc8128a9f09a88db8ab2ceed59e192c9074e4ee39dc823623ab570d588b0081ae79dfc8fefbe3a1a

  • SSDEEP

    3072:7tsaTXrkuHKN/BDzh/5jrCIHer7Zmv3HSruNyLamWjMAKdWrc:7GarrkuHKNfYJmaiNyVWPdrc

Malware Config

Targets

    • Target

      e576dac1188eb161d153d2ec0099b8ea_JaffaCakes118

    • Size

      138KB

    • MD5

      e576dac1188eb161d153d2ec0099b8ea

    • SHA1

      4546fb05df1275d5f1e284a5e638c3fa622bd6fe

    • SHA256

      4547ada9000728f06d6834f6e5c38eb7018cb1f78f816c0d3d23ebc976d49211

    • SHA512

      839c68aa8d3ad37d0927c70007d783d897d02edb426bf177dc8128a9f09a88db8ab2ceed59e192c9074e4ee39dc823623ab570d588b0081ae79dfc8fefbe3a1a

    • SSDEEP

      3072:7tsaTXrkuHKN/BDzh/5jrCIHer7Zmv3HSruNyLamWjMAKdWrc:7GarrkuHKNfYJmaiNyVWPdrc

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks