General

  • Target

    e5d02b5d81925682534c05ab4e1eba09_JaffaCakes118

  • Size

    141KB

  • Sample

    240407-zggqdaed23

  • MD5

    e5d02b5d81925682534c05ab4e1eba09

  • SHA1

    d8bf5d34c1b8405bfabf3b17a3028413cf17ff01

  • SHA256

    11c6fc3f67b71a0ac0ae783654829af25cc68c9bb3396190f35f38eeb77cd3ae

  • SHA512

    8a895c014b47a664f28a3a932144d968959c3ca2b1291f983c89bc52a81e06165865b4d1d3726dc42416ab842dd1735d7dc0e16800602694ea7ec7c570be2504

  • SSDEEP

    3072:goZ1txeLgP3+Jzw7TrWqZGYbEMH1LSm7kp4qJ/JP+jnVyL:5HxeLgMzoWqIYo4Sld/U7VK

Malware Config

Targets

    • Target

      e5d02b5d81925682534c05ab4e1eba09_JaffaCakes118

    • Size

      141KB

    • MD5

      e5d02b5d81925682534c05ab4e1eba09

    • SHA1

      d8bf5d34c1b8405bfabf3b17a3028413cf17ff01

    • SHA256

      11c6fc3f67b71a0ac0ae783654829af25cc68c9bb3396190f35f38eeb77cd3ae

    • SHA512

      8a895c014b47a664f28a3a932144d968959c3ca2b1291f983c89bc52a81e06165865b4d1d3726dc42416ab842dd1735d7dc0e16800602694ea7ec7c570be2504

    • SSDEEP

      3072:goZ1txeLgP3+Jzw7TrWqZGYbEMH1LSm7kp4qJ/JP+jnVyL:5HxeLgMzoWqIYo4Sld/U7VK

    • Modifies Windows Firewall

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks