General

  • Target

    ecdef2f594e08de3e8bf538025215c55_JaffaCakes118

  • Size

    1.4MB

  • Sample

    240411-h5eggshe9x

  • MD5

    ecdef2f594e08de3e8bf538025215c55

  • SHA1

    643dc714c2d8b61baffd17a00931db238790dfef

  • SHA256

    3baa56b9d89ce2338dfb89732b1fda8158c8a3b9a539b182dcc9bb7a2b5b02d4

  • SHA512

    83d0c6c1084ef5d02b3c4f09984496e70a7eb5d335535b31607edb2b0b05d96dd91a670c23bf623eb5cf18252b384c78177cefbc8fde63c69a0ba450b37cacdb

  • SSDEEP

    24576:5yioZs8SOZMJzX6dRVrtTC1zJr0dHXsaajR5ZfBShwsYVjDhBMKyUF:V2sHOZMlXcVJkr0tsaajHZfND3MYF

Malware Config

Targets

    • Target

      ecdef2f594e08de3e8bf538025215c55_JaffaCakes118

    • Size

      1.4MB

    • MD5

      ecdef2f594e08de3e8bf538025215c55

    • SHA1

      643dc714c2d8b61baffd17a00931db238790dfef

    • SHA256

      3baa56b9d89ce2338dfb89732b1fda8158c8a3b9a539b182dcc9bb7a2b5b02d4

    • SHA512

      83d0c6c1084ef5d02b3c4f09984496e70a7eb5d335535b31607edb2b0b05d96dd91a670c23bf623eb5cf18252b384c78177cefbc8fde63c69a0ba450b37cacdb

    • SSDEEP

      24576:5yioZs8SOZMJzX6dRVrtTC1zJr0dHXsaajR5ZfBShwsYVjDhBMKyUF:V2sHOZMlXcVJkr0tsaajHZfND3MYF

    • Modifies Installed Components in the registry

    • Deletes itself

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks