General

  • Target

    f089e121bd206ec93e6583651d2e559c_JaffaCakes118

  • Size

    13KB

  • Sample

    240415-hvt47ahc25

  • MD5

    f089e121bd206ec93e6583651d2e559c

  • SHA1

    34ec27c373f3a3663cf68fc17752054dcd480689

  • SHA256

    ca4ac1db528fea101b2ae61719719bf806aca32ae06bd47082492735c3f76651

  • SHA512

    bc0dad6565c4a7794f38c369b016a0c15103bbc2b621a9964cae6f70224ec7e578106dd2ec05006c2675877e51019d22bc57c242062620e80cfda06a00cd2272

  • SSDEEP

    384:AsbE3A35s7+/t3Mw/5Rl+GBx2UrGKKHu8e3iY:As54+/t3Mw/5RldDrquQY

Malware Config

Targets

    • Target

      f089e121bd206ec93e6583651d2e559c_JaffaCakes118

    • Size

      13KB

    • MD5

      f089e121bd206ec93e6583651d2e559c

    • SHA1

      34ec27c373f3a3663cf68fc17752054dcd480689

    • SHA256

      ca4ac1db528fea101b2ae61719719bf806aca32ae06bd47082492735c3f76651

    • SHA512

      bc0dad6565c4a7794f38c369b016a0c15103bbc2b621a9964cae6f70224ec7e578106dd2ec05006c2675877e51019d22bc57c242062620e80cfda06a00cd2272

    • SSDEEP

      384:AsbE3A35s7+/t3Mw/5Rl+GBx2UrGKKHu8e3iY:As54+/t3Mw/5RldDrquQY

    • Adds policy Run key to start application

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks