General

  • Target

    f0cc48e489e7bd14726d1602ac35239b_JaffaCakes118

  • Size

    554KB

  • Sample

    240415-l361habg72

  • MD5

    f0cc48e489e7bd14726d1602ac35239b

  • SHA1

    4fa5832869cdd7a2613e63b57be39da9fcbda96b

  • SHA256

    220d8c63d04f7aced4725061fc6c05187b6359eff21fef78286a9c099d41055e

  • SHA512

    2e9429cd3b5166c2a8ab3bfe5412e08081f968046b78b9ae72707cefa751819a56375fc89bb218f1aed0e179cefa75e2fc21f26f37a7ec60a83124614668bc81

  • SSDEEP

    12288:vK0qjI4nA1K0OK0q2wPqK0AI2GjI8S3IK:vK0qjIOA1K0OK0q2wPqK0AI2GjIp3IK

Malware Config

Targets

    • Target

      f0cc48e489e7bd14726d1602ac35239b_JaffaCakes118

    • Size

      554KB

    • MD5

      f0cc48e489e7bd14726d1602ac35239b

    • SHA1

      4fa5832869cdd7a2613e63b57be39da9fcbda96b

    • SHA256

      220d8c63d04f7aced4725061fc6c05187b6359eff21fef78286a9c099d41055e

    • SHA512

      2e9429cd3b5166c2a8ab3bfe5412e08081f968046b78b9ae72707cefa751819a56375fc89bb218f1aed0e179cefa75e2fc21f26f37a7ec60a83124614668bc81

    • SSDEEP

      12288:vK0qjI4nA1K0OK0q2wPqK0AI2GjI8S3IK:vK0qjIOA1K0OK0q2wPqK0AI2GjIp3IK

    • Modifies WinLogon for persistence

    • Drops file in Drivers directory

    • Sets service image path in registry

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks