General

  • Target

    f245becda4e918e10f650671bfbe60a5_JaffaCakes118

  • Size

    6.2MB

  • Sample

    240416-atcvhscd98

  • MD5

    f245becda4e918e10f650671bfbe60a5

  • SHA1

    9bb1c7cf3c0f9b767b2f21ebc907b158622d9b71

  • SHA256

    151778a15b41a29e7254c63a24e70cbe3cb76b15fd621afe435b197b20ff91b4

  • SHA512

    c72033f994cc77c265da433c6467d9fcfc33fae63415b6ac02391e14cb256b0e3185b1470e7f86a8dea2eba822f6657430103a5b786703254e5c361b546407a5

  • SSDEEP

    196608:N7effIPEsy58doQaTzwZ8Jq3QKnqVtxQnKnqVtxQu9OryfEQ2wryfEQuQILhf8s+:N7effIPEsy58doQaTzwZ8Jq3QKnqVtxj

Malware Config

Targets

    • Target

      f245becda4e918e10f650671bfbe60a5_JaffaCakes118

    • Size

      6.2MB

    • MD5

      f245becda4e918e10f650671bfbe60a5

    • SHA1

      9bb1c7cf3c0f9b767b2f21ebc907b158622d9b71

    • SHA256

      151778a15b41a29e7254c63a24e70cbe3cb76b15fd621afe435b197b20ff91b4

    • SHA512

      c72033f994cc77c265da433c6467d9fcfc33fae63415b6ac02391e14cb256b0e3185b1470e7f86a8dea2eba822f6657430103a5b786703254e5c361b546407a5

    • SSDEEP

      196608:N7effIPEsy58doQaTzwZ8Jq3QKnqVtxQnKnqVtxQu9OryfEQ2wryfEQuQILhf8s+:N7effIPEsy58doQaTzwZ8Jq3QKnqVtxj

    • Modifies WinLogon for persistence

    • Drops file in Drivers directory

    • Sets service image path in registry

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks