Resubmissions

17-04-2024 15:13

240417-slw8asfa8t 10

17-04-2024 15:13

240417-slwlrsfa71 10

17-04-2024 15:13

240417-slwa1ade84 10

17-04-2024 15:13

240417-slsvwade82 10

17-04-2024 15:13

240417-slsj4sde79 10

General

  • Target

    ef8854d445cff933d6ed5fc87e3a6eca_JaffaCakes118

  • Size

    3.6MB

  • Sample

    240417-slwlrsfa71

  • MD5

    ef8854d445cff933d6ed5fc87e3a6eca

  • SHA1

    88bf6e4c6a287c88fa739292959cef7d74288c25

  • SHA256

    1e2c6745afc6886504c7d49c03ec42b46e63530aa93e5ff1d5b2cbdd1ea1108d

  • SHA512

    3c6e10f6772b64ec9c9c643e086fda76d2dd1b24f099237c3403c43966d730ceff193f961204b2141fd8ece951b9d86e384ba69152c588069b523673dc259c88

  • SSDEEP

    49152:2pU1pIkY3RFCXgUG0xibD3QUaSalMG45TRVVqfMqJ7CdfAYQtTGC8:2psIbhYXJS3HaHM17Vqfz7sQti5

Score
10/10

Malware Config

Targets

    • Target

      ef8854d445cff933d6ed5fc87e3a6eca_JaffaCakes118

    • Size

      3.6MB

    • MD5

      ef8854d445cff933d6ed5fc87e3a6eca

    • SHA1

      88bf6e4c6a287c88fa739292959cef7d74288c25

    • SHA256

      1e2c6745afc6886504c7d49c03ec42b46e63530aa93e5ff1d5b2cbdd1ea1108d

    • SHA512

      3c6e10f6772b64ec9c9c643e086fda76d2dd1b24f099237c3403c43966d730ceff193f961204b2141fd8ece951b9d86e384ba69152c588069b523673dc259c88

    • SSDEEP

      49152:2pU1pIkY3RFCXgUG0xibD3QUaSalMG45TRVVqfMqJ7CdfAYQtTGC8:2psIbhYXJS3HaHM17Vqfz7sQti5

    Score
    10/10
    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

MITRE ATT&CK Enterprise v15

Tasks