General

  • Target

    f6817296c933daa9628658e9233179b7_JaffaCakes118

  • Size

    284KB

  • Sample

    240417-x7hz1sbh43

  • MD5

    f6817296c933daa9628658e9233179b7

  • SHA1

    c7b8245acf1419779a90b29ee3ba5dd2d12ceab6

  • SHA256

    c0521a5e0b346421c4d67ac8956fae37fae603c52c8efce1d3f21ce9db12edc7

  • SHA512

    31aa76e75c840eae20595513e0696562b80421c583b601da4aabb8f97ee9fe0ddeecb22968ada67d354dbb2e3ffcc3359bd8f14a282857515508119bfb495ad1

  • SSDEEP

    6144:7qVOPAboqOSg/B5zY8GbdCk18j7i8EzDPnMnadzL0QZ5TGtpM18:5AYTZ59Gboky2ZvUnahL0Qm3c

Malware Config

Targets

    • Target

      f6817296c933daa9628658e9233179b7_JaffaCakes118

    • Size

      284KB

    • MD5

      f6817296c933daa9628658e9233179b7

    • SHA1

      c7b8245acf1419779a90b29ee3ba5dd2d12ceab6

    • SHA256

      c0521a5e0b346421c4d67ac8956fae37fae603c52c8efce1d3f21ce9db12edc7

    • SHA512

      31aa76e75c840eae20595513e0696562b80421c583b601da4aabb8f97ee9fe0ddeecb22968ada67d354dbb2e3ffcc3359bd8f14a282857515508119bfb495ad1

    • SSDEEP

      6144:7qVOPAboqOSg/B5zY8GbdCk18j7i8EzDPnMnadzL0QZ5TGtpM18:5AYTZ59Gboky2ZvUnahL0Qm3c

    • Modifies security service

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Disables taskbar notifications via registry modification

    • Modifies Installed Components in the registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks