General

  • Target

    fb4e9686e8d934c6e71f69fbf69cbba6_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240419-2d67zaaa7w

  • MD5

    fb4e9686e8d934c6e71f69fbf69cbba6

  • SHA1

    91b52740a1d9a46bddb568cfc6e9d035c5160b22

  • SHA256

    f9c069523cc221dcea4a5b46281e6752ba4a567480b7c81e3a80d369c73b07ff

  • SHA512

    36c09106eeaa9bbd452fef2bb8d6dda58e1894f1a54963af4b27f61c73ddbf45bb6c523b10a18a22dce138fb6fa5ffba72a7190c6a9e3c2ff24eaf166ba2f87d

  • SSDEEP

    24576:K/86WY0n6q9nXshv7ogKw+/dA1hhLdiIIjE6YdZxua7Fz:nSrqRXshMgushQm6Yjxua7Fz

Malware Config

Targets

    • Target

      fb4e9686e8d934c6e71f69fbf69cbba6_JaffaCakes118

    • Size

      1.3MB

    • MD5

      fb4e9686e8d934c6e71f69fbf69cbba6

    • SHA1

      91b52740a1d9a46bddb568cfc6e9d035c5160b22

    • SHA256

      f9c069523cc221dcea4a5b46281e6752ba4a567480b7c81e3a80d369c73b07ff

    • SHA512

      36c09106eeaa9bbd452fef2bb8d6dda58e1894f1a54963af4b27f61c73ddbf45bb6c523b10a18a22dce138fb6fa5ffba72a7190c6a9e3c2ff24eaf166ba2f87d

    • SSDEEP

      24576:K/86WY0n6q9nXshv7ogKw+/dA1hhLdiIIjE6YdZxua7Fz:nSrqRXshMgushQm6Yjxua7Fz

    • Detect ZGRat V1

    • RevcodeRat, WebMonitorRat

      WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.

    • WebMonitor payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks