General

  • Target

    fb8387ea928b6fe38c43ddf01f672ac7_JaffaCakes118

  • Size

    196KB

  • Sample

    240420-at4y1abe55

  • MD5

    fb8387ea928b6fe38c43ddf01f672ac7

  • SHA1

    af4bdac6fb60d2d0cc0ce13fa781b9c11d4628ca

  • SHA256

    7d202eeac4e080d9fdcb51cc89e9e8683fde3296c9d5b91aa58ea753ff1dda27

  • SHA512

    7ea45e793485b1e3eae9743b46c8121241f5dde881a161d5a37974285b4e6f418ad7ed6a4e927b855d8983f7df1c60d774095ff421f7b2bb032245862c7faf18

  • SSDEEP

    3072:QAvp/kF5DzcFYgqrGUX69qQvovAZEdGsiSU/VF7nWuMEaY5HzHJ1S9DYzLiaiE:XR/kjzc7flvoviEdG1FKupj5XgD39E

Score
7/10

Malware Config

Targets

    • Target

      fb8387ea928b6fe38c43ddf01f672ac7_JaffaCakes118

    • Size

      196KB

    • MD5

      fb8387ea928b6fe38c43ddf01f672ac7

    • SHA1

      af4bdac6fb60d2d0cc0ce13fa781b9c11d4628ca

    • SHA256

      7d202eeac4e080d9fdcb51cc89e9e8683fde3296c9d5b91aa58ea753ff1dda27

    • SHA512

      7ea45e793485b1e3eae9743b46c8121241f5dde881a161d5a37974285b4e6f418ad7ed6a4e927b855d8983f7df1c60d774095ff421f7b2bb032245862c7faf18

    • SSDEEP

      3072:QAvp/kF5DzcFYgqrGUX69qQvovAZEdGsiSU/VF7nWuMEaY5HzHJ1S9DYzLiaiE:XR/kjzc7flvoviEdG1FKupj5XgD39E

    Score
    7/10
    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks