General

  • Target

    ffbcc78612502da6d4b7061ec1487fcd_JaffaCakes118

  • Size

    199KB

  • Sample

    240421-vcj8gsfh2t

  • MD5

    ffbcc78612502da6d4b7061ec1487fcd

  • SHA1

    8d28ceb24558aadca7b9e0bac15a8e2615182945

  • SHA256

    8e7eba92ab038f6a5ae941c56c76cb88152c82f9077d4e86131457a9b196c080

  • SHA512

    31673ecbd58a79f36f6ee881300548a25bbfd2690b307de2a13eb48c35e11f481c8a00214ab0beca196a4cdcaf6d9589526ed0f2de13d33bd5d669d714343ee1

  • SSDEEP

    6144:sqoD6y5v1FrCTViWtfoV21ehSiuODnxwt:sqq6y5vfslxoYEhSLOTy

Malware Config

Targets

    • Target

      ffbcc78612502da6d4b7061ec1487fcd_JaffaCakes118

    • Size

      199KB

    • MD5

      ffbcc78612502da6d4b7061ec1487fcd

    • SHA1

      8d28ceb24558aadca7b9e0bac15a8e2615182945

    • SHA256

      8e7eba92ab038f6a5ae941c56c76cb88152c82f9077d4e86131457a9b196c080

    • SHA512

      31673ecbd58a79f36f6ee881300548a25bbfd2690b307de2a13eb48c35e11f481c8a00214ab0beca196a4cdcaf6d9589526ed0f2de13d33bd5d669d714343ee1

    • SSDEEP

      6144:sqoD6y5v1FrCTViWtfoV21ehSiuODnxwt:sqq6y5vfslxoYEhSLOTy

    • UAC bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks