General

  • Target

    05a8293037703774564283b207a09a48_JaffaCakes118

  • Size

    39.4MB

  • Sample

    240428-vhxqrscf2v

  • MD5

    05a8293037703774564283b207a09a48

  • SHA1

    ff7023739be05467f295f9b802c359e18967ec25

  • SHA256

    ca39c537d1f5a48f549fbb72406aad9b547a57ff56283f69e5cd031d512c47f3

  • SHA512

    276bc020aa9bf1ada16927d36fe8eefdef35437c09ac967e0d632895e66a4256b7e81bd69cf698e1dade7b3ded88769089b406947cbb90857fa48e14bf3b1e82

  • SSDEEP

    786432:wkxc4BiiqqeuC9H607Yd0FPAwt3f3DXXo1wg+37TLYVzvWVHXa:wsdqqez9H7wWPRt3f3bXo1wNBa

Malware Config

Targets

    • Target

      05a8293037703774564283b207a09a48_JaffaCakes118

    • Size

      39.4MB

    • MD5

      05a8293037703774564283b207a09a48

    • SHA1

      ff7023739be05467f295f9b802c359e18967ec25

    • SHA256

      ca39c537d1f5a48f549fbb72406aad9b547a57ff56283f69e5cd031d512c47f3

    • SHA512

      276bc020aa9bf1ada16927d36fe8eefdef35437c09ac967e0d632895e66a4256b7e81bd69cf698e1dade7b3ded88769089b406947cbb90857fa48e14bf3b1e82

    • SSDEEP

      786432:wkxc4BiiqqeuC9H607Yd0FPAwt3f3DXXo1wg+37TLYVzvWVHXa:wsdqqez9H7wWPRt3f3bXo1wNBa

    • Modifies firewall policy service

    • Adds Run key to start application

    • Downloads MZ/PE file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks