General

  • Target

    06a5e7345009074d4201d07e0f9c26b1_JaffaCakes118

  • Size

    206KB

  • Sample

    240429-c8631sgc31

  • MD5

    06a5e7345009074d4201d07e0f9c26b1

  • SHA1

    2e98c608217f79fb09e5f846f31693b67f1f9e59

  • SHA256

    207870bf9b7f53c53eeaeaeb29f5f4c24df47b39e16306ac135f0685d2de658b

  • SHA512

    fde284ceedbf6383991b2c17cadc3e9cfdf98a0d32b9956079f05c0fd4c46d77921c7521847b8c8d3bf670997b694349dc1d7270e1693a962d8b2a37f9f8e564

  • SSDEEP

    6144:Z8+9tCJQBqCYaM+QcEdNc4fdem9UJNh+ytHFoSyGK:Hf2aM+Qcn4V/8NhnpFoSyt

Malware Config

Targets

    • Target

      06a5e7345009074d4201d07e0f9c26b1_JaffaCakes118

    • Size

      206KB

    • MD5

      06a5e7345009074d4201d07e0f9c26b1

    • SHA1

      2e98c608217f79fb09e5f846f31693b67f1f9e59

    • SHA256

      207870bf9b7f53c53eeaeaeb29f5f4c24df47b39e16306ac135f0685d2de658b

    • SHA512

      fde284ceedbf6383991b2c17cadc3e9cfdf98a0d32b9956079f05c0fd4c46d77921c7521847b8c8d3bf670997b694349dc1d7270e1693a962d8b2a37f9f8e564

    • SSDEEP

      6144:Z8+9tCJQBqCYaM+QcEdNc4fdem9UJNh+ytHFoSyGK:Hf2aM+Qcn4V/8NhnpFoSyt

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks