General

  • Target

    0e68a0cbb24cf5c5aac155341d52fa0b_JaffaCakes118

  • Size

    39.4MB

  • Sample

    240502-nymr6sad55

  • MD5

    0e68a0cbb24cf5c5aac155341d52fa0b

  • SHA1

    330456bdccedfe4eddf419cd5096d0677ddc3856

  • SHA256

    171a45d5ba22ebda0ab5456ef0d630acb7babcd31d460d4328d05f0d68564e3b

  • SHA512

    ae6555b5d9a2d2cc673f8bff062f0e047e65f0f134a97c3fd41d6a9e968f2b453829fa96a62c2eb09acedf7ff1114e2a7008be7274c9d83c6bb57ae3b15304fb

  • SSDEEP

    786432:ckxc4BiiqqeuC9H607Yd0FPAwt3f3DXXo1wg+37TLYVzvWVHP:csdqqez9H7wWPRt3f3bXo1wN5

Malware Config

Targets

    • Target

      0e68a0cbb24cf5c5aac155341d52fa0b_JaffaCakes118

    • Size

      39.4MB

    • MD5

      0e68a0cbb24cf5c5aac155341d52fa0b

    • SHA1

      330456bdccedfe4eddf419cd5096d0677ddc3856

    • SHA256

      171a45d5ba22ebda0ab5456ef0d630acb7babcd31d460d4328d05f0d68564e3b

    • SHA512

      ae6555b5d9a2d2cc673f8bff062f0e047e65f0f134a97c3fd41d6a9e968f2b453829fa96a62c2eb09acedf7ff1114e2a7008be7274c9d83c6bb57ae3b15304fb

    • SSDEEP

      786432:ckxc4BiiqqeuC9H607Yd0FPAwt3f3DXXo1wg+37TLYVzvWVHP:csdqqez9H7wWPRt3f3bXo1wN5

    • Modifies firewall policy service

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks