General

  • Target

    211e0d6524e3575f72b55ea0fdf47355_JaffaCakes118

  • Size

    330KB

  • Sample

    240507-vhf31sfd2w

  • MD5

    211e0d6524e3575f72b55ea0fdf47355

  • SHA1

    94a4181475c23bd06c44797a4eaa956e828ff6e0

  • SHA256

    e99ff6e0ecf712843b4b7632ba6e66a99a86b4ad8197d4b70398115f92e35790

  • SHA512

    7188fef3603361fc7a01e8d390294f4a70c8359ff55ee65b7e74a9a47f5fc3547d3d703ec9dfcc80b735a955b0c95e87983f95d2a7df8126aa2b99f033d4b246

  • SSDEEP

    6144:fo/MViU3ammOVx5mwzgUgqBKt+VqnngdOKoV5zr5JrOg3MwbpN2taocx8crL/:theOVx5megUZYtOqeOfVZPrOgcQO05D3

Malware Config

Targets

    • Target

      211e0d6524e3575f72b55ea0fdf47355_JaffaCakes118

    • Size

      330KB

    • MD5

      211e0d6524e3575f72b55ea0fdf47355

    • SHA1

      94a4181475c23bd06c44797a4eaa956e828ff6e0

    • SHA256

      e99ff6e0ecf712843b4b7632ba6e66a99a86b4ad8197d4b70398115f92e35790

    • SHA512

      7188fef3603361fc7a01e8d390294f4a70c8359ff55ee65b7e74a9a47f5fc3547d3d703ec9dfcc80b735a955b0c95e87983f95d2a7df8126aa2b99f033d4b246

    • SSDEEP

      6144:fo/MViU3ammOVx5mwzgUgqBKt+VqnngdOKoV5zr5JrOg3MwbpN2taocx8crL/:theOVx5megUZYtOqeOfVZPrOgcQO05D3

    • NanoCore

      NanoCore is a remote access tool (RAT) with a variety of capabilities.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks