General

  • Target

    39d5bef7bd1d4018dc6f90446198936b_JaffaCakes118

  • Size

    1.7MB

  • Sample

    240512-ngc7eacf8y

  • MD5

    39d5bef7bd1d4018dc6f90446198936b

  • SHA1

    1d545ba25fce7d24225aa33ce44a0c0294b0ddb0

  • SHA256

    e23d8ca335d0451b7f5bb1dd082fbebc1cd1bdc081d9804dc6148118cfb744ba

  • SHA512

    cc4fcf2f1a550c838438033708c23a76434cc93836ac4bab8949de9a068d8f9de675d09fcf4f1f7f6e282a9920d508139d128be3778c143591aebe8e328188fa

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWY1s38kQu12bPxvyuzaBgJ9pcFt0:Lz071uv4BPMkibTIA5I4TNrpDGgDQI

Malware Config

Targets

    • Target

      39d5bef7bd1d4018dc6f90446198936b_JaffaCakes118

    • Size

      1.7MB

    • MD5

      39d5bef7bd1d4018dc6f90446198936b

    • SHA1

      1d545ba25fce7d24225aa33ce44a0c0294b0ddb0

    • SHA256

      e23d8ca335d0451b7f5bb1dd082fbebc1cd1bdc081d9804dc6148118cfb744ba

    • SHA512

      cc4fcf2f1a550c838438033708c23a76434cc93836ac4bab8949de9a068d8f9de675d09fcf4f1f7f6e282a9920d508139d128be3778c143591aebe8e328188fa

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWY1s38kQu12bPxvyuzaBgJ9pcFt0:Lz071uv4BPMkibTIA5I4TNrpDGgDQI

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks