General

  • Target

    3efcdfd4748e351832c3008bc211cf33_JaffaCakes118

  • Size

    452KB

  • Sample

    240513-maabhahg9y

  • MD5

    3efcdfd4748e351832c3008bc211cf33

  • SHA1

    a0a11d773fae62d40a3dd9373a2198ad9b28e9a3

  • SHA256

    2fc6e869f602e21d477ae9f24c151fbc1e07481c388ea7d07d7f52c921ed714b

  • SHA512

    0714f4f79abd264a7c7e02badad9f1c3d7d3bac674992231b666911fda69aeb24b3b1c04de3aaf17249e56dc3aec048c48a3ac792ac92392b39809e8c8388d4a

  • SSDEEP

    6144:VG+u7yofgzKw8xQOc7uy2bJZBSMb1U/hGliq9WUu7oV1UDXH9I86gAud4AH:wy8gm5WX9KJVa/hGH9uiWK8684AH

Malware Config

Targets

    • Target

      3efcdfd4748e351832c3008bc211cf33_JaffaCakes118

    • Size

      452KB

    • MD5

      3efcdfd4748e351832c3008bc211cf33

    • SHA1

      a0a11d773fae62d40a3dd9373a2198ad9b28e9a3

    • SHA256

      2fc6e869f602e21d477ae9f24c151fbc1e07481c388ea7d07d7f52c921ed714b

    • SHA512

      0714f4f79abd264a7c7e02badad9f1c3d7d3bac674992231b666911fda69aeb24b3b1c04de3aaf17249e56dc3aec048c48a3ac792ac92392b39809e8c8388d4a

    • SSDEEP

      6144:VG+u7yofgzKw8xQOc7uy2bJZBSMb1U/hGliq9WUu7oV1UDXH9I86gAud4AH:wy8gm5WX9KJVa/hGH9uiWK8684AH

    • Drops file in Drivers directory

    • Sets file execution options in registry

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks for any installed AV software in registry

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks