General

  • Target

    432a7de3f6c1ff085453704ec6542d65_JaffaCakes118

  • Size

    559KB

  • Sample

    240514-1dk43ahd91

  • MD5

    432a7de3f6c1ff085453704ec6542d65

  • SHA1

    a43af24662b80b480e8f83a881d756306b06d7d3

  • SHA256

    ecc641b4122b657baadc82008921f65cde2e368ca75e889cc100170c32ecfd74

  • SHA512

    e36a6e64e5b4d21b9912f0c28d609f3b3808c55fd439e78de00f2f67eacbd0a123f19c1d14103199ca4661c69ad7f5d338e1c1b869c559879549f31e311e6128

  • SSDEEP

    12288:ONWz1AUZbht1FGdX3j4tXZmNc64iJJpCeCslYrwBtTZE/k6r7z/hoAN/4:OQzO8bhO8BZmNvZLlYryta7z/OA4

Malware Config

Targets

    • Target

      432a7de3f6c1ff085453704ec6542d65_JaffaCakes118

    • Size

      559KB

    • MD5

      432a7de3f6c1ff085453704ec6542d65

    • SHA1

      a43af24662b80b480e8f83a881d756306b06d7d3

    • SHA256

      ecc641b4122b657baadc82008921f65cde2e368ca75e889cc100170c32ecfd74

    • SHA512

      e36a6e64e5b4d21b9912f0c28d609f3b3808c55fd439e78de00f2f67eacbd0a123f19c1d14103199ca4661c69ad7f5d338e1c1b869c559879549f31e311e6128

    • SSDEEP

      12288:ONWz1AUZbht1FGdX3j4tXZmNc64iJJpCeCslYrwBtTZE/k6r7z/hoAN/4:OQzO8bhO8BZmNvZLlYryta7z/OA4

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Modifies security service

    • UAC bypass

    • Windows security bypass

    • Disables Task Manager via registry modification

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks