General

  • Target

    3dd5c6492f3e893089374a67796c5123_JaffaCakes118

  • Size

    1.7MB

  • Sample

    240514-erzzgsag74

  • MD5

    3dd5c6492f3e893089374a67796c5123

  • SHA1

    f89b9ddac19658e1611f138add030db1af48ad1c

  • SHA256

    f858387a641a09fef66b4b52e95fe9b85727894ce8ca80dafc1ea826b5f4a7b2

  • SHA512

    9b066fb95915d4b9c0007eef9b965cbb825a48854a7fcc2d70c992b7ef152b5b2ac6a942242c93c76229a237ae78f6d6f85ebd07e154d8eacb609c0ca28788b1

  • SSDEEP

    49152:Lz071uv4BPMkibTIA5I4TNrpDGgDQBw8q:NAB6

Malware Config

Targets

    • Target

      3dd5c6492f3e893089374a67796c5123_JaffaCakes118

    • Size

      1.7MB

    • MD5

      3dd5c6492f3e893089374a67796c5123

    • SHA1

      f89b9ddac19658e1611f138add030db1af48ad1c

    • SHA256

      f858387a641a09fef66b4b52e95fe9b85727894ce8ca80dafc1ea826b5f4a7b2

    • SHA512

      9b066fb95915d4b9c0007eef9b965cbb825a48854a7fcc2d70c992b7ef152b5b2ac6a942242c93c76229a237ae78f6d6f85ebd07e154d8eacb609c0ca28788b1

    • SSDEEP

      49152:Lz071uv4BPMkibTIA5I4TNrpDGgDQBw8q:NAB6

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Modifies Installed Components in the registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks