General

  • Target

    6783ac42e705b1d151c412bbd739844d_JaffaCakes118

  • Size

    7.7MB

  • Sample

    240522-rchg4sdh71

  • MD5

    6783ac42e705b1d151c412bbd739844d

  • SHA1

    00ee6ae69687af138ab8a0f4788cbddc3002cb82

  • SHA256

    6e3ecb6d33372f9ad1ec1b31752bf962e3d2e4d683859758ca6d7851665ea010

  • SHA512

    623e7ce59d3c5e21e84632d671de7472faad6b5ca3e122efd12d9fd455180791483255bb9eec3d733e0da728e5de1aad11156aea2b82c019a80c1e62fee8562a

  • SSDEEP

    196608:N7effIPEsy58doQaTxLhQyZbIly38doQalArdfehQM2gsyVCQlXI1G8do8a888Fm:N7effIPEsy58doQaTxLhQyZbIly38doF

Malware Config

Targets

    • Target

      6783ac42e705b1d151c412bbd739844d_JaffaCakes118

    • Size

      7.7MB

    • MD5

      6783ac42e705b1d151c412bbd739844d

    • SHA1

      00ee6ae69687af138ab8a0f4788cbddc3002cb82

    • SHA256

      6e3ecb6d33372f9ad1ec1b31752bf962e3d2e4d683859758ca6d7851665ea010

    • SHA512

      623e7ce59d3c5e21e84632d671de7472faad6b5ca3e122efd12d9fd455180791483255bb9eec3d733e0da728e5de1aad11156aea2b82c019a80c1e62fee8562a

    • SSDEEP

      196608:N7effIPEsy58doQaTxLhQyZbIly38doQalArdfehQM2gsyVCQlXI1G8do8a888Fm:N7effIPEsy58doQaTxLhQyZbIly38doF

    • Modifies WinLogon for persistence

    • Drops file in Drivers directory

    • Sets service image path in registry

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks