General

  • Target

    6b0b2bdb6f780b0d045ba40dffe3510e_JaffaCakes118

  • Size

    2.1MB

  • Sample

    240523-qet39acb8z

  • MD5

    6b0b2bdb6f780b0d045ba40dffe3510e

  • SHA1

    28d3cb04cea32e87a1f09f38b450abf5b7aaaf81

  • SHA256

    a3c2f3366a6d96af6fa1fc220c955a8e32e721d1ed599aea4ec0f2dfb971c8cb

  • SHA512

    6e730e6cbdfda266ca6afd98b4d3c240a855e19c08575bb3e90c2db8a623c148cf1d334ce4fa05531bc33096a8e33b6027dc7f98aceaaaa3104b3180d82cfc15

  • SSDEEP

    49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pXHaff+c:NABI

Malware Config

Targets

    • Target

      6b0b2bdb6f780b0d045ba40dffe3510e_JaffaCakes118

    • Size

      2.1MB

    • MD5

      6b0b2bdb6f780b0d045ba40dffe3510e

    • SHA1

      28d3cb04cea32e87a1f09f38b450abf5b7aaaf81

    • SHA256

      a3c2f3366a6d96af6fa1fc220c955a8e32e721d1ed599aea4ec0f2dfb971c8cb

    • SHA512

      6e730e6cbdfda266ca6afd98b4d3c240a855e19c08575bb3e90c2db8a623c148cf1d334ce4fa05531bc33096a8e33b6027dc7f98aceaaaa3104b3180d82cfc15

    • SSDEEP

      49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pXHaff+c:NABI

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks