General

  • Target

    737e6c4eb9743e89229aaffebbf91b83_JaffaCakes118

  • Size

    662KB

  • Sample

    240525-2nyzcadh34

  • MD5

    737e6c4eb9743e89229aaffebbf91b83

  • SHA1

    70234a61c349951cd44dc490eca940c41765fcf8

  • SHA256

    f66c3678d02e7a05e5bcac99dd97cb5dad1d236ebd3fe21e010d67767afd63ff

  • SHA512

    037ca945a872df46e1aa77659ab13ca14ac0f685da282676d9d48e3896030be34812c3d1a1f2e1704f4b733a4dc2f18e25612f1b609d1846d437118b80a5a6cc

  • SSDEEP

    12288:UZWtI6Rk0Bhku0apL+P9FO/BYku0apL+P9h:Uuha0BhzsSBYzsP

Malware Config

Targets

    • Target

      737e6c4eb9743e89229aaffebbf91b83_JaffaCakes118

    • Size

      662KB

    • MD5

      737e6c4eb9743e89229aaffebbf91b83

    • SHA1

      70234a61c349951cd44dc490eca940c41765fcf8

    • SHA256

      f66c3678d02e7a05e5bcac99dd97cb5dad1d236ebd3fe21e010d67767afd63ff

    • SHA512

      037ca945a872df46e1aa77659ab13ca14ac0f685da282676d9d48e3896030be34812c3d1a1f2e1704f4b733a4dc2f18e25612f1b609d1846d437118b80a5a6cc

    • SSDEEP

      12288:UZWtI6Rk0Bhku0apL+P9FO/BYku0apL+P9h:Uuha0BhzsSBYzsP

    • Disables service(s)

    • Modifies visibility of file extensions in Explorer

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

    • Sets file execution options in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks