General

  • Target

    73829863d4f33017610ca46e903286a5_JaffaCakes118

  • Size

    4.4MB

  • Sample

    240525-2r9j9aea79

  • MD5

    73829863d4f33017610ca46e903286a5

  • SHA1

    6bc2b9ec9d6806c0191deea59ae6b77c0c6991e5

  • SHA256

    7f52672c5573dd2d936862f2fbca667238f4d89e511b3a47f9082c93edd535f9

  • SHA512

    99524caa0471ec1ca1ab0c2387d5ca39a324e47bbe77545d18c0e82c4471aea6964c73e70825dd6e1754753c8e161b32c10c36531d6c8ad7faee8465c5f0e037

  • SSDEEP

    49152:boerQZbd2RerQZbd2RerQZbd2RerQZbd2RerQZbd2RerQZbd25ph7GBfW+:lrQZvrQZvrQZvrQZvrQZvrQZW77GBfW+

Malware Config

Targets

    • Target

      73829863d4f33017610ca46e903286a5_JaffaCakes118

    • Size

      4.4MB

    • MD5

      73829863d4f33017610ca46e903286a5

    • SHA1

      6bc2b9ec9d6806c0191deea59ae6b77c0c6991e5

    • SHA256

      7f52672c5573dd2d936862f2fbca667238f4d89e511b3a47f9082c93edd535f9

    • SHA512

      99524caa0471ec1ca1ab0c2387d5ca39a324e47bbe77545d18c0e82c4471aea6964c73e70825dd6e1754753c8e161b32c10c36531d6c8ad7faee8465c5f0e037

    • SSDEEP

      49152:boerQZbd2RerQZbd2RerQZbd2RerQZbd2RerQZbd2RerQZbd25ph7GBfW+:lrQZvrQZvrQZvrQZvrQZvrQZW77GBfW+

    • Disables service(s)

    • Modifies visibility of file extensions in Explorer

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

    • Sets file execution options in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks