General

  • Target

    781bbdb421a473206fc37919f28a27db_JaffaCakes118

  • Size

    2.1MB

  • Sample

    240527-gjve5sab7v

  • MD5

    781bbdb421a473206fc37919f28a27db

  • SHA1

    d85b45996684e12dabcedcd03a5c8e0bdd6f1935

  • SHA256

    366d8b84a43a528e6aaf9ecfc38980b148f983967803914471ccf011b9bb0832

  • SHA512

    185c48044eeeadca08888218c915a5d0513f7439655aa101bf5615ccfa0ba43ff69712c63c09b53bd1cf0379ddd867e1f9fdd7638136a8bd30ce02dbff06bfb7

  • SSDEEP

    24576:qizYdhBFmZ7r13eUY1fbmfXQrtvU6VmgEBoYnQxQWY6wuc4OAN55mYvxwCvil6kF:qizYdLFc3ggPOfV8FNorROT

Malware Config

Targets

    • Target

      781bbdb421a473206fc37919f28a27db_JaffaCakes118

    • Size

      2.1MB

    • MD5

      781bbdb421a473206fc37919f28a27db

    • SHA1

      d85b45996684e12dabcedcd03a5c8e0bdd6f1935

    • SHA256

      366d8b84a43a528e6aaf9ecfc38980b148f983967803914471ccf011b9bb0832

    • SHA512

      185c48044eeeadca08888218c915a5d0513f7439655aa101bf5615ccfa0ba43ff69712c63c09b53bd1cf0379ddd867e1f9fdd7638136a8bd30ce02dbff06bfb7

    • SSDEEP

      24576:qizYdhBFmZ7r13eUY1fbmfXQrtvU6VmgEBoYnQxQWY6wuc4OAN55mYvxwCvil6kF:qizYdLFc3ggPOfV8FNorROT

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks