General

  • Target

    7d3969887435f7497c0e4568541a09a9_JaffaCakes118

  • Size

    346KB

  • Sample

    240528-rcl6asgc8t

  • MD5

    7d3969887435f7497c0e4568541a09a9

  • SHA1

    8dff2095ebf9e8075d8cae5c9d5b6c2e35fd4eac

  • SHA256

    753dbdb5a7ccbdd4fbe941447981007bd08af62a918149dadea63768081dcb24

  • SHA512

    5ae66000992852f101819a177ad16876e73e0bdf7f12789b61c687c85cd72a6625f1139086933227ccb4fd6a11320017f4a5f0e5b943f881e149f2b207262206

  • SSDEEP

    6144:UZfec9EbXDk6RksKJrG1VVE+I5E2EBE2EBE2E4:UZWtI6RkLuVMM4

Malware Config

Targets

    • Target

      7d3969887435f7497c0e4568541a09a9_JaffaCakes118

    • Size

      346KB

    • MD5

      7d3969887435f7497c0e4568541a09a9

    • SHA1

      8dff2095ebf9e8075d8cae5c9d5b6c2e35fd4eac

    • SHA256

      753dbdb5a7ccbdd4fbe941447981007bd08af62a918149dadea63768081dcb24

    • SHA512

      5ae66000992852f101819a177ad16876e73e0bdf7f12789b61c687c85cd72a6625f1139086933227ccb4fd6a11320017f4a5f0e5b943f881e149f2b207262206

    • SSDEEP

      6144:UZfec9EbXDk6RksKJrG1VVE+I5E2EBE2EBE2E4:UZWtI6RkLuVMM4

    • Disables service(s)

    • Modifies visibility of file extensions in Explorer

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

    • Sets file execution options in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks