General

  • Target

    8cf648b915ec162d73796d0d6b746518_JaffaCakes118

  • Size

    112KB

  • Sample

    240602-fpbdsabh6z

  • MD5

    8cf648b915ec162d73796d0d6b746518

  • SHA1

    bbc90d425f898081edcffb60614f1ee066981587

  • SHA256

    fd45741ee1705669ca1cedab0d174599f416ccb8f87ac2f6a4cff5458bd5dbc0

  • SHA512

    92242c659e05157a73eb9b61d404bb9b637ca9feb09f2581806bcd9604d499cfedbd76f85a4ae9b0edd9df88f9b3853488e0d1da86e8f3e2f3e72d5ba1a06721

  • SSDEEP

    3072:a/2PkCffIVVasN6jVrRIfMCkBsEzGPO907Vdr2:8CfwVVB4VrRIfMNPt65

Score
7/10

Malware Config

Targets

    • Target

      8cf648b915ec162d73796d0d6b746518_JaffaCakes118

    • Size

      112KB

    • MD5

      8cf648b915ec162d73796d0d6b746518

    • SHA1

      bbc90d425f898081edcffb60614f1ee066981587

    • SHA256

      fd45741ee1705669ca1cedab0d174599f416ccb8f87ac2f6a4cff5458bd5dbc0

    • SHA512

      92242c659e05157a73eb9b61d404bb9b637ca9feb09f2581806bcd9604d499cfedbd76f85a4ae9b0edd9df88f9b3853488e0d1da86e8f3e2f3e72d5ba1a06721

    • SSDEEP

      3072:a/2PkCffIVVasN6jVrRIfMCkBsEzGPO907Vdr2:8CfwVVB4VrRIfMNPt65

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks