General

  • Target

    910f4151628dba5104d2320efa6c7000_JaffaCakes118

  • Size

    2.1MB

  • Sample

    240603-jz65zsgg3y

  • MD5

    910f4151628dba5104d2320efa6c7000

  • SHA1

    74668c86353a290ce493337479293a4742597221

  • SHA256

    b190c4b37b8986eab056a3495308443ea13aaed44525a8f1eccbb7c5319948dc

  • SHA512

    516230a1b26c7d9245add7a7456f046aee9dff922123b3a343eea54eb75a0fa2265d47a2b01a2ecf872921dbd377d3c40e9f3149bd25094e6c2b2d66463f658a

  • SSDEEP

    49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pXHafT:NABo

Malware Config

Targets

    • Target

      910f4151628dba5104d2320efa6c7000_JaffaCakes118

    • Size

      2.1MB

    • MD5

      910f4151628dba5104d2320efa6c7000

    • SHA1

      74668c86353a290ce493337479293a4742597221

    • SHA256

      b190c4b37b8986eab056a3495308443ea13aaed44525a8f1eccbb7c5319948dc

    • SHA512

      516230a1b26c7d9245add7a7456f046aee9dff922123b3a343eea54eb75a0fa2265d47a2b01a2ecf872921dbd377d3c40e9f3149bd25094e6c2b2d66463f658a

    • SSDEEP

      49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pXHafT:NABo

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks