General

  • Target

    97a3a7b1646ccb9e1d13e1710e191969_JaffaCakes118

  • Size

    709KB

  • Sample

    240605-kgxdhabg76

  • MD5

    97a3a7b1646ccb9e1d13e1710e191969

  • SHA1

    238d40a3b5b2fb2f0ee3f86d39e09dde35e8f5f6

  • SHA256

    cba3fb6e81a7577eb919517f8cd9f9948174fcf1fac374236265e3f74b3b1cf7

  • SHA512

    b5bccf4a394bc646dfcb3d284c5a8c9ac31f810aae8ef77d7f1d77c7ab92cf52991eb9e6cd905a12f030e548af1a37f682849b6eef152c88b524adce0ccda3c9

  • SSDEEP

    12288:UZWtI6RkRHeZJys73dOvXDpNjNe8Nu9O3HeZJys73dOvXDpNjNe8NuZ:UuhaRHeZJ8NI87HeZJ8NI8U

Malware Config

Targets

    • Target

      97a3a7b1646ccb9e1d13e1710e191969_JaffaCakes118

    • Size

      709KB

    • MD5

      97a3a7b1646ccb9e1d13e1710e191969

    • SHA1

      238d40a3b5b2fb2f0ee3f86d39e09dde35e8f5f6

    • SHA256

      cba3fb6e81a7577eb919517f8cd9f9948174fcf1fac374236265e3f74b3b1cf7

    • SHA512

      b5bccf4a394bc646dfcb3d284c5a8c9ac31f810aae8ef77d7f1d77c7ab92cf52991eb9e6cd905a12f030e548af1a37f682849b6eef152c88b524adce0ccda3c9

    • SSDEEP

      12288:UZWtI6RkRHeZJys73dOvXDpNjNe8Nu9O3HeZJys73dOvXDpNjNe8NuZ:UuhaRHeZJ8NI87HeZJ8NI8U

    • Disables service(s)

    • Modifies visibility of file extensions in Explorer

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

    • Sets file execution options in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks