General

  • Target

    a3960263946355df632d0c764d115f4c_JaffaCakes118

  • Size

    512KB

  • Sample

    240613-dadt9avgrp

  • MD5

    a3960263946355df632d0c764d115f4c

  • SHA1

    59b0dc649add256fb62387b3f8c8f22bc5c2fee6

  • SHA256

    3337d52da20311f54b9860fd3ab323eb29dd9602537ffb11132de887d7d33ac9

  • SHA512

    71a9fae97d4a3e0a1fa187dd14018a4003ce771d312e4169b13080fb1421b1a03475ca675f11d2b4872fad1ff7f0991e0b15b438b29adb6dc7ad586319b0d66e

  • SSDEEP

    6144:1VY0W0sVVZ/dkq5BCoFaJ2i5Lf24C07N5OvSLTUF6pQxI6Upe2cBnTu19bcodj6D:1gDhdkq5BCoC5LfWSLTUQpr2Zu19Qm5g

Malware Config

Targets

    • Target

      a3960263946355df632d0c764d115f4c_JaffaCakes118

    • Size

      512KB

    • MD5

      a3960263946355df632d0c764d115f4c

    • SHA1

      59b0dc649add256fb62387b3f8c8f22bc5c2fee6

    • SHA256

      3337d52da20311f54b9860fd3ab323eb29dd9602537ffb11132de887d7d33ac9

    • SHA512

      71a9fae97d4a3e0a1fa187dd14018a4003ce771d312e4169b13080fb1421b1a03475ca675f11d2b4872fad1ff7f0991e0b15b438b29adb6dc7ad586319b0d66e

    • SSDEEP

      6144:1VY0W0sVVZ/dkq5BCoFaJ2i5Lf24C07N5OvSLTUF6pQxI6Upe2cBnTu19bcodj6D:1gDhdkq5BCoC5LfWSLTUQpr2Zu19Qm5g

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies WinLogon

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks