General

  • Target

    a40cc5224fd7f9a2f4b1c4c98f5940e5_JaffaCakes118

  • Size

    697KB

  • Sample

    240613-ggayqazfjp

  • MD5

    a40cc5224fd7f9a2f4b1c4c98f5940e5

  • SHA1

    9aa33352bbc6c25176d38ef5d97d5da770293e8f

  • SHA256

    2481423874acd27df811d297554ea75fc9e612391fa35b727ecb7b661bc7995c

  • SHA512

    f235cf9d1721d16d63d4720b3b8ce4395a950f9e78e7b7c927b8feb28ee1d3d45efd49e08df607d36de62c02ead2d103d8c3f39204dca65008790b2a314d4b77

  • SSDEEP

    12288:E78exwIc1s5BEaNT7wGSXR9csbkPfozdkM+79//Dyjzh8tpMk:Epx0GNQzXR9zHdrg2nKb

Malware Config

Targets

    • Target

      a40cc5224fd7f9a2f4b1c4c98f5940e5_JaffaCakes118

    • Size

      697KB

    • MD5

      a40cc5224fd7f9a2f4b1c4c98f5940e5

    • SHA1

      9aa33352bbc6c25176d38ef5d97d5da770293e8f

    • SHA256

      2481423874acd27df811d297554ea75fc9e612391fa35b727ecb7b661bc7995c

    • SHA512

      f235cf9d1721d16d63d4720b3b8ce4395a950f9e78e7b7c927b8feb28ee1d3d45efd49e08df607d36de62c02ead2d103d8c3f39204dca65008790b2a314d4b77

    • SSDEEP

      12288:E78exwIc1s5BEaNT7wGSXR9csbkPfozdkM+79//Dyjzh8tpMk:Epx0GNQzXR9zHdrg2nKb

    • Modifies Windows Defender Real-time Protection settings

    • Stops running service(s)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks