General

  • Target

    a5cb865081e72c83905dd640334effe6_JaffaCakes118

  • Size

    876KB

  • Sample

    240613-qr13bsvdqq

  • MD5

    a5cb865081e72c83905dd640334effe6

  • SHA1

    2f0e341cd7dc302e310e1bedf8f2d859198b2d94

  • SHA256

    817ef0bacbf02d851ba6872c6f3cb6e85d6fabd55a644ffa18feb4efa9225eae

  • SHA512

    37e66b10c591d6bed45042fa6aa781334f64fd18db84bfdc5ef7d448bb6b55e8c8a5e635f9b72fa103ce5324edffb439f8efac458416c156c887bf0866fecac4

  • SSDEEP

    24576:yRmJkcoQricOIQxiZY1WNdEOgmlzsC3F3iX:nJZoQrbTFZY1WNd+mlwM3iX

Score
10/10

Malware Config

Targets

    • Target

      a5cb865081e72c83905dd640334effe6_JaffaCakes118

    • Size

      876KB

    • MD5

      a5cb865081e72c83905dd640334effe6

    • SHA1

      2f0e341cd7dc302e310e1bedf8f2d859198b2d94

    • SHA256

      817ef0bacbf02d851ba6872c6f3cb6e85d6fabd55a644ffa18feb4efa9225eae

    • SHA512

      37e66b10c591d6bed45042fa6aa781334f64fd18db84bfdc5ef7d448bb6b55e8c8a5e635f9b72fa103ce5324edffb439f8efac458416c156c887bf0866fecac4

    • SSDEEP

      24576:yRmJkcoQricOIQxiZY1WNdEOgmlzsC3F3iX:nJZoQrbTFZY1WNd+mlwM3iX

    Score
    10/10
    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Modifies Installed Components in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks