General

  • Target

    b3cdd4862673adafc68ed0bf7714a013_JaffaCakes118

  • Size

    11.1MB

  • Sample

    240616-qz3wwsvgkd

  • MD5

    b3cdd4862673adafc68ed0bf7714a013

  • SHA1

    553f1131c91c91548d52fe8fde2013697e8a1fce

  • SHA256

    4ee01f54514aae11d011595f23e50dad0027f43bdd2261be3a758219759d3894

  • SHA512

    5a17c5e40b54b20d0a4fd0daaf0e761b1e130f5d7d2ae0cd2a980a64955eae74f1d5451fe13f3b4a475fb55d37210cbb40beb96dbb24e0af14e1df9d4ecbcc26

  • SSDEEP

    196608:CVq4UaJfy+KgwBdGJ2TBNgXRLBBtLHoMrCV6hvVdvVgDMGLscw:C89gaghVBtroMrCV6hvVx6Tw

Malware Config

Targets

    • Target

      b3cdd4862673adafc68ed0bf7714a013_JaffaCakes118

    • Size

      11.1MB

    • MD5

      b3cdd4862673adafc68ed0bf7714a013

    • SHA1

      553f1131c91c91548d52fe8fde2013697e8a1fce

    • SHA256

      4ee01f54514aae11d011595f23e50dad0027f43bdd2261be3a758219759d3894

    • SHA512

      5a17c5e40b54b20d0a4fd0daaf0e761b1e130f5d7d2ae0cd2a980a64955eae74f1d5451fe13f3b4a475fb55d37210cbb40beb96dbb24e0af14e1df9d4ecbcc26

    • SSDEEP

      196608:CVq4UaJfy+KgwBdGJ2TBNgXRLBBtLHoMrCV6hvVdvVgDMGLscw:C89gaghVBtroMrCV6hvVx6Tw

    • Modifies WinLogon for persistence

    • Adds policy Run key to start application

    • Modifies Installed Components in the registry

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Modifies WinLogon

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks