General

  • Target

    000eddfbf86c8526dd28e8301dec69a2_JaffaCakes118

  • Size

    114KB

  • Sample

    240619-xl2v1a1gnq

  • MD5

    000eddfbf86c8526dd28e8301dec69a2

  • SHA1

    03d7da687958e537b392df4deda2916d950840b9

  • SHA256

    58a851ca522579936c78c05106e60e568ba4177c615eda031fe323634093b569

  • SHA512

    0c08be8861c384c8d47a67f19d2e0ad95c319c69876a2e76fb55674e3eb583bd74542c69a65906a1d9d94cce97a407b70ebed85816ea8a08e8db8101efeb4ecb

  • SSDEEP

    3072:ehxcyK32PCjiyQhx762i9DlJF8uFkpqBYf:cpK32PlyQhU2OFIq+

Malware Config

Targets

    • Target

      000eddfbf86c8526dd28e8301dec69a2_JaffaCakes118

    • Size

      114KB

    • MD5

      000eddfbf86c8526dd28e8301dec69a2

    • SHA1

      03d7da687958e537b392df4deda2916d950840b9

    • SHA256

      58a851ca522579936c78c05106e60e568ba4177c615eda031fe323634093b569

    • SHA512

      0c08be8861c384c8d47a67f19d2e0ad95c319c69876a2e76fb55674e3eb583bd74542c69a65906a1d9d94cce97a407b70ebed85816ea8a08e8db8101efeb4ecb

    • SSDEEP

      3072:ehxcyK32PCjiyQhx762i9DlJF8uFkpqBYf:cpK32PlyQhU2OFIq+

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks