General

  • Target

    02923b10e87a32bf64fb1b871e5b2eb8_JaffaCakes118

  • Size

    59KB

  • Sample

    240620-ee99paxdke

  • MD5

    02923b10e87a32bf64fb1b871e5b2eb8

  • SHA1

    615105790db9ccdbbf8a7f51d923f61354d58a92

  • SHA256

    c1e1e2f2570c281916f6baf9dacdd45a0a7f2b755bada4df5eba0638bc3f4adb

  • SHA512

    7367cf0693fe7e4972b7ead288b993ffe33a42d0bccc537ccaeb020474f50233bb2c0a4cf971958a913f542443c3e7950561e3371a5e4ebe6dd0f441526e0aaf

  • SSDEEP

    1536:2A3PCNHKasq6bps0mLSNztsL+8SD/spcP:2A/AqPvp6P1SD/s6

Malware Config

Targets

    • Target

      02923b10e87a32bf64fb1b871e5b2eb8_JaffaCakes118

    • Size

      59KB

    • MD5

      02923b10e87a32bf64fb1b871e5b2eb8

    • SHA1

      615105790db9ccdbbf8a7f51d923f61354d58a92

    • SHA256

      c1e1e2f2570c281916f6baf9dacdd45a0a7f2b755bada4df5eba0638bc3f4adb

    • SHA512

      7367cf0693fe7e4972b7ead288b993ffe33a42d0bccc537ccaeb020474f50233bb2c0a4cf971958a913f542443c3e7950561e3371a5e4ebe6dd0f441526e0aaf

    • SSDEEP

      1536:2A3PCNHKasq6bps0mLSNztsL+8SD/spcP:2A/AqPvp6P1SD/s6

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks