General

  • Target

    0781e3c1b2cc979cc5b74487d2bc305e_JaffaCakes118

  • Size

    368KB

  • Sample

    240620-td83kawbma

  • MD5

    0781e3c1b2cc979cc5b74487d2bc305e

  • SHA1

    9dbc4368035a6014d34474dedaf56f32d7606b6f

  • SHA256

    3faba3d0fcb244dddca0e802fd08b41b7283b98a6c4a1aaea1b6041505e65667

  • SHA512

    ae347479db38611e602a98f0232dc2f09ca4b4aeb4c48961d93ffc88ce7101dc8dd576559f4e3d9ef45aca6e507c697efb70131ea73cff519d8ae96f38ccf3ed

  • SSDEEP

    6144:qW2D389Nzjp3q/k+JfSt9ToekPhOtJaP9HYgzyKFJUfxE9v:ksq/k+JKjToBh6JVo1UOv

Malware Config

Targets

    • Target

      0781e3c1b2cc979cc5b74487d2bc305e_JaffaCakes118

    • Size

      368KB

    • MD5

      0781e3c1b2cc979cc5b74487d2bc305e

    • SHA1

      9dbc4368035a6014d34474dedaf56f32d7606b6f

    • SHA256

      3faba3d0fcb244dddca0e802fd08b41b7283b98a6c4a1aaea1b6041505e65667

    • SHA512

      ae347479db38611e602a98f0232dc2f09ca4b4aeb4c48961d93ffc88ce7101dc8dd576559f4e3d9ef45aca6e507c697efb70131ea73cff519d8ae96f38ccf3ed

    • SSDEEP

      6144:qW2D389Nzjp3q/k+JfSt9ToekPhOtJaP9HYgzyKFJUfxE9v:ksq/k+JKjToBh6JVo1UOv

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks