General

  • Target

    04298692d9984bdc001491374d9adac3_JaffaCakes118

  • Size

    114KB

  • Sample

    240622-2fzkxaxeke

  • MD5

    04298692d9984bdc001491374d9adac3

  • SHA1

    63de24ef8f80f3cab5df3eeadd4ad89731d7b639

  • SHA256

    03292c63b3507f52497103ba86c199151bba4221f6ec3127015efd081add4764

  • SHA512

    0aee5ed488de66232f7180681ed869147ed9a364834e4891911c6bc67639783d20c0075b75a49dbb73f03db4e76a9f8d6c9f8284b52dffffc4b0ec67b633266b

  • SSDEEP

    3072:OVl3bfuX5ATimq4550Ithi2wAbeJA4yHzzIEsc1V56ND:G3jE5ATfqyZth1ei4czz/V5

Malware Config

Targets

    • Target

      04298692d9984bdc001491374d9adac3_JaffaCakes118

    • Size

      114KB

    • MD5

      04298692d9984bdc001491374d9adac3

    • SHA1

      63de24ef8f80f3cab5df3eeadd4ad89731d7b639

    • SHA256

      03292c63b3507f52497103ba86c199151bba4221f6ec3127015efd081add4764

    • SHA512

      0aee5ed488de66232f7180681ed869147ed9a364834e4891911c6bc67639783d20c0075b75a49dbb73f03db4e76a9f8d6c9f8284b52dffffc4b0ec67b633266b

    • SSDEEP

      3072:OVl3bfuX5ATimq4550Ithi2wAbeJA4yHzzIEsc1V56ND:G3jE5ATfqyZth1ei4czz/V5

    Score
    8/10
    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks