General

  • Target

    044435e6f97050f9aa860b4acabac8d9_JaffaCakes118

  • Size

    393KB

  • Sample

    240622-2xjk1sseqn

  • MD5

    044435e6f97050f9aa860b4acabac8d9

  • SHA1

    58f09124d88a7760f0fa589260b1b1874b19a97c

  • SHA256

    53ca26643fd90f99c78e03f135082676947525890e66cf740d4e2fc15de5f46b

  • SHA512

    65daab95c7bf3f9713671c20be4bf9fd820934d6e5fb8b8da4bc62096b6543fecd5b1574d6383182e18393e2268a9dda5c33acb69f536d652257b4fc42c986ad

  • SSDEEP

    6144:xeJ3D4ORN43Ee1k/nLMa8PVsw9XftYPOQn+aCP0vdZhhL0MTzdkXUlmKZxVO8Q:IDhqERYa4df0WPCZHBflmsVO8Q

Malware Config

Targets

    • Target

      044435e6f97050f9aa860b4acabac8d9_JaffaCakes118

    • Size

      393KB

    • MD5

      044435e6f97050f9aa860b4acabac8d9

    • SHA1

      58f09124d88a7760f0fa589260b1b1874b19a97c

    • SHA256

      53ca26643fd90f99c78e03f135082676947525890e66cf740d4e2fc15de5f46b

    • SHA512

      65daab95c7bf3f9713671c20be4bf9fd820934d6e5fb8b8da4bc62096b6543fecd5b1574d6383182e18393e2268a9dda5c33acb69f536d652257b4fc42c986ad

    • SSDEEP

      6144:xeJ3D4ORN43Ee1k/nLMa8PVsw9XftYPOQn+aCP0vdZhhL0MTzdkXUlmKZxVO8Q:IDhqERYa4df0WPCZHBflmsVO8Q

    • Modifies RDP port number used by Windows

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks