General

  • Target

    0176720d2be9a42edd23f5f9a598cbb3_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240622-fzqw8azdnh

  • MD5

    0176720d2be9a42edd23f5f9a598cbb3

  • SHA1

    ddcb54165d146e803a503bcbe2c50c8bd63a0330

  • SHA256

    d2d0d8b7a3b39102006b0e356c6d65e5938842055914f3769a3087e0b0179895

  • SHA512

    aebc9b2c324603b663f7a130d8f16bbde27dd949c0be37f1216fc00739a3a0e75e1a3bd2f3f876924b68249fe9c4904976bcc00b47f4b4ade31dd56b26962f95

  • SSDEEP

    24576:BhMdmGyYkwUisQE7PhSj5zmjrVU1hKCK2pcRnMXUEKMM6f9:bvZiC7zVKKEatEKMM6V

Malware Config

Targets

    • Target

      0176720d2be9a42edd23f5f9a598cbb3_JaffaCakes118

    • Size

      1.2MB

    • MD5

      0176720d2be9a42edd23f5f9a598cbb3

    • SHA1

      ddcb54165d146e803a503bcbe2c50c8bd63a0330

    • SHA256

      d2d0d8b7a3b39102006b0e356c6d65e5938842055914f3769a3087e0b0179895

    • SHA512

      aebc9b2c324603b663f7a130d8f16bbde27dd949c0be37f1216fc00739a3a0e75e1a3bd2f3f876924b68249fe9c4904976bcc00b47f4b4ade31dd56b26962f95

    • SSDEEP

      24576:BhMdmGyYkwUisQE7PhSj5zmjrVU1hKCK2pcRnMXUEKMM6f9:bvZiC7zVKKEatEKMM6V

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

MITRE ATT&CK Enterprise v15

Tasks