General

  • Target

    0293f9afbb0c417f07f516d8ba3bab74_JaffaCakes118

  • Size

    555KB

  • Sample

    240622-rl6las1dqc

  • MD5

    0293f9afbb0c417f07f516d8ba3bab74

  • SHA1

    430e7ffbab8ef75fe2f8b86a696201219661fedd

  • SHA256

    f635db2d6b9c3693db939406fb9cd51154ff74d4912061cd34cf4ad3c38b9c3f

  • SHA512

    e2dc1da2ac722ec5c58e81bebab6508d061cea7a54f26e9ded3f5ac920acf13395a3d7e093725a50222367e8b63efe9078aa01e245db4dcb5175349d9cdb615e

  • SSDEEP

    12288:x9OHpqXPppQE491m1nXRSL/caKZ/JFaelsXw8z:GJ9E491m1nJ3xPyj

Malware Config

Targets

    • Target

      0293f9afbb0c417f07f516d8ba3bab74_JaffaCakes118

    • Size

      555KB

    • MD5

      0293f9afbb0c417f07f516d8ba3bab74

    • SHA1

      430e7ffbab8ef75fe2f8b86a696201219661fedd

    • SHA256

      f635db2d6b9c3693db939406fb9cd51154ff74d4912061cd34cf4ad3c38b9c3f

    • SHA512

      e2dc1da2ac722ec5c58e81bebab6508d061cea7a54f26e9ded3f5ac920acf13395a3d7e093725a50222367e8b63efe9078aa01e245db4dcb5175349d9cdb615e

    • SSDEEP

      12288:x9OHpqXPppQE491m1nXRSL/caKZ/JFaelsXw8z:GJ9E491m1nJ3xPyj

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks