General

  • Target

    138ea1d2d25ac77d9e8724a177baf45a_JaffaCakes118

  • Size

    196KB

  • Sample

    240626-1jkqgsyapk

  • MD5

    138ea1d2d25ac77d9e8724a177baf45a

  • SHA1

    dd201f077d2ac608c348d56781e0b8a93c62ee4e

  • SHA256

    11a6a383aaba9b576633584ff8c37584395f3a9b6dc72334202f0227f302259d

  • SHA512

    5af6a318f52bc8eda6106e5842a9b1b3b8e70434efaec6a7c61fa5171113e65cd3a2cfed25e9e9cce8d391f25ae37bbedfe109cd565e70c62a53885a925baf89

  • SSDEEP

    3072:N39hmSOFEYjZctDnPN4XGhQUWg0/J61m7Jx7soH4ZDWSfZueG2:19gLiRnVkGyUEcWH4ZxZN

Malware Config

Targets

    • Target

      138ea1d2d25ac77d9e8724a177baf45a_JaffaCakes118

    • Size

      196KB

    • MD5

      138ea1d2d25ac77d9e8724a177baf45a

    • SHA1

      dd201f077d2ac608c348d56781e0b8a93c62ee4e

    • SHA256

      11a6a383aaba9b576633584ff8c37584395f3a9b6dc72334202f0227f302259d

    • SHA512

      5af6a318f52bc8eda6106e5842a9b1b3b8e70434efaec6a7c61fa5171113e65cd3a2cfed25e9e9cce8d391f25ae37bbedfe109cd565e70c62a53885a925baf89

    • SSDEEP

      3072:N39hmSOFEYjZctDnPN4XGhQUWg0/J61m7Jx7soH4ZDWSfZueG2:19gLiRnVkGyUEcWH4ZxZN

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks