General

  • Target

    1264ea62a88dd731998b91efb1e0b0f0_JaffaCakes118

  • Size

    1008KB

  • Sample

    240626-seqryazcjb

  • MD5

    1264ea62a88dd731998b91efb1e0b0f0

  • SHA1

    c691fa4d17dd2b091dbb7fe1f844438aafbafab5

  • SHA256

    54eb879d9b653038bfbc26efcf5003caf57a1137309e9ff65c82ef46e7e7e096

  • SHA512

    20b2a409cacaa2158d23cad9adccbe6464c6935f326ed2ea53d7334c31df8f7ea0cf99f10409e6e7d8f949bd84ad9eb0bf11eda2a102e9b9575ce1def68e4d62

  • SSDEEP

    24576:niSeHvg2XSUaQ+Zzc6BMNfyT/77ErMMUnQ8D4y6:niSLUa5gkXtTQ8DC

Malware Config

Targets

    • Target

      1264ea62a88dd731998b91efb1e0b0f0_JaffaCakes118

    • Size

      1008KB

    • MD5

      1264ea62a88dd731998b91efb1e0b0f0

    • SHA1

      c691fa4d17dd2b091dbb7fe1f844438aafbafab5

    • SHA256

      54eb879d9b653038bfbc26efcf5003caf57a1137309e9ff65c82ef46e7e7e096

    • SHA512

      20b2a409cacaa2158d23cad9adccbe6464c6935f326ed2ea53d7334c31df8f7ea0cf99f10409e6e7d8f949bd84ad9eb0bf11eda2a102e9b9575ce1def68e4d62

    • SSDEEP

      24576:niSeHvg2XSUaQ+Zzc6BMNfyT/77ErMMUnQ8D4y6:niSLUa5gkXtTQ8DC

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks