General

  • Target

    20a336d0e560c5dfd55e2f90dda5afe8_JaffaCakes118

  • Size

    536KB

  • Sample

    240703-b1yw1avdqp

  • MD5

    20a336d0e560c5dfd55e2f90dda5afe8

  • SHA1

    4a899d324f43908862c7d4277d409b624452d645

  • SHA256

    eec3f523a932a73b97b200533024d6aa744af4d9e4219bf5759a9b6436764eeb

  • SHA512

    1f2e07db2f2bd02481a8d5a7b8075f7ac6b510655ba0654db16e6c9678863c18fd7153968817d7743c93e02e016491acbeb80fe883fc19eb2d99e1b747771987

  • SSDEEP

    12288:Re9mkj7sOGlngNAA/C22lsWAhNLCUMOn405Fsxc1CMV6R:g7EOGln4tWOHhNLRMt0PoOy

Malware Config

Targets

    • Target

      20a336d0e560c5dfd55e2f90dda5afe8_JaffaCakes118

    • Size

      536KB

    • MD5

      20a336d0e560c5dfd55e2f90dda5afe8

    • SHA1

      4a899d324f43908862c7d4277d409b624452d645

    • SHA256

      eec3f523a932a73b97b200533024d6aa744af4d9e4219bf5759a9b6436764eeb

    • SHA512

      1f2e07db2f2bd02481a8d5a7b8075f7ac6b510655ba0654db16e6c9678863c18fd7153968817d7743c93e02e016491acbeb80fe883fc19eb2d99e1b747771987

    • SSDEEP

      12288:Re9mkj7sOGlngNAA/C22lsWAhNLCUMOn405Fsxc1CMV6R:g7EOGln4tWOHhNLRMt0PoOy

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    • UAC bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Molebox Virtualization software

      Detects file using Molebox Virtualization software.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks whether UAC is enabled

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks