General

  • Target

    230f66e17bb2888242f14a2403d0c9a6_JaffaCakes118

  • Size

    175KB

  • Sample

    240703-t3139azfjc

  • MD5

    230f66e17bb2888242f14a2403d0c9a6

  • SHA1

    7482a6068d0562b8002bc1827d9b073012d389ba

  • SHA256

    4f071d0dfe0d2e57c44b9157680ef8d17a36323095c212f3fb09faf59d8c91c1

  • SHA512

    1a5b6028890ec40ea2b56840b6d96f724a853e085a5171f14758353f5909626df1459610ffe22565b8de71a28d8bae3b30c01d1c01d145f56997060e8b5c43db

  • SSDEEP

    3072:mFe/oCh46wP4TEx46CG2Q8yIsKAE6tH0rzZcPU7rWIC0IegnEWetqaDtbQK:mFChxwQU4e29yIzAbRQSXSIextqaDtQK

Malware Config

Targets

    • Target

      230f66e17bb2888242f14a2403d0c9a6_JaffaCakes118

    • Size

      175KB

    • MD5

      230f66e17bb2888242f14a2403d0c9a6

    • SHA1

      7482a6068d0562b8002bc1827d9b073012d389ba

    • SHA256

      4f071d0dfe0d2e57c44b9157680ef8d17a36323095c212f3fb09faf59d8c91c1

    • SHA512

      1a5b6028890ec40ea2b56840b6d96f724a853e085a5171f14758353f5909626df1459610ffe22565b8de71a28d8bae3b30c01d1c01d145f56997060e8b5c43db

    • SSDEEP

      3072:mFe/oCh46wP4TEx46CG2Q8yIsKAE6tH0rzZcPU7rWIC0IegnEWetqaDtbQK:mFChxwQU4e29yIzAbRQSXSIextqaDtQK

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Modifies file permissions

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks