General

  • Target

    251a5361efa82fb66e0832cc2de63b93_JaffaCakes118

  • Size

    252KB

  • Sample

    240704-h73bbszhjn

  • MD5

    251a5361efa82fb66e0832cc2de63b93

  • SHA1

    09370cb36d81aee218315907919e409eefe89276

  • SHA256

    ddede45fed794245404011c5aa87767da4f921ae933039a2e98cf3ffc1d24dc0

  • SHA512

    fa5594cc534a34e40e58691af19425fa8c6f92dbd3a4c8c0e5b497cf2d6b13106d7eb204fc3dbe43acb6833027bef5297edcbd5dfc0e62300c784c770f469544

  • SSDEEP

    6144:emYFCN2tM+4pQ42Xmndb/vS0rKlCOESRzMCZf:eaAMlwWnFvSpESN

Malware Config

Targets

    • Target

      251a5361efa82fb66e0832cc2de63b93_JaffaCakes118

    • Size

      252KB

    • MD5

      251a5361efa82fb66e0832cc2de63b93

    • SHA1

      09370cb36d81aee218315907919e409eefe89276

    • SHA256

      ddede45fed794245404011c5aa87767da4f921ae933039a2e98cf3ffc1d24dc0

    • SHA512

      fa5594cc534a34e40e58691af19425fa8c6f92dbd3a4c8c0e5b497cf2d6b13106d7eb204fc3dbe43acb6833027bef5297edcbd5dfc0e62300c784c770f469544

    • SSDEEP

      6144:emYFCN2tM+4pQ42Xmndb/vS0rKlCOESRzMCZf:eaAMlwWnFvSpESN

    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks