General

  • Target

    259dfb462faa4f73ee20437a8f596c8c_JaffaCakes118

  • Size

    1.4MB

  • Sample

    240704-vmpkyszdrl

  • MD5

    259dfb462faa4f73ee20437a8f596c8c

  • SHA1

    56c476669c89145bd18a377e51d25da357c15b2f

  • SHA256

    7d9a8bf9d51048f8f88cc61c7cf40425a498e010abb6b2ef5a7df1c1a33489b4

  • SHA512

    e60a7e3a566c8ea3e7452d723408f5fd63c0e41fc19d9cf4e0d5195b0a43fd90fdd371f59022b9eda4e590f9550f3e3ca60ac9fb65f934c891e73fb77b4580a6

  • SSDEEP

    24576:m/NpLoG5kTuwNZTe9R7RG1qwYwI4qzTzGPJeKx04YoHKlOxU4nM:mjLohCYZTsZ4hqz/7CwOi1

Malware Config

Targets

    • Target

      259dfb462faa4f73ee20437a8f596c8c_JaffaCakes118

    • Size

      1.4MB

    • MD5

      259dfb462faa4f73ee20437a8f596c8c

    • SHA1

      56c476669c89145bd18a377e51d25da357c15b2f

    • SHA256

      7d9a8bf9d51048f8f88cc61c7cf40425a498e010abb6b2ef5a7df1c1a33489b4

    • SHA512

      e60a7e3a566c8ea3e7452d723408f5fd63c0e41fc19d9cf4e0d5195b0a43fd90fdd371f59022b9eda4e590f9550f3e3ca60ac9fb65f934c891e73fb77b4580a6

    • SSDEEP

      24576:m/NpLoG5kTuwNZTe9R7RG1qwYwI4qzTzGPJeKx04YoHKlOxU4nM:mjLohCYZTsZ4hqz/7CwOi1

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks