General

  • Target

    2a0acf5932cc1ff1c1d52be21fbc7184_JaffaCakes118

  • Size

    533KB

  • Sample

    240707-2pxgxascpd

  • MD5

    2a0acf5932cc1ff1c1d52be21fbc7184

  • SHA1

    92962756ded4eefaef1afd7ee0871e4472a09c5f

  • SHA256

    ea68ac94f7e6b26e48414341681247aa49e75b5cc678b18a2060ebf992d4fbb2

  • SHA512

    cede240b560a08c4e2a8c60adba648cd8619317c8a9a67cc9b883db7b6cff3321dc7e25a36f0da63da76c6fd179b67f75337adef8c0f4806ba0981614a97e705

  • SSDEEP

    6144:GWZfec9EbXDk6RkQKf/UOPSe570Szp3Znmy+g4IE2Ernmy+g46nmy+g4H:3ZWtI6RkaOB06arV2

Malware Config

Targets

    • Target

      2a0acf5932cc1ff1c1d52be21fbc7184_JaffaCakes118

    • Size

      533KB

    • MD5

      2a0acf5932cc1ff1c1d52be21fbc7184

    • SHA1

      92962756ded4eefaef1afd7ee0871e4472a09c5f

    • SHA256

      ea68ac94f7e6b26e48414341681247aa49e75b5cc678b18a2060ebf992d4fbb2

    • SHA512

      cede240b560a08c4e2a8c60adba648cd8619317c8a9a67cc9b883db7b6cff3321dc7e25a36f0da63da76c6fd179b67f75337adef8c0f4806ba0981614a97e705

    • SSDEEP

      6144:GWZfec9EbXDk6RkQKf/UOPSe570Szp3Znmy+g4IE2Ernmy+g46nmy+g4H:3ZWtI6RkaOB06arV2

    • Disables service(s)

    • Modifies visibility of file extensions in Explorer

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks