General

  • Target

    41e7175769ab30df875f18b02dbd924e_JaffaCakes118

  • Size

    6.4MB

  • Sample

    240713-qx1czssgqm

  • MD5

    41e7175769ab30df875f18b02dbd924e

  • SHA1

    f91f2a0dfd930185da1c4eb3315ae98fbe57544a

  • SHA256

    576dd1ea138513792f81516efc7d1713ecb55dc16d530d2ee461bb41f7fd793a

  • SHA512

    d09760e83a331e30bf41f3794a4219ced4151773df380386074f8e1da5d4a7afaa3f8d2807485b704ceeb97afc3531ff8d824cc9a2b92bf60ea62b8b51543afc

  • SSDEEP

    196608:i7effIPEsy58doQaTzwZ8Jq3ELhf8cHpLG8doQpu8rVtxQuTwF8doQaoizl/sJEq:i7effIPEsy58doQaTzwZ8Jq3ELhf8cHF

Malware Config

Targets

    • Target

      41e7175769ab30df875f18b02dbd924e_JaffaCakes118

    • Size

      6.4MB

    • MD5

      41e7175769ab30df875f18b02dbd924e

    • SHA1

      f91f2a0dfd930185da1c4eb3315ae98fbe57544a

    • SHA256

      576dd1ea138513792f81516efc7d1713ecb55dc16d530d2ee461bb41f7fd793a

    • SHA512

      d09760e83a331e30bf41f3794a4219ced4151773df380386074f8e1da5d4a7afaa3f8d2807485b704ceeb97afc3531ff8d824cc9a2b92bf60ea62b8b51543afc

    • SSDEEP

      196608:i7effIPEsy58doQaTzwZ8Jq3ELhf8cHpLG8doQpu8rVtxQuTwF8doQaoizl/sJEq:i7effIPEsy58doQaTzwZ8Jq3ELhf8cHF

    • Modifies WinLogon for persistence

    • Drops file in Drivers directory

    • Sets service image path in registry

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks