General

  • Target

    70ff5016cfd237faef1b9f7c3f3d6c5b_JaffaCakes118

  • Size

    372KB

  • Sample

    240725-ymvczsvaqc

  • MD5

    70ff5016cfd237faef1b9f7c3f3d6c5b

  • SHA1

    207cea13c545afc5d94fca97fa3c4b3134ba2e2a

  • SHA256

    60b90d95244ff7150826ab96162a32269429ffca7d02ab33306b131db33f2211

  • SHA512

    35e1aa05decacdc41b69c31b2500a6fa02ff0bf38da96162a8cef4869871a35be34a2a50ba1161a2997413c2d4b41f3de3750e38aed9b920912962d66e628487

  • SSDEEP

    3072:QP8fomAU/fGRFKWJ8pypVcfjXOCHXMem1GVMm++53YlFYAFI:QYAxFRynfTOCH8eUMU+RiS

Malware Config

Targets

    • Target

      70ff5016cfd237faef1b9f7c3f3d6c5b_JaffaCakes118

    • Size

      372KB

    • MD5

      70ff5016cfd237faef1b9f7c3f3d6c5b

    • SHA1

      207cea13c545afc5d94fca97fa3c4b3134ba2e2a

    • SHA256

      60b90d95244ff7150826ab96162a32269429ffca7d02ab33306b131db33f2211

    • SHA512

      35e1aa05decacdc41b69c31b2500a6fa02ff0bf38da96162a8cef4869871a35be34a2a50ba1161a2997413c2d4b41f3de3750e38aed9b920912962d66e628487

    • SSDEEP

      3072:QP8fomAU/fGRFKWJ8pypVcfjXOCHXMem1GVMm++53YlFYAFI:QYAxFRynfTOCH8eUMU+RiS

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

    • KPOT Core Executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks