General

  • Target

    765b26ff499c3b38234e584da0c300d0_JaffaCakes118

  • Size

    434KB

  • Sample

    240727-apbrnaxfkb

  • MD5

    765b26ff499c3b38234e584da0c300d0

  • SHA1

    cf98108e1c157466a938184ebe4b1e00eab1c8cf

  • SHA256

    656a9c2d84cb23c55ce263a17908ea8a357edf3c796458912ce11227e75ecd00

  • SHA512

    c6401a308c9a283478a20dab812acea9172e4dc8a719cb32f1e264e864617bb5887bd6b00e36bc85e4acd30b93abc88ad89de1ad309fa7582d18d82ebd48a6f5

  • SSDEEP

    12288:rXPcLcbGfVylwG/ZDCK/ScBXo8TsyMkKMY8m7WOK95OTTsx/SA/WegYfdNbrqnut:rXh6XcBXo8TsL8Y8m4OTTySA/DrfdNbz

Malware Config

Targets

    • Target

      765b26ff499c3b38234e584da0c300d0_JaffaCakes118

    • Size

      434KB

    • MD5

      765b26ff499c3b38234e584da0c300d0

    • SHA1

      cf98108e1c157466a938184ebe4b1e00eab1c8cf

    • SHA256

      656a9c2d84cb23c55ce263a17908ea8a357edf3c796458912ce11227e75ecd00

    • SHA512

      c6401a308c9a283478a20dab812acea9172e4dc8a719cb32f1e264e864617bb5887bd6b00e36bc85e4acd30b93abc88ad89de1ad309fa7582d18d82ebd48a6f5

    • SSDEEP

      12288:rXPcLcbGfVylwG/ZDCK/ScBXo8TsyMkKMY8m7WOK95OTTsx/SA/WegYfdNbrqnut:rXh6XcBXo8TsL8Y8m4OTTySA/DrfdNbz

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

MITRE ATT&CK Enterprise v15

Tasks