General

  • Target

    76f4f709a5404fa5990635b4d823ac38_JaffaCakes118

  • Size

    342KB

  • Sample

    240727-egdcqsyeld

  • MD5

    76f4f709a5404fa5990635b4d823ac38

  • SHA1

    12b78b2455a0fa04f13658a2b1d23304a7f19a43

  • SHA256

    e08e6780ab0ddc15fe29497d01931eef3d16bc304982a34e923267810396a9ce

  • SHA512

    23068375bf12e8269cf522299a2d777bf965ef5444d8bb0d92961cf2c8a862dd327dce28b89b3bcb4833d58f8262d2beb2e597c9c0232822dffc67b8be99ff00

  • SSDEEP

    6144:WRqmpp+amNOGokzLyM9tsLAitQo6tzOKkzIt8gKyfjxfR9D2j4ykpGAen:mqmpplpGoGL3etQoMiXM8gxf/Sj4ykod

Malware Config

Targets

    • Target

      76f4f709a5404fa5990635b4d823ac38_JaffaCakes118

    • Size

      342KB

    • MD5

      76f4f709a5404fa5990635b4d823ac38

    • SHA1

      12b78b2455a0fa04f13658a2b1d23304a7f19a43

    • SHA256

      e08e6780ab0ddc15fe29497d01931eef3d16bc304982a34e923267810396a9ce

    • SHA512

      23068375bf12e8269cf522299a2d777bf965ef5444d8bb0d92961cf2c8a862dd327dce28b89b3bcb4833d58f8262d2beb2e597c9c0232822dffc67b8be99ff00

    • SSDEEP

      6144:WRqmpp+amNOGokzLyM9tsLAitQo6tzOKkzIt8gKyfjxfR9D2j4ykpGAen:mqmpplpGoGL3etQoMiXM8gxf/Sj4ykod

    • Modifies WinLogon for persistence

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks