General

  • Target

    8203adbdf5c3fb50ef27b7aa46cf44d6_JaffaCakes118

  • Size

    252KB

  • Sample

    240801-2l3vhsvbrd

  • MD5

    8203adbdf5c3fb50ef27b7aa46cf44d6

  • SHA1

    38608cc76c00e046908cd8d35a658fd28568b2c8

  • SHA256

    b1f3b16016bc11788a7a94d89df8a145cbfe9d7110a4f333d7482f817d2db8cf

  • SHA512

    b5504dce532eb331ec500c1e1fdf59c2e38c1e957ff9bd984d7f363d9de75f1125ed2c80ecf2adbb0b65a0e9b4e78234b1e97e8fa3ba7ba41ab986926703b677

  • SSDEEP

    6144:T5QpeUUeSwGUTPcdBMsXS593xRExRYnzCvY:KpeUlCUTPcdBHSfGRdvY

Malware Config

Targets

    • Target

      8203adbdf5c3fb50ef27b7aa46cf44d6_JaffaCakes118

    • Size

      252KB

    • MD5

      8203adbdf5c3fb50ef27b7aa46cf44d6

    • SHA1

      38608cc76c00e046908cd8d35a658fd28568b2c8

    • SHA256

      b1f3b16016bc11788a7a94d89df8a145cbfe9d7110a4f333d7482f817d2db8cf

    • SHA512

      b5504dce532eb331ec500c1e1fdf59c2e38c1e957ff9bd984d7f363d9de75f1125ed2c80ecf2adbb0b65a0e9b4e78234b1e97e8fa3ba7ba41ab986926703b677

    • SSDEEP

      6144:T5QpeUUeSwGUTPcdBMsXS593xRExRYnzCvY:KpeUlCUTPcdBHSfGRdvY

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

    • KPOT Core Executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks