General

  • Target

    8c63e0940ad716bc2a82d6f8e034bc07_JaffaCakes118

  • Size

    110KB

  • Sample

    240811-3cm85stfmp

  • MD5

    8c63e0940ad716bc2a82d6f8e034bc07

  • SHA1

    939ce6ddff6f6fc179ca287b5ef538648db656cb

  • SHA256

    de932dfeffdc704b1e945b00c74792130b9c08c347ccfecf86824e7f8669be0d

  • SHA512

    d2d1701e6ad2919272e8dfa71cfc86e7660c6406c8bee3e8d0651ca76f5e75ff4b50b8de1b441a5e4e7dfd98f89a91bfbea8b7cf51a8aa02e9fbc58d337af800

  • SSDEEP

    1536:3zQMWNQtkYj5Yc19lJnS5dByNLcM2qihl9VlCAhHCtRHPq2:36ut+c1XJSHByN4kihl99hit

Malware Config

Targets

    • Target

      8c63e0940ad716bc2a82d6f8e034bc07_JaffaCakes118

    • Size

      110KB

    • MD5

      8c63e0940ad716bc2a82d6f8e034bc07

    • SHA1

      939ce6ddff6f6fc179ca287b5ef538648db656cb

    • SHA256

      de932dfeffdc704b1e945b00c74792130b9c08c347ccfecf86824e7f8669be0d

    • SHA512

      d2d1701e6ad2919272e8dfa71cfc86e7660c6406c8bee3e8d0651ca76f5e75ff4b50b8de1b441a5e4e7dfd98f89a91bfbea8b7cf51a8aa02e9fbc58d337af800

    • SSDEEP

      1536:3zQMWNQtkYj5Yc19lJnS5dByNLcM2qihl9VlCAhHCtRHPq2:36ut+c1XJSHByN4kihl99hit

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Indicator Removal: Clear Windows Event Logs

      Clear Windows Event Logs to hide the activity of an intrusion.

    • Loads dropped DLL

    • Modifies file permissions

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks