General

  • Target

    a3cdde4d17de1505f31cf6df00caf1ad_JaffaCakes118

  • Size

    71KB

  • Sample

    240817-x2jdlavenl

  • MD5

    a3cdde4d17de1505f31cf6df00caf1ad

  • SHA1

    2b39f4bf2a70ca0ca57f280cf07c2c835a3663e6

  • SHA256

    94a2ec7f9b4a6dca1d1c4f33a2c3bcc6d3f667867c37b03e11f3d07ec78e7f90

  • SHA512

    0b7c25e0a3f73aef5bbc369c8f71dbfe5f1f5ec0ad797b5bf53a9034441d7cad6053d3f2b2bfae372cbeaa51016ae7e35ab13d39144087ba7f471f96c63d123a

  • SSDEEP

    768:+Lz1vSXs4nsmGEx8wf0jKaH/crbPMZlHSuJKtmG387GUUQB6WDbi6aefhejSXf0P:+Lzws4mExBqEIHTJKESqni6aicSXRK

Malware Config

Targets

    • Target

      a3cdde4d17de1505f31cf6df00caf1ad_JaffaCakes118

    • Size

      71KB

    • MD5

      a3cdde4d17de1505f31cf6df00caf1ad

    • SHA1

      2b39f4bf2a70ca0ca57f280cf07c2c835a3663e6

    • SHA256

      94a2ec7f9b4a6dca1d1c4f33a2c3bcc6d3f667867c37b03e11f3d07ec78e7f90

    • SHA512

      0b7c25e0a3f73aef5bbc369c8f71dbfe5f1f5ec0ad797b5bf53a9034441d7cad6053d3f2b2bfae372cbeaa51016ae7e35ab13d39144087ba7f471f96c63d123a

    • SSDEEP

      768:+Lz1vSXs4nsmGEx8wf0jKaH/crbPMZlHSuJKtmG387GUUQB6WDbi6aefhejSXf0P:+Lzws4mExBqEIHTJKESqni6aicSXRK

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Disables use of System Restore points

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks