General

  • Target

    a6a262ee141380d8315c484bcd288000_JaffaCakes118

  • Size

    69KB

  • Sample

    240818-nstzassbqf

  • MD5

    a6a262ee141380d8315c484bcd288000

  • SHA1

    731f7a5e6a1bd305f3aa0c26df561a1e30e5fa31

  • SHA256

    2626226d5ecf3af785a9c86516fe7db2b7162e9270f74b2fa36467a1b5e2d507

  • SHA512

    c11c6f20b29049591f6f9340125bd41a1bc054252b3dd466fc61e1ce746cb307c781b8ca25d98d6db837fa67dd21c91d3bcd3d6acdb5dad6f336d29c08953539

  • SSDEEP

    1536:F+wW4ANL/dRJMBiQIS7uKOeBAKoNB/wOtqbKdEiyWrvj7sU3O:LBML/dRJ4pu6mtgm7vsU

Malware Config

Targets

    • Target

      a6a262ee141380d8315c484bcd288000_JaffaCakes118

    • Size

      69KB

    • MD5

      a6a262ee141380d8315c484bcd288000

    • SHA1

      731f7a5e6a1bd305f3aa0c26df561a1e30e5fa31

    • SHA256

      2626226d5ecf3af785a9c86516fe7db2b7162e9270f74b2fa36467a1b5e2d507

    • SHA512

      c11c6f20b29049591f6f9340125bd41a1bc054252b3dd466fc61e1ce746cb307c781b8ca25d98d6db837fa67dd21c91d3bcd3d6acdb5dad6f336d29c08953539

    • SSDEEP

      1536:F+wW4ANL/dRJMBiQIS7uKOeBAKoNB/wOtqbKdEiyWrvj7sU3O:LBML/dRJ4pu6mtgm7vsU

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Modifies file permissions

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks