General

  • Target

    ac2e6c3ab45d7ec9e42f1a234fe70917_JaffaCakes118

  • Size

    676KB

  • Sample

    240819-xl8zbavall

  • MD5

    ac2e6c3ab45d7ec9e42f1a234fe70917

  • SHA1

    ac5ea6e5716df8d77622a7e1e6a716672fdf2542

  • SHA256

    1c6c929bda49b3a6438019697ab62fed6657997af5faaa351cd1ad8197ac88ba

  • SHA512

    98366dfe672555855354f37c87a441f6a396874743b3902b743c49fe9eaa0e424daac232c188992938c0cc770f3380f70b3e47f336cbfe1fd2106cc5ca45d185

  • SSDEEP

    12288:u94Vcog9PElU7QpmQWBteo44a05rOTWXOGhJuq1YjvFXbhkBHRc3aVDLUVi:XNlJcFRMq2jv8BHBgo

Malware Config

Targets

    • Target

      ac2e6c3ab45d7ec9e42f1a234fe70917_JaffaCakes118

    • Size

      676KB

    • MD5

      ac2e6c3ab45d7ec9e42f1a234fe70917

    • SHA1

      ac5ea6e5716df8d77622a7e1e6a716672fdf2542

    • SHA256

      1c6c929bda49b3a6438019697ab62fed6657997af5faaa351cd1ad8197ac88ba

    • SHA512

      98366dfe672555855354f37c87a441f6a396874743b3902b743c49fe9eaa0e424daac232c188992938c0cc770f3380f70b3e47f336cbfe1fd2106cc5ca45d185

    • SSDEEP

      12288:u94Vcog9PElU7QpmQWBteo44a05rOTWXOGhJuq1YjvFXbhkBHRc3aVDLUVi:XNlJcFRMq2jv8BHBgo

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks