General

  • Target

    ad4748d01ef07b43d3f2cb3add9da911_JaffaCakes118

  • Size

    144KB

  • Sample

    240820-a9na7ayhmp

  • MD5

    ad4748d01ef07b43d3f2cb3add9da911

  • SHA1

    e1ae4f4512d6b98c81d18d7cdf9a24dbc6d0ef0d

  • SHA256

    b4ed4637cccd997870068114c3c7d1d1cd49625620e9880a8161555b00ba2e2a

  • SHA512

    e3c10bbd7a0adcc5f58d5c286de2f49713792bae1b2269c8ac308795d5c78c54de912a3f3cd0f8965dd41f311ac8c04d3e8442e0554cc8bfbcf5450b8d0d433f

  • SSDEEP

    3072:MrMUqcZLEHGtzbPTHfEfXRp79MPcSI9SFcZtAbmy+nIdIe/:Mr1HEHwPPEhMPcSI9SFfll

Malware Config

Targets

    • Target

      ad4748d01ef07b43d3f2cb3add9da911_JaffaCakes118

    • Size

      144KB

    • MD5

      ad4748d01ef07b43d3f2cb3add9da911

    • SHA1

      e1ae4f4512d6b98c81d18d7cdf9a24dbc6d0ef0d

    • SHA256

      b4ed4637cccd997870068114c3c7d1d1cd49625620e9880a8161555b00ba2e2a

    • SHA512

      e3c10bbd7a0adcc5f58d5c286de2f49713792bae1b2269c8ac308795d5c78c54de912a3f3cd0f8965dd41f311ac8c04d3e8442e0554cc8bfbcf5450b8d0d433f

    • SSDEEP

      3072:MrMUqcZLEHGtzbPTHfEfXRp79MPcSI9SFcZtAbmy+nIdIe/:Mr1HEHwPPEhMPcSI9SFfll

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Adds Run key to start application

    • Network Share Discovery

      Attempt to gather information on host network.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks