General

  • Target

    b180ffd148c3d8ebbc924a32bea56398_JaffaCakes118

  • Size

    2.3MB

  • Sample

    240821-a1vzns1glg

  • MD5

    b180ffd148c3d8ebbc924a32bea56398

  • SHA1

    8b2944c0ed842efb3fb58c165686e6497f3ba3ab

  • SHA256

    d9f2751935d8b9da7b37279d44ed904c0e8509591e5b9ebf1a9d95e5ec4dc231

  • SHA512

    17bedf37fc1d1be54154275e20965e4a0b06b179cdedf0ca668a73306c2ad1c2f995f8feb3ce7b5d921ee2df62a7b09978fcd863d127f6794af7114df411aa91

  • SSDEEP

    24576:3uhafOA2eZJ8NI8NahcqmTWQ5qmTOrTxfAhrTxFrTxprTxJeZG8:YC8NKcqCWaqCO/eh/T/f/PR8

Malware Config

Targets

    • Target

      b180ffd148c3d8ebbc924a32bea56398_JaffaCakes118

    • Size

      2.3MB

    • MD5

      b180ffd148c3d8ebbc924a32bea56398

    • SHA1

      8b2944c0ed842efb3fb58c165686e6497f3ba3ab

    • SHA256

      d9f2751935d8b9da7b37279d44ed904c0e8509591e5b9ebf1a9d95e5ec4dc231

    • SHA512

      17bedf37fc1d1be54154275e20965e4a0b06b179cdedf0ca668a73306c2ad1c2f995f8feb3ce7b5d921ee2df62a7b09978fcd863d127f6794af7114df411aa91

    • SSDEEP

      24576:3uhafOA2eZJ8NI8NahcqmTWQ5qmTOrTxfAhrTxFrTxprTxJeZG8:YC8NKcqCWaqCO/eh/T/f/PR8

    • Disables service(s)

    • Modifies visibility of file extensions in Explorer

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Network Share Discovery

      Attempt to gather information on host network.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks