General

  • Target

    eea5ed652aa212f33949c394ee2dd50a_JaffaCakes118

  • Size

    2.2MB

  • Sample

    240920-3jynfsthrg

  • MD5

    eea5ed652aa212f33949c394ee2dd50a

  • SHA1

    f618f1b5ad5f4f6a933aec537e0ad6bb4cf20103

  • SHA256

    e8aadef67a24a42540f34ae29da7bb6803e5522a975cd196822be21d39e294e8

  • SHA512

    3d53ba4e983623e591a40d7449a6bab74edfbd8ccc70c4d0b2b884e8bad2c188ac1a2d50d0083a3a4b91c60fa4f524ca3d6391a3af063a84e68f262b658d181f

  • SSDEEP

    49152:YM8NKT/yqCvL/r/R/C/M+V8tgJd8lc4HTh:Ja1P5q0+CgalbV

Malware Config

Targets

    • Target

      eea5ed652aa212f33949c394ee2dd50a_JaffaCakes118

    • Size

      2.2MB

    • MD5

      eea5ed652aa212f33949c394ee2dd50a

    • SHA1

      f618f1b5ad5f4f6a933aec537e0ad6bb4cf20103

    • SHA256

      e8aadef67a24a42540f34ae29da7bb6803e5522a975cd196822be21d39e294e8

    • SHA512

      3d53ba4e983623e591a40d7449a6bab74edfbd8ccc70c4d0b2b884e8bad2c188ac1a2d50d0083a3a4b91c60fa4f524ca3d6391a3af063a84e68f262b658d181f

    • SSDEEP

      49152:YM8NKT/yqCvL/r/R/C/M+V8tgJd8lc4HTh:Ja1P5q0+CgalbV

    • Disables service(s)

    • Modifies visibility of file extensions in Explorer

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Network Share Discovery

      Attempt to gather information on host network.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks