General

  • Target

    f70ddc97b207adabe689119ffdb417fb_JaffaCakes118

  • Size

    606KB

  • Sample

    240925-3awgqswgjg

  • MD5

    f70ddc97b207adabe689119ffdb417fb

  • SHA1

    ab4eb75749181630430d5b8ef89561c960b2845b

  • SHA256

    80c67c07d6633052260435fa5e44b50d4f72c6cc174c5fdbcc75c88e01506788

  • SHA512

    8d56f94912ec9a839737c3cf43c50d4b9baa434c7b8d4812a2390c19473fd6be0d3ce234f7d7de8b1152e93678647200ca91c27a3c472926da8b5212db0bdf1b

  • SSDEEP

    12288:1GP7WUtpdOy2R+9zR2yXuhcW3PtPgRWkFouZRLBKf1zg2/nBL:1GXtPB9NhXuWYtPrkFLBcU8BL

Malware Config

Targets

    • Target

      f70ddc97b207adabe689119ffdb417fb_JaffaCakes118

    • Size

      606KB

    • MD5

      f70ddc97b207adabe689119ffdb417fb

    • SHA1

      ab4eb75749181630430d5b8ef89561c960b2845b

    • SHA256

      80c67c07d6633052260435fa5e44b50d4f72c6cc174c5fdbcc75c88e01506788

    • SHA512

      8d56f94912ec9a839737c3cf43c50d4b9baa434c7b8d4812a2390c19473fd6be0d3ce234f7d7de8b1152e93678647200ca91c27a3c472926da8b5212db0bdf1b

    • SSDEEP

      12288:1GP7WUtpdOy2R+9zR2yXuhcW3PtPgRWkFouZRLBKf1zg2/nBL:1GXtPB9NhXuWYtPrkFLBcU8BL

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks