General

  • Target

    f61a0991e1a2591c39629f8f51954079_JaffaCakes118

  • Size

    476KB

  • Sample

    240925-qlb61sxdpm

  • MD5

    f61a0991e1a2591c39629f8f51954079

  • SHA1

    2081e35f0cdd2411bb7c53b7833e1eb21221bec3

  • SHA256

    dd80ea0d7cab57580251088c44c6fe5759ef696eb1577f8fd21cd9310b5afa1c

  • SHA512

    bac1e6e1621811410d17c915fa92500b6d7926fea95fa4c5db54dbe0dfe743da38851cafbc900b4d51d5cf9ce864ab012f74f7caf055c8876f88a151e16917d1

  • SSDEEP

    12288:M3nZMhJ+ubNZ7dCtvFjwdr3F9FWuxU+PSkJBYDIl+OqJ+hOye:M3nZqfbxCtvyx3FvWoUiJOIHVh+

Malware Config

Targets

    • Target

      f61a0991e1a2591c39629f8f51954079_JaffaCakes118

    • Size

      476KB

    • MD5

      f61a0991e1a2591c39629f8f51954079

    • SHA1

      2081e35f0cdd2411bb7c53b7833e1eb21221bec3

    • SHA256

      dd80ea0d7cab57580251088c44c6fe5759ef696eb1577f8fd21cd9310b5afa1c

    • SHA512

      bac1e6e1621811410d17c915fa92500b6d7926fea95fa4c5db54dbe0dfe743da38851cafbc900b4d51d5cf9ce864ab012f74f7caf055c8876f88a151e16917d1

    • SSDEEP

      12288:M3nZMhJ+ubNZ7dCtvFjwdr3F9FWuxU+PSkJBYDIl+OqJ+hOye:M3nZqfbxCtvyx3FvWoUiJOIHVh+

    • NanoCore

      NanoCore is a remote access tool (RAT) with a variety of capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks