General

  • Target

    fb15ecb4fefb5c02553904d8590395a2_JaffaCakes118

  • Size

    148KB

  • Sample

    240927-3bkrmavdlq

  • MD5

    fb15ecb4fefb5c02553904d8590395a2

  • SHA1

    cfb33face734c27230250c903701ac169580e785

  • SHA256

    f95af3e23bda0620d7191b8fc2e8e5a28d69b1079d1ee2d839b08c11a260b0ae

  • SHA512

    f4ed1996652c7cf5e8f72b24d19a1b73172e384c7063a656fc041c82691e4519e245b43c1c7d617ca46c19c170301dfba06d387477b487538bfc372e9bdb7471

  • SSDEEP

    3072:TiIugaY4CiAeB1NIkSzW7ucOF1HDkYte+rxfgDVrxQDan/:8pnAeVIVaurFpWDV

Malware Config

Targets

    • Target

      fb15ecb4fefb5c02553904d8590395a2_JaffaCakes118

    • Size

      148KB

    • MD5

      fb15ecb4fefb5c02553904d8590395a2

    • SHA1

      cfb33face734c27230250c903701ac169580e785

    • SHA256

      f95af3e23bda0620d7191b8fc2e8e5a28d69b1079d1ee2d839b08c11a260b0ae

    • SHA512

      f4ed1996652c7cf5e8f72b24d19a1b73172e384c7063a656fc041c82691e4519e245b43c1c7d617ca46c19c170301dfba06d387477b487538bfc372e9bdb7471

    • SSDEEP

      3072:TiIugaY4CiAeB1NIkSzW7ucOF1HDkYte+rxfgDVrxQDan/:8pnAeVIVaurFpWDV

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks