General

  • Target

    fad016aa0d9cbb6ef0b77f5e5da882a7_JaffaCakes118

  • Size

    4.5MB

  • Sample

    240927-ylpfcawfrr

  • MD5

    fad016aa0d9cbb6ef0b77f5e5da882a7

  • SHA1

    418db225e6b73bcfbfee39d40c3a53f02dd63d34

  • SHA256

    ce01ee4fb92d1ac77b7838ab603d13d701b747c1077ff892d29451afcfc9af73

  • SHA512

    05821257ea8095177c98197a677d4ade28d8a9553bf0261f2b81d74bcea0e9a874be0e9980d50bc75f0f587cef02816d3c7075f954bf183f151ae918b3c3f651

  • SSDEEP

    49152:bAerQZbd2f88erQZbd2f88erQZbd2f88erQZbd2f88erQZbd2f88erQZbd2f8b:VrQZVrQZVrQZVrQZVrQZVrQZr

Malware Config

Targets

    • Target

      fad016aa0d9cbb6ef0b77f5e5da882a7_JaffaCakes118

    • Size

      4.5MB

    • MD5

      fad016aa0d9cbb6ef0b77f5e5da882a7

    • SHA1

      418db225e6b73bcfbfee39d40c3a53f02dd63d34

    • SHA256

      ce01ee4fb92d1ac77b7838ab603d13d701b747c1077ff892d29451afcfc9af73

    • SHA512

      05821257ea8095177c98197a677d4ade28d8a9553bf0261f2b81d74bcea0e9a874be0e9980d50bc75f0f587cef02816d3c7075f954bf183f151ae918b3c3f651

    • SSDEEP

      49152:bAerQZbd2f88erQZbd2f88erQZbd2f88erQZbd2f88erQZbd2f88erQZbd2f8b:VrQZVrQZVrQZVrQZVrQZVrQZr

    • Disables service(s)

    • Modifies visibility of file extensions in Explorer

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Network Share Discovery

      Attempt to gather information on host network.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks