General

  • Target

    4b55573076f0b1e6287a1067d471bea9_JaffaCakes118

  • Size

    272KB

  • Sample

    241016-eptppasalf

  • MD5

    4b55573076f0b1e6287a1067d471bea9

  • SHA1

    3f603d6b8cd9a685794f8c052d0c8ffee54e5c19

  • SHA256

    e299df6b42c78a677d6badf54a009e46a0f544e677ba30210449bac1190aa13d

  • SHA512

    8e3d975145e36be3e8e0316d4330806c56c3b7dc90bb259417dee70556e1d0ea95c6e57e3050c3b619e3c4481df84bc4a2096a8dbc74091824536d44ff651ef0

  • SSDEEP

    6144:qovD4aUeckJjPEvyVEowgHzUeKNbTeoQQQR:XDwWjMvC9wguyoQQQR

Malware Config

Targets

    • Target

      4b55573076f0b1e6287a1067d471bea9_JaffaCakes118

    • Size

      272KB

    • MD5

      4b55573076f0b1e6287a1067d471bea9

    • SHA1

      3f603d6b8cd9a685794f8c052d0c8ffee54e5c19

    • SHA256

      e299df6b42c78a677d6badf54a009e46a0f544e677ba30210449bac1190aa13d

    • SHA512

      8e3d975145e36be3e8e0316d4330806c56c3b7dc90bb259417dee70556e1d0ea95c6e57e3050c3b619e3c4481df84bc4a2096a8dbc74091824536d44ff651ef0

    • SSDEEP

      6144:qovD4aUeckJjPEvyVEowgHzUeKNbTeoQQQR:XDwWjMvC9wguyoQQQR

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks