General

  • Target

    4bcfffb6ab7941cf4e70855f7c545f60_JaffaCakes118

  • Size

    319KB

  • Sample

    241016-hmmp5sxgpc

  • MD5

    4bcfffb6ab7941cf4e70855f7c545f60

  • SHA1

    1aa54af1ccae9594a812593d4ba122a1a083e37d

  • SHA256

    a3f41b3eb0dd7d19c87a6216a696d716985983d041928f9dabf845a6485d7652

  • SHA512

    b606655c04dbfba10e2646a4c01d3baaf65efa6f56996385cda03b7bfda209596993ea2386e2227fc2f5377f548a1093423bf94d61cf9f6ae0785f1bf0c6b123

  • SSDEEP

    6144:2bNS/TKoh4Aa9M8XqnN7187psDSSB/hdGhGyaQI1dZNXUG6I6MwK3:lhmXy5LL5kAQIvP76K

Malware Config

Targets

    • Target

      4bcfffb6ab7941cf4e70855f7c545f60_JaffaCakes118

    • Size

      319KB

    • MD5

      4bcfffb6ab7941cf4e70855f7c545f60

    • SHA1

      1aa54af1ccae9594a812593d4ba122a1a083e37d

    • SHA256

      a3f41b3eb0dd7d19c87a6216a696d716985983d041928f9dabf845a6485d7652

    • SHA512

      b606655c04dbfba10e2646a4c01d3baaf65efa6f56996385cda03b7bfda209596993ea2386e2227fc2f5377f548a1093423bf94d61cf9f6ae0785f1bf0c6b123

    • SSDEEP

      6144:2bNS/TKoh4Aa9M8XqnN7187psDSSB/hdGhGyaQI1dZNXUG6I6MwK3:lhmXy5LL5kAQIvP76K

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks