General

  • Target

    4e8ff72edb9650dc1227c2b1f01ad378_JaffaCakes118

  • Size

    221KB

  • Sample

    241016-xye7rs1dlk

  • MD5

    4e8ff72edb9650dc1227c2b1f01ad378

  • SHA1

    336c75beb424e2ad8a4a9fdfc1c960fed689bd07

  • SHA256

    c0e9231c3510c9fd32c3da3fdcc9d779f13bf3946eb363440655aeff1914e018

  • SHA512

    ce6d1baaac6dc9bdd4f79a637a3f655af934db275e34439884794c2ff01f6c9f07d5ad2d8c9c076cec4bfe43ff012cafe5209d27015795fcbab4012d875a0a54

  • SSDEEP

    6144:2bN7CFa7xa/2AG9V4JGePqLJwvRZZyhJGppShdSM1/:fkMckJI4RqhLdSe

Malware Config

Targets

    • Target

      4e8ff72edb9650dc1227c2b1f01ad378_JaffaCakes118

    • Size

      221KB

    • MD5

      4e8ff72edb9650dc1227c2b1f01ad378

    • SHA1

      336c75beb424e2ad8a4a9fdfc1c960fed689bd07

    • SHA256

      c0e9231c3510c9fd32c3da3fdcc9d779f13bf3946eb363440655aeff1914e018

    • SHA512

      ce6d1baaac6dc9bdd4f79a637a3f655af934db275e34439884794c2ff01f6c9f07d5ad2d8c9c076cec4bfe43ff012cafe5209d27015795fcbab4012d875a0a54

    • SSDEEP

      6144:2bN7CFa7xa/2AG9V4JGePqLJwvRZZyhJGppShdSM1/:fkMckJI4RqhLdSe

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks