General

  • Target

    4f112f651b8025db019ae8089a8d591a_JaffaCakes118

  • Size

    253KB

  • Sample

    241016-z399tawhmj

  • MD5

    4f112f651b8025db019ae8089a8d591a

  • SHA1

    17a81f254644dc7cb89739d0789de51bddf7365d

  • SHA256

    f8fcdb7600d274e4bfbcc4cea1a3484b917956f343fd05c5a3488b5d72dbef8e

  • SHA512

    93fae5fd976fdb22c9acf93918e04d7f0eeab0f9476e0d22b432f4e4e0b344f89a5a32cd97998289efac5c8c59b65c9d27d4a8cb322f36962557f023d1fca21c

  • SSDEEP

    6144:4VFNCNrUiyArOqLVA97qxKD/diPo1S11WXTjiBHk95:UN0UOrXZA97PD/dwWKBHk95

Malware Config

Targets

    • Target

      4f112f651b8025db019ae8089a8d591a_JaffaCakes118

    • Size

      253KB

    • MD5

      4f112f651b8025db019ae8089a8d591a

    • SHA1

      17a81f254644dc7cb89739d0789de51bddf7365d

    • SHA256

      f8fcdb7600d274e4bfbcc4cea1a3484b917956f343fd05c5a3488b5d72dbef8e

    • SHA512

      93fae5fd976fdb22c9acf93918e04d7f0eeab0f9476e0d22b432f4e4e0b344f89a5a32cd97998289efac5c8c59b65c9d27d4a8cb322f36962557f023d1fca21c

    • SSDEEP

      6144:4VFNCNrUiyArOqLVA97qxKD/diPo1S11WXTjiBHk95:UN0UOrXZA97PD/dwWKBHk95

    • Suspicious use of NtCreateProcessOtherParentProcess

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • Executes dropped EXE

    • Drops desktop.ini file(s)

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks