General

  • Target

    5197601d3263fce60649415662ad878e_JaffaCakes118

  • Size

    521KB

  • Sample

    241017-lpqflawalp

  • MD5

    5197601d3263fce60649415662ad878e

  • SHA1

    d0ed76a028aac5c25ef35e794a5f46722ed7d9d5

  • SHA256

    1ecac9baae9daf7c7766ff7683570166d3be1031542475546c4db44e850dcafa

  • SHA512

    b3edb5135de6e1321e780cf878801e362134852b2d22ad3ef087e14a20dccd1bf55c1c9ee2cdb6266f70d4ee430d9c14764e778c03209a501b4cbea6fdbb6a68

  • SSDEEP

    12288:ibemqOid95Fl3kg7RVq8Nik6Kf6eeUgJi3HnzdeKnPkxgLOOk:ibRUdD3zXH6JeRgJi3nx5bLbk

Malware Config

Targets

    • Target

      5197601d3263fce60649415662ad878e_JaffaCakes118

    • Size

      521KB

    • MD5

      5197601d3263fce60649415662ad878e

    • SHA1

      d0ed76a028aac5c25ef35e794a5f46722ed7d9d5

    • SHA256

      1ecac9baae9daf7c7766ff7683570166d3be1031542475546c4db44e850dcafa

    • SHA512

      b3edb5135de6e1321e780cf878801e362134852b2d22ad3ef087e14a20dccd1bf55c1c9ee2cdb6266f70d4ee430d9c14764e778c03209a501b4cbea6fdbb6a68

    • SSDEEP

      12288:ibemqOid95Fl3kg7RVq8Nik6Kf6eeUgJi3HnzdeKnPkxgLOOk:ibRUdD3zXH6JeRgJi3nx5bLbk

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $APPDATA/DivX_Installer.exe

    • Size

      123KB

    • MD5

      c5fac72a6adb2183930a3e4ae9918a5f

    • SHA1

      a3a60097d6312bed4fcda4fa6c4ecd86c140da19

    • SHA256

      c27fd98bcf7260783b3b08776a3bbf93576c2e57bf386fa33e02220463496eaf

    • SHA512

      70eb0795169781d0e38d023c46e03c9bf2b121c489720a818a0a49a24582310c799b129bcfe412f6c57dac41f0ba43a3feca51cf81f731651cefa0c6391fa47a

    • SSDEEP

      3072:nUHrWJNaBMYNaZ+TZ8GIeXytUcvj7WNa0x1/oFIQtE:wrWi1TZ3IeMI80ToFIO

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      $PLUGINSDIR/ExecDos.dll

    • Size

      5KB

    • MD5

      a7cd6206240484c8436c66afb12bdfbf

    • SHA1

      0bb3e24a7eb0a9e5a8eae06b1c6e7551a7ec9919

    • SHA256

      69ac56d2fdf3c71b766d3cc49b33b36f1287cc2503310811017467dfcb455926

    • SHA512

      b9ee7803301e50a8ec20ab3f87eb9e509ea24d11a69e90005f30c1666acc4ed0a208bd56e372e2e5c6a6d901d45f04a12427303d74761983593d10b344c79904

    • SSDEEP

      48:6jOBtU/BXN8kUByyy/Aklkcrkyg7Vg5RibGoTCTo0gqVeeaeQqzM5rv774YRljmB:y/DMy4ncrkyg7tbpQFLUEYRxe

    Score
    3/10
    • Target

      $TEMP/7za.exe

    • Size

      523KB

    • MD5

      e92604e043f51c604b6d1ac3bcd3a202

    • SHA1

      4154dda4a1e2a5ed14303dc3d36f448953ff6d33

    • SHA256

      fa252e501332b7486a972e7e471cf6915daa681af35c6aa102213921093eb2a3

    • SHA512

      ef396d94d83fd7a588c6e645ea5fcfe24390440a03b3bf0ecd05ca6749fd3f9561dfafe725ee0edea51a34d52af26cd311e768aa72f75686cc796abee4757d43

    • SSDEEP

      6144:JuVUUjwolg4owroOvHlq1t423ykka8dX+wWAZF5ULT0pny+6BTXQ02kAfpkKu/Ti:JuVUpob/8OvHs3tbP0pvxkep5ZN

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks