General

  • Target

    535602c075feb72277f8f12e6d22828a_JaffaCakes118

  • Size

    55KB

  • Sample

    241017-x8j9gasbkf

  • MD5

    535602c075feb72277f8f12e6d22828a

  • SHA1

    59ab1d8a41c025649ca2483b3b7d45f05a58675f

  • SHA256

    1d66ca9a8637abf28c32887617f7a62eeaa2e2927a019e757cde46e17b4d5e77

  • SHA512

    2639b8d5b309f208f28809b65875d0d36ee396ca596ad9ef214202ada7cb4782455d80405334d218e407bf7314940c8238b02ee400adf200b0e2ceaa7c762140

  • SSDEEP

    768:VtvAxd5nL1i8qVSsDSDxFr1EhWrHWDSDR11EtLsj:VOnL1i5wAQxFrShaWDxsj

Malware Config

Targets

    • Target

      535602c075feb72277f8f12e6d22828a_JaffaCakes118

    • Size

      55KB

    • MD5

      535602c075feb72277f8f12e6d22828a

    • SHA1

      59ab1d8a41c025649ca2483b3b7d45f05a58675f

    • SHA256

      1d66ca9a8637abf28c32887617f7a62eeaa2e2927a019e757cde46e17b4d5e77

    • SHA512

      2639b8d5b309f208f28809b65875d0d36ee396ca596ad9ef214202ada7cb4782455d80405334d218e407bf7314940c8238b02ee400adf200b0e2ceaa7c762140

    • SSDEEP

      768:VtvAxd5nL1i8qVSsDSDxFr1EhWrHWDSDR11EtLsj:VOnL1i5wAQxFrShaWDxsj

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks