General

  • Target

    8098d4516d67647307db6212942bde3d_JaffaCakes118

  • Size

    1.7MB

  • Sample

    241030-3gbqxavmhm

  • MD5

    8098d4516d67647307db6212942bde3d

  • SHA1

    4a6391977a46f801e514ea3655ec9bfa8c6fbb57

  • SHA256

    31392f94b459c4aded4bc954823b1b0bb15528739cb7ad817544150ac16163a1

  • SHA512

    87ef08f88dfff8d167c91b118d81d9111d0bc7459541e30bddf276d47fed27a90014f8d66254c0f8d10f2222388134cf801fdb968b93578f7a233c8e71db14c7

  • SSDEEP

    49152:Sps/dEu92rc7FK0fuTTe59loMlBct+jf/ptidfM:YK12w7FKLTTQ9lo+pti9M

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://pc-guarrantor-utility.com/favicon.ico?0=103&1=0&2=1&3=85&4=i-s&5=7601&6=6&7=1&8=99600&9=1033&10=0&11=0000

Extracted

Language
hta
Source
URLs
hta.dropper

http://pc-guarrantor-utility.com/favicon.ico?0=103&1=0&2=1&3=85&4=i-s&5=9200&6=6&7=2&8=919041&9=1033&10=0&11=0000

Targets

    • Target

      8098d4516d67647307db6212942bde3d_JaffaCakes118

    • Size

      1.7MB

    • MD5

      8098d4516d67647307db6212942bde3d

    • SHA1

      4a6391977a46f801e514ea3655ec9bfa8c6fbb57

    • SHA256

      31392f94b459c4aded4bc954823b1b0bb15528739cb7ad817544150ac16163a1

    • SHA512

      87ef08f88dfff8d167c91b118d81d9111d0bc7459541e30bddf276d47fed27a90014f8d66254c0f8d10f2222388134cf801fdb968b93578f7a233c8e71db14c7

    • SSDEEP

      49152:Sps/dEu92rc7FK0fuTTe59loMlBct+jf/ptidfM:YK12w7FKLTTQ9lo+pti9M

    • Disables service(s)

    • Modifies WinLogon for persistence

    • Event Triggered Execution: Image File Execution Options Injection

    • Stops running service(s)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

MITRE ATT&CK Enterprise v15

Tasks