General

  • Target

    7f0d69b4c671c27a34b13c7320b0193e_JaffaCakes118

  • Size

    684KB

  • Sample

    241030-npxk1ssgkn

  • MD5

    7f0d69b4c671c27a34b13c7320b0193e

  • SHA1

    96081b0d9edc6fd66f4bd72f87e65ed19bc1c354

  • SHA256

    1e4362a0ffa2cd28b1fe1a221c0c7e45d285ef4adf1a69c9432ab80e20fa93ed

  • SHA512

    cf19d5372004681ac4dd0c64606d60d622b488e36c190d95ddedd4a63811ca658ad70ffd8e93062e19e23e11513db3b3aba5ebd00dc86bb744f8b2da763af22a

  • SSDEEP

    6144:28eKEGlVcJboOtGY8q75yKC2qJDrNRlpwPBYgZ9fVU93eJwN6QFbSpO4XcA2n4ar:neKr3QboC9qLGKgZKe4HYpHvcbTbn

Malware Config

Targets

    • Target

      7f0d69b4c671c27a34b13c7320b0193e_JaffaCakes118

    • Size

      684KB

    • MD5

      7f0d69b4c671c27a34b13c7320b0193e

    • SHA1

      96081b0d9edc6fd66f4bd72f87e65ed19bc1c354

    • SHA256

      1e4362a0ffa2cd28b1fe1a221c0c7e45d285ef4adf1a69c9432ab80e20fa93ed

    • SHA512

      cf19d5372004681ac4dd0c64606d60d622b488e36c190d95ddedd4a63811ca658ad70ffd8e93062e19e23e11513db3b3aba5ebd00dc86bb744f8b2da763af22a

    • SSDEEP

      6144:28eKEGlVcJboOtGY8q75yKC2qJDrNRlpwPBYgZ9fVU93eJwN6QFbSpO4XcA2n4ar:neKr3QboC9qLGKgZKe4HYpHvcbTbn

    • Modifies WinLogon for persistence

    • UAC bypass

    • Adds policy Run key to start application

    • Disables RegEdit via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Hijack Execution Flow: Executable Installer File Permissions Weakness

      Possible Turn off User Account Control's privilege elevation for standard users.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks