General

  • Target

    7f2c76f4b48e3e9049e2ca489f3baa65_JaffaCakes118

  • Size

    67KB

  • Sample

    241030-pfgnwa1rhs

  • MD5

    7f2c76f4b48e3e9049e2ca489f3baa65

  • SHA1

    b3af4036f441add13f53bf4a5d423212846eb18f

  • SHA256

    ea2cdc4c471b848f7af7034fe254f4266a6f12760a36071c6382031e77d46409

  • SHA512

    0511b64b766eafed839ff567e5945d2034b336ca9d515072652b9dbcd6e071e0d1d149eb8065a9f20f5a4d899073fe904df87d143f854212bd2687b81e99b10b

  • SSDEEP

    1536:QRy2z1vp1qyTCDoFnjSPpCIKavqmtP0H9qb5E5pjEzktdJKavA:QXzNqyWD6JIKayPMFE55dlKaI

Malware Config

Targets

    • Target

      7f2c76f4b48e3e9049e2ca489f3baa65_JaffaCakes118

    • Size

      67KB

    • MD5

      7f2c76f4b48e3e9049e2ca489f3baa65

    • SHA1

      b3af4036f441add13f53bf4a5d423212846eb18f

    • SHA256

      ea2cdc4c471b848f7af7034fe254f4266a6f12760a36071c6382031e77d46409

    • SHA512

      0511b64b766eafed839ff567e5945d2034b336ca9d515072652b9dbcd6e071e0d1d149eb8065a9f20f5a4d899073fe904df87d143f854212bd2687b81e99b10b

    • SSDEEP

      1536:QRy2z1vp1qyTCDoFnjSPpCIKavqmtP0H9qb5E5pjEzktdJKavA:QXzNqyWD6JIKayPMFE55dlKaI

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      12KB

    • MD5

      99bc22826a0568dce241be3a4ffd0c0d

    • SHA1

      62e4662250abdf10d23a61076fd7cbd00a5c5b6f

    • SHA256

      120e4fac0538b7e7b75934706668063a4e7785d0405dca43fde36d55f6d968de

    • SHA512

      35b016b6e2dc850e5432becd57f35faf73b180c0a6f822a406cf9d5439a87126c41c49aac025cdeecd38bbd01705ddbd8c217cb33134e978ecc9624053b52be9

    • SSDEEP

      384:sKlm7i+c3QW6ckPhyDEaLnr2bbBBIXwZ:5qi8BcyhEhLCbbTI

    Score
    3/10
    • Target

      $PLUGINSDIR/Loader.dll

    • Size

      7KB

    • MD5

      41c12def7cf9671ac96a86a6836957c0

    • SHA1

      b7b7db1228a26aafcc743e28ff7590838fd78bd4

    • SHA256

      6460ed29e01cf60f996ecaded8a0ead33308b03409077a888b8f24169c0b5f36

    • SHA512

      4477dbb20e7431742aaf4c7d109c8163b9e13343ec10922b71a2e735d43d3b755f92b6450dbe4539b3331c05a91fc7874ea11c5d88b28028610545a956640728

    • SSDEEP

      96:mXfjbbbbbbbbb+bbbbbbbbbbjbbbbbbbbbb2jrJAbsdoZbbbbbbbbb7hbbbbbbb+:kj7dcAACWKy+3ioXdKFQ

    Score
    3/10
    • Target

      ecodec.exe

    • Size

      20KB

    • MD5

      6df058fb249b98f4ed608ffa7818550a

    • SHA1

      219ddaf539bd93467ddef612f5abd9617751d994

    • SHA256

      7eece1b441a0cd3c2256ed1d80b75862ac08f4c5b7297dcda97bae8f9eabb70d

    • SHA512

      7317f8dd7025bd8523c3ed17a85e5fc29eff2d197b89c888e79171771972ddf6b81d56f511ebb00c0d44205015afbf74df9a4bccaf0d688ecdc41239a2af1c73

    • SSDEEP

      384:3WKOv936ghsEN7+Vy9+HWhYqsv8b5E4s3Hp4nR8vcNh1StRepq1VaIY:Gh36ghsE/0HWhYx8b5E4iHpsR8Ez1jph

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Target

      uninst.exe

    • Size

      25KB

    • MD5

      12a81aff564d073677d7611eff057d61

    • SHA1

      bc7f03bd50eb94e1e1d500f34be411f22bdf8e31

    • SHA256

      d8026f232db673ca39e1b6c29259154ead3c1168b691ec53ad688e3dacdfb587

    • SHA512

      8b8646374b3b26c3a72d66d9c6ed9ca34f9a468ae2fae715d761ecb928e0a833803ccd590dcecc462581f494d5500fbee0cac1d805755e9a12f8d5cf71bb4a92

    • SSDEEP

      768:ZuRCh2z0adtF28eQPH1NHo9slGMTC41SJKU7vbU:QRy2z1vp1qyTCLJKavA

    Score
    7/10
    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks