General

  • Target

    7ffacceea6723097d78ae603b655833e_JaffaCakes118

  • Size

    2.2MB

  • Sample

    241030-t671zaxgll

  • MD5

    7ffacceea6723097d78ae603b655833e

  • SHA1

    973e33b3f256ccb40e58630e70cf3d28015aafc4

  • SHA256

    fbb9e850a5cfc3a859b1c26c8addbe01bb03b88b42e7c059cf22ea0ccb230805

  • SHA512

    5977ec9e18f5941d21427a81f1297dc65b1305f54dfd3e35041b275a22c29c4e70c909f2a4d309b62d3a1002864a33882480ee72b36ac68631f0bdba3d49f0ee

  • SSDEEP

    49152:EMbOq1K4d2IPYiiqowvq00p7PiKXTN0pwa0sj8m:oq1K/IrwzXypwa0sIm

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://softscoreinc.com/soft-usage/favicon.ico?0=1200&1=NNYJZAHP&2=i-s&3=60&4=7601&5=6&6=1&7=99600&8=1033

Extracted

Language
hta
Source
URLs
hta.dropper

http://softscoreinc.com/soft-usage/favicon.ico?0=1200&1=GLZCSNLK&2=i-s&3=60&4=9200&5=6&6=2&7=919041&8=1033

Targets

    • Target

      7ffacceea6723097d78ae603b655833e_JaffaCakes118

    • Size

      2.2MB

    • MD5

      7ffacceea6723097d78ae603b655833e

    • SHA1

      973e33b3f256ccb40e58630e70cf3d28015aafc4

    • SHA256

      fbb9e850a5cfc3a859b1c26c8addbe01bb03b88b42e7c059cf22ea0ccb230805

    • SHA512

      5977ec9e18f5941d21427a81f1297dc65b1305f54dfd3e35041b275a22c29c4e70c909f2a4d309b62d3a1002864a33882480ee72b36ac68631f0bdba3d49f0ee

    • SSDEEP

      49152:EMbOq1K4d2IPYiiqowvq00p7PiKXTN0pwa0sj8m:oq1K/IrwzXypwa0sIm

    • Disables service(s)

    • Modifies WinLogon for persistence

    • UAC bypass

    • Event Triggered Execution: Image File Execution Options Injection

    • Stops running service(s)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

MITRE ATT&CK Enterprise v15

Tasks