General

  • Target

    7fdfd869a4e13c31fca9496f08c9df04_JaffaCakes118

  • Size

    24KB

  • Sample

    241030-tlr41sxaqb

  • MD5

    7fdfd869a4e13c31fca9496f08c9df04

  • SHA1

    e540edb3f9b4810bfa76315f10e76bfc09769e68

  • SHA256

    a99a3307ab705f6f500e60ce31c82a0b6dbf0f0f7a95d7697b3d262e0246b88f

  • SHA512

    5ea5ef51078a37b2156eabb5dcaf51e60bbd2c0d2de9bc32281cb1899a5e53eb655d5124098f3894b75316f323c47ac03d6dc3a8f460ac2f8212c7a99bc9cc46

  • SSDEEP

    384:8zz+B1xqgK5tEDWqw/6iHONTUZljgEchyBtR2joHgHQl6nsJaem6:8zeER5tEDzDYf5YoAwwxe9

Malware Config

Targets

    • Target

      7fdfd869a4e13c31fca9496f08c9df04_JaffaCakes118

    • Size

      24KB

    • MD5

      7fdfd869a4e13c31fca9496f08c9df04

    • SHA1

      e540edb3f9b4810bfa76315f10e76bfc09769e68

    • SHA256

      a99a3307ab705f6f500e60ce31c82a0b6dbf0f0f7a95d7697b3d262e0246b88f

    • SHA512

      5ea5ef51078a37b2156eabb5dcaf51e60bbd2c0d2de9bc32281cb1899a5e53eb655d5124098f3894b75316f323c47ac03d6dc3a8f460ac2f8212c7a99bc9cc46

    • SSDEEP

      384:8zz+B1xqgK5tEDWqw/6iHONTUZljgEchyBtR2joHgHQl6nsJaem6:8zeER5tEDzDYf5YoAwwxe9

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks