General

  • Target

    7fdff83318fc6fc7ef71524c6ec6c969_JaffaCakes118

  • Size

    613KB

  • Sample

    241030-tlya2awjfs

  • MD5

    7fdff83318fc6fc7ef71524c6ec6c969

  • SHA1

    401434dd5af3a20aa9c55d69e431efc2865ffe15

  • SHA256

    078a2359b85425b4a11ab69ade83903e7e33611dd5014d2fe943348c46c87ff8

  • SHA512

    d70fcff66dabc625f81626284662643b903a34fc99f2d41d31128915e0cb6eefe1ae2dee40611c41e004500b5cb3d544adc9c263bf3ecbc65bfc9d053933a5e4

  • SSDEEP

    1536:Y44SJs5DY6oDAFfdCm3BGwV6bPkxnbNnhd5bsqk6XmChI6HpwKAK:Y41JGY6oUFfdCm1ASJhPNFmF2WK

Malware Config

Targets

    • Target

      7fdff83318fc6fc7ef71524c6ec6c969_JaffaCakes118

    • Size

      613KB

    • MD5

      7fdff83318fc6fc7ef71524c6ec6c969

    • SHA1

      401434dd5af3a20aa9c55d69e431efc2865ffe15

    • SHA256

      078a2359b85425b4a11ab69ade83903e7e33611dd5014d2fe943348c46c87ff8

    • SHA512

      d70fcff66dabc625f81626284662643b903a34fc99f2d41d31128915e0cb6eefe1ae2dee40611c41e004500b5cb3d544adc9c263bf3ecbc65bfc9d053933a5e4

    • SSDEEP

      1536:Y44SJs5DY6oDAFfdCm3BGwV6bPkxnbNnhd5bsqk6XmChI6HpwKAK:Y41JGY6oUFfdCm1ASJhPNFmF2WK

    • Modifies firewall policy service

    • Modifies security service

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Drops file in Drivers directory

    • Event Triggered Execution: Image File Execution Options Injection

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks