General

  • Target

    7fe19433cdad964acda4a19cfb310abf_JaffaCakes118

  • Size

    218KB

  • Sample

    241030-tmtn8sykem

  • MD5

    7fe19433cdad964acda4a19cfb310abf

  • SHA1

    db777e41feb4aa8e2328d0430faff5c7d0012fdd

  • SHA256

    970a91222d6a9220014657ca0e8313fb33e1621c9a9eab8019d224cbdf057e56

  • SHA512

    fdc933bfeeedc4bd605abb01ace9d4728d1fb0e961f1927e29f28fa3bc58a6c832aa89ab1f7f35a4668d25b99bf2bc8ac67b4c2e60a7ca3c9f732ac8ef8f8295

  • SSDEEP

    6144:tTfFDbRnOTrt5J8AuxU0rvjeX+ojqDgls1bsz:D5OsUG6XVWDKs1bY

Malware Config

Targets

    • Target

      7fe19433cdad964acda4a19cfb310abf_JaffaCakes118

    • Size

      218KB

    • MD5

      7fe19433cdad964acda4a19cfb310abf

    • SHA1

      db777e41feb4aa8e2328d0430faff5c7d0012fdd

    • SHA256

      970a91222d6a9220014657ca0e8313fb33e1621c9a9eab8019d224cbdf057e56

    • SHA512

      fdc933bfeeedc4bd605abb01ace9d4728d1fb0e961f1927e29f28fa3bc58a6c832aa89ab1f7f35a4668d25b99bf2bc8ac67b4c2e60a7ca3c9f732ac8ef8f8295

    • SSDEEP

      6144:tTfFDbRnOTrt5J8AuxU0rvjeX+ojqDgls1bsz:D5OsUG6XVWDKs1bY

    • Disables service(s)

    • Drops file in Drivers directory

    • Event Triggered Execution: Image File Execution Options Injection

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks