General

  • Target

    80bb838872d094469ed63ca4bd0e0449_JaffaCakes118

  • Size

    651KB

  • Sample

    241031-adr99ssrct

  • MD5

    80bb838872d094469ed63ca4bd0e0449

  • SHA1

    435db207b9ba87de8585a81e60a815a848f7bc5a

  • SHA256

    5f68a474dc80344621749989743edc0ca6984699839ac6bf9d4cbeb0c9756337

  • SHA512

    597b13c9b8cadeeaba9ba468c01ab2cff8e4769c95469c799ec5eefb3aa2ed3c7caef3c020fcfecf1d2b1b0702c9f7b91f49a8dc581bbace33494f7f4722c300

  • SSDEEP

    6144:BVTHGZEN1nbhUJtyrgBK5hvjAolCgmL12gez8t77Lbbbwkg:vG81n1UJ0rgYko4gw2atrblg

Malware Config

Targets

    • Target

      80bb838872d094469ed63ca4bd0e0449_JaffaCakes118

    • Size

      651KB

    • MD5

      80bb838872d094469ed63ca4bd0e0449

    • SHA1

      435db207b9ba87de8585a81e60a815a848f7bc5a

    • SHA256

      5f68a474dc80344621749989743edc0ca6984699839ac6bf9d4cbeb0c9756337

    • SHA512

      597b13c9b8cadeeaba9ba468c01ab2cff8e4769c95469c799ec5eefb3aa2ed3c7caef3c020fcfecf1d2b1b0702c9f7b91f49a8dc581bbace33494f7f4722c300

    • SSDEEP

      6144:BVTHGZEN1nbhUJtyrgBK5hvjAolCgmL12gez8t77Lbbbwkg:vG81n1UJ0rgYko4gw2atrblg

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

MITRE ATT&CK Enterprise v15

Tasks