General

  • Target

    810f2ad9d52331a896b57da895d16281_JaffaCakes118

  • Size

    184KB

  • Sample

    241031-b3fhfawgqm

  • MD5

    810f2ad9d52331a896b57da895d16281

  • SHA1

    4c06a227758facf9d2c3f0576ed6ed1b85d4473c

  • SHA256

    77df2e86383a540e1574b10ba94de63eed263722246bd521b298ecc497491d36

  • SHA512

    a793cbefc41ff5f088944c04c9c4004addbe1ff97234c68a9d9179035e9756c6def91dae4db906946226ab2b3dffa427bc4d9cda3b65560529bf4800b700865e

  • SSDEEP

    3072:2S/FUVwWrIQ9E9pwjzmdfEQ79gfzX551B16lFTTTNhUGCuRFujRYORE:JNRcqWj6lkUFujRU

Malware Config

Targets

    • Target

      810f2ad9d52331a896b57da895d16281_JaffaCakes118

    • Size

      184KB

    • MD5

      810f2ad9d52331a896b57da895d16281

    • SHA1

      4c06a227758facf9d2c3f0576ed6ed1b85d4473c

    • SHA256

      77df2e86383a540e1574b10ba94de63eed263722246bd521b298ecc497491d36

    • SHA512

      a793cbefc41ff5f088944c04c9c4004addbe1ff97234c68a9d9179035e9756c6def91dae4db906946226ab2b3dffa427bc4d9cda3b65560529bf4800b700865e

    • SSDEEP

      3072:2S/FUVwWrIQ9E9pwjzmdfEQ79gfzX551B16lFTTTNhUGCuRFujRYORE:JNRcqWj6lkUFujRU

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks