General

  • Target

    8115645464a33f8495cba27cfb9f0b53_JaffaCakes118

  • Size

    15KB

  • Sample

    241031-b7tkvsxqgp

  • MD5

    8115645464a33f8495cba27cfb9f0b53

  • SHA1

    d3f479dba848c728aebd5ebb2085902166548b0e

  • SHA256

    0a926d6036f9f1a99ff1320156bf4ada5fe301c4021e1c334c454de0cf85176b

  • SHA512

    efd3028fd761ed97ca0b537995251b0d97e675f00d48631cf8a8be82ffe21e6b9a535fb507ab1a3a80b97d1939a1e135a004fb855a0fe733843f236f3f7758b5

  • SSDEEP

    384:7F/xx/3MweRbMkMFKwtv5+cUJ5WhJyaaMW0y:BPFq7MVnJ8

Malware Config

Targets

    • Target

      8115645464a33f8495cba27cfb9f0b53_JaffaCakes118

    • Size

      15KB

    • MD5

      8115645464a33f8495cba27cfb9f0b53

    • SHA1

      d3f479dba848c728aebd5ebb2085902166548b0e

    • SHA256

      0a926d6036f9f1a99ff1320156bf4ada5fe301c4021e1c334c454de0cf85176b

    • SHA512

      efd3028fd761ed97ca0b537995251b0d97e675f00d48631cf8a8be82ffe21e6b9a535fb507ab1a3a80b97d1939a1e135a004fb855a0fe733843f236f3f7758b5

    • SSDEEP

      384:7F/xx/3MweRbMkMFKwtv5+cUJ5WhJyaaMW0y:BPFq7MVnJ8

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks