General

  • Target

    80fbd38e5fc7bedb55e4fdcbc3270134_JaffaCakes118

  • Size

    1.2MB

  • Sample

    241031-bjyvnswckh

  • MD5

    80fbd38e5fc7bedb55e4fdcbc3270134

  • SHA1

    0c0d9533c1a0698e2e71839e92be1976bd567be6

  • SHA256

    c9c5673f51113ac6e5fb74a477ff1b8b59e2382da935367facf882d25f64f0fc

  • SHA512

    669a5745d27c16086afd2c53e5818db24d10d144b25984511994ce0e2802d46d4d5a1532a37094a05638d8cbc4a453334876f7bb2d79ed275dfb73d945281619

  • SSDEEP

    24576:UrStFAHYiZgoBDFwQd4Wo71EaXmFFOQPONcTnq:Uqy41MOQd4Wo7unfTnq

Malware Config

Targets

    • Target

      80fbd38e5fc7bedb55e4fdcbc3270134_JaffaCakes118

    • Size

      1.2MB

    • MD5

      80fbd38e5fc7bedb55e4fdcbc3270134

    • SHA1

      0c0d9533c1a0698e2e71839e92be1976bd567be6

    • SHA256

      c9c5673f51113ac6e5fb74a477ff1b8b59e2382da935367facf882d25f64f0fc

    • SHA512

      669a5745d27c16086afd2c53e5818db24d10d144b25984511994ce0e2802d46d4d5a1532a37094a05638d8cbc4a453334876f7bb2d79ed275dfb73d945281619

    • SSDEEP

      24576:UrStFAHYiZgoBDFwQd4Wo71EaXmFFOQPONcTnq:Uqy41MOQd4Wo7unfTnq

    • Server Software Component: Terminal Services DLL

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Deletes itself

    • Loads dropped DLL

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks