General

  • Target

    810132d096e4a90fffdcbec370fb4954_JaffaCakes118

  • Size

    114KB

  • Sample

    241031-bs29fsxmbr

  • MD5

    810132d096e4a90fffdcbec370fb4954

  • SHA1

    43eb66678e036d09b18c0388331bc6e5c3815d22

  • SHA256

    4d94cfc56febc282da0ed34cacc64284940e0c82c33843a93d7949b056106587

  • SHA512

    25e1bd903ec9651fe233678c6de27c6d02621f89850e7742125be1f8f43fc0311d12df4177a52f9366bdfab2345f8cfbaa74caed4118bee45b3f5939e1ab7836

  • SSDEEP

    1536:8EGqhhCwfeZO/ZBLwjinTIHA70tphBp9jZiBvElEp3GWtbpVeDrmIv0eY2Fy8z:3GqmzORYiTkA6TBHjZiVZ5pKzL/Y8z

Malware Config

Targets

    • Target

      810132d096e4a90fffdcbec370fb4954_JaffaCakes118

    • Size

      114KB

    • MD5

      810132d096e4a90fffdcbec370fb4954

    • SHA1

      43eb66678e036d09b18c0388331bc6e5c3815d22

    • SHA256

      4d94cfc56febc282da0ed34cacc64284940e0c82c33843a93d7949b056106587

    • SHA512

      25e1bd903ec9651fe233678c6de27c6d02621f89850e7742125be1f8f43fc0311d12df4177a52f9366bdfab2345f8cfbaa74caed4118bee45b3f5939e1ab7836

    • SSDEEP

      1536:8EGqhhCwfeZO/ZBLwjinTIHA70tphBp9jZiBvElEp3GWtbpVeDrmIv0eY2Fy8z:3GqmzORYiTkA6TBHjZiVZ5pKzL/Y8z

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks