General

  • Target

    812723d3e69a8a9543dd2ebeff8a7fa5_JaffaCakes118

  • Size

    237KB

  • Sample

    241031-cm98jsxdql

  • MD5

    812723d3e69a8a9543dd2ebeff8a7fa5

  • SHA1

    52c49fb43ebb5ef733ffe012c392ba8acceee202

  • SHA256

    1ab4bda709b6dec9b2d4df647e0d4372b1aa9a712b65a32fcc33642005d57e08

  • SHA512

    9205f751ecbccb1d62a0236c7ddb4132e797d75a375f9191fd626cb86fde6625bb6bbd0bc00ecc3429ec6e7861b577761745514f4a81a0473066c7a7d7fdbae6

  • SSDEEP

    6144:2bNfTsrH63mizzzT7nn7EqNuaV60k97lUf+Ld:EAe3mizzzTz7Eioh97lFd

Malware Config

Targets

    • Target

      812723d3e69a8a9543dd2ebeff8a7fa5_JaffaCakes118

    • Size

      237KB

    • MD5

      812723d3e69a8a9543dd2ebeff8a7fa5

    • SHA1

      52c49fb43ebb5ef733ffe012c392ba8acceee202

    • SHA256

      1ab4bda709b6dec9b2d4df647e0d4372b1aa9a712b65a32fcc33642005d57e08

    • SHA512

      9205f751ecbccb1d62a0236c7ddb4132e797d75a375f9191fd626cb86fde6625bb6bbd0bc00ecc3429ec6e7861b577761745514f4a81a0473066c7a7d7fdbae6

    • SSDEEP

      6144:2bNfTsrH63mizzzT7nn7EqNuaV60k97lUf+Ld:EAe3mizzzTz7Eioh97lFd

    • Disables service(s)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks