General

  • Target

    81861135130728182dab859ffa4b1e95_JaffaCakes118

  • Size

    273KB

  • Sample

    241031-edgwrayhpd

  • MD5

    81861135130728182dab859ffa4b1e95

  • SHA1

    f81373c5723d06b2fec5b04b30801b3f91a58521

  • SHA256

    898802b891c014aa807baf5b9bf85b0a7d2804b610155f7c504d19f4b3486fed

  • SHA512

    ce9c2d6801933bae087f8fe872c78cef349be4e77b8b6838c4fbc89bafa7218dcd5927d98c0087941078e45415463cbf982412db0a7eeddf4ae8ec061374852d

  • SSDEEP

    6144:lvI8cw5R6NtoK0zat8GzwzkIXfYnPYsNJ1:lQ8H5RISK0qjIQnAyP

Malware Config

Targets

    • Target

      81861135130728182dab859ffa4b1e95_JaffaCakes118

    • Size

      273KB

    • MD5

      81861135130728182dab859ffa4b1e95

    • SHA1

      f81373c5723d06b2fec5b04b30801b3f91a58521

    • SHA256

      898802b891c014aa807baf5b9bf85b0a7d2804b610155f7c504d19f4b3486fed

    • SHA512

      ce9c2d6801933bae087f8fe872c78cef349be4e77b8b6838c4fbc89bafa7218dcd5927d98c0087941078e45415463cbf982412db0a7eeddf4ae8ec061374852d

    • SSDEEP

      6144:lvI8cw5R6NtoK0zat8GzwzkIXfYnPYsNJ1:lQ8H5RISK0qjIQnAyP

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Modifies system executable filetype association

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks