General

  • Target

    81998c70637851f7dca8ebd0a2ba0a20_JaffaCakes118

  • Size

    27KB

  • Sample

    241031-ewy8ra1ncl

  • MD5

    81998c70637851f7dca8ebd0a2ba0a20

  • SHA1

    e0e50aab90ca097fb8fd5c81bb85be1ac18ab97e

  • SHA256

    0996f64c8e7e47f56953c88f19d6e98be883f503cf3ecef018d3946b8a36d8f5

  • SHA512

    2dd51c227cc1ba06e16c1d41f1242771be004bc4a3ac57090f3ca2ce0c2121b56ec42796eec2281e5c5a62635971e4033d193adb128e638a476e740e9a48105b

  • SSDEEP

    384:q+C61+heV99R6WAz7M9ptuEDuflqKcsN6+7AuPP2flfUhWSSl9XgOm:IquPKVCNqL4PG0bmA

Malware Config

Targets

    • Target

      81998c70637851f7dca8ebd0a2ba0a20_JaffaCakes118

    • Size

      27KB

    • MD5

      81998c70637851f7dca8ebd0a2ba0a20

    • SHA1

      e0e50aab90ca097fb8fd5c81bb85be1ac18ab97e

    • SHA256

      0996f64c8e7e47f56953c88f19d6e98be883f503cf3ecef018d3946b8a36d8f5

    • SHA512

      2dd51c227cc1ba06e16c1d41f1242771be004bc4a3ac57090f3ca2ce0c2121b56ec42796eec2281e5c5a62635971e4033d193adb128e638a476e740e9a48105b

    • SSDEEP

      384:q+C61+heV99R6WAz7M9ptuEDuflqKcsN6+7AuPP2flfUhWSSl9XgOm:IquPKVCNqL4PG0bmA

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks