General

  • Target

    819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118

  • Size

    136KB

  • Sample

    241031-eztgnsykgv

  • MD5

    819de36e469867c9d6c6fdf84bcd9a9d

  • SHA1

    8b61fe4d039453cb6f6ed9e116176b7a3a41f340

  • SHA256

    debc992881ed63f6c7fcb5c39e7cb69c26ec9735c4a9bb6febbfe8c9d0d818d5

  • SHA512

    420b375ee4c1d1eda4c7b77b7999fe0a2d88920bf7d0b0b1d958f21593319424233f7b17f0d3e9e4f6ef26213e1febd9e7860d3f04b5cbb6100fde90da5a0c0b

  • SSDEEP

    1536:S4+aEpOwd/VxDy/5X2++jCx3kdjKsPGR7ehp3vmLvsZIZwTcNhLx8bZJLtgm8iuA:obpDCw1p3vmLvsZIaVwiwDcD

Malware Config

Targets

    • Target

      819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118

    • Size

      136KB

    • MD5

      819de36e469867c9d6c6fdf84bcd9a9d

    • SHA1

      8b61fe4d039453cb6f6ed9e116176b7a3a41f340

    • SHA256

      debc992881ed63f6c7fcb5c39e7cb69c26ec9735c4a9bb6febbfe8c9d0d818d5

    • SHA512

      420b375ee4c1d1eda4c7b77b7999fe0a2d88920bf7d0b0b1d958f21593319424233f7b17f0d3e9e4f6ef26213e1febd9e7860d3f04b5cbb6100fde90da5a0c0b

    • SSDEEP

      1536:S4+aEpOwd/VxDy/5X2++jCx3kdjKsPGR7ehp3vmLvsZIZwTcNhLx8bZJLtgm8iuA:obpDCw1p3vmLvsZIaVwiwDcD

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Adds policy Run key to start application

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks