General

  • Target

    81c9f59d59f47adb56dcd644fe8ad3c2_JaffaCakes118

  • Size

    834KB

  • Sample

    241031-f6txfssmfk

  • MD5

    81c9f59d59f47adb56dcd644fe8ad3c2

  • SHA1

    b531fd2e38e70b3f0affb73f127cb62a0fc32ca6

  • SHA256

    ec454237d6fe71ad3987df75978e44ae5bc4cb08687358a1f27a4b88c221e9a5

  • SHA512

    c893784f3b08553665470d375647b2a50de9ca3b8bbdba039624589d393772cba4b1ae65710c9f319408edf3301c1e8577503511c26a38ae3ebb814db665a05b

  • SSDEEP

    24576:3L+m21/oacr6VdrPy37WzH0A6u/cwtHbiUxZbciKY2a:bjk/oacSrPy37WzH0A6uUyH3dHKY2a

Malware Config

Targets

    • Target

      81c9f59d59f47adb56dcd644fe8ad3c2_JaffaCakes118

    • Size

      834KB

    • MD5

      81c9f59d59f47adb56dcd644fe8ad3c2

    • SHA1

      b531fd2e38e70b3f0affb73f127cb62a0fc32ca6

    • SHA256

      ec454237d6fe71ad3987df75978e44ae5bc4cb08687358a1f27a4b88c221e9a5

    • SHA512

      c893784f3b08553665470d375647b2a50de9ca3b8bbdba039624589d393772cba4b1ae65710c9f319408edf3301c1e8577503511c26a38ae3ebb814db665a05b

    • SSDEEP

      24576:3L+m21/oacr6VdrPy37WzH0A6u/cwtHbiUxZbciKY2a:bjk/oacSrPy37WzH0A6uUyH3dHKY2a

    • Event Triggered Execution: Image File Execution Options Injection

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks for any installed AV software in registry

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks