General

  • Target

    81cd522bbee329748be2dd219c88cce5_JaffaCakes118

  • Size

    612KB

  • Sample

    241031-f8s3ya1frp

  • MD5

    81cd522bbee329748be2dd219c88cce5

  • SHA1

    1a70ded79eaec230f7810a0eb1dd6ed3f98ffd78

  • SHA256

    19ddc1f60f505a17da34fde25a21e8ea5aa604e0e060be2c13f07cbe155cb464

  • SHA512

    7ab39b101abe81948a99bb302dde9f8b718994dea7a43f297146efc2772049889f06ac9b7d81898c7508b30ef4b788c6b8d486e714cf43910aaa71b07b36da19

  • SSDEEP

    6144:IlXpXQs3kYR7M/yXWvW0/DVmVmYe0F4v5qsLKTbwhi4tVso9YAw5:0hPUYRo/dJ2TT4RjMkhi4zYAw5

Malware Config

Targets

    • Target

      81cd522bbee329748be2dd219c88cce5_JaffaCakes118

    • Size

      612KB

    • MD5

      81cd522bbee329748be2dd219c88cce5

    • SHA1

      1a70ded79eaec230f7810a0eb1dd6ed3f98ffd78

    • SHA256

      19ddc1f60f505a17da34fde25a21e8ea5aa604e0e060be2c13f07cbe155cb464

    • SHA512

      7ab39b101abe81948a99bb302dde9f8b718994dea7a43f297146efc2772049889f06ac9b7d81898c7508b30ef4b788c6b8d486e714cf43910aaa71b07b36da19

    • SSDEEP

      6144:IlXpXQs3kYR7M/yXWvW0/DVmVmYe0F4v5qsLKTbwhi4tVso9YAw5:0hPUYRo/dJ2TT4RjMkhi4zYAw5

    • Blocklisted process makes network request

    • Server Software Component: Terminal Services DLL

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks