General

  • Target

    820e0a71982219ca6ec7d31e79104726_JaffaCakes118

  • Size

    868KB

  • Sample

    241031-hb6nwatndp

  • MD5

    820e0a71982219ca6ec7d31e79104726

  • SHA1

    3fc78fae6a173e288a416807af9789e8729b7502

  • SHA256

    a7d7ba028a6515e77a978c95ced7e33f5586629aa0ce72e199584fd40a693621

  • SHA512

    fd632d63a163a1a0b2b5d3bcd7cd80179914166eb35b20c440a5cbc66c7e0dfc37468ce7547f227c5ef9df85da4867ece0dab3528e6b122c1a136707ddd2bd1d

  • SSDEEP

    24576:53qesv3PYDgBV0vjJmmR7sdOpJMeeXCD7bMHAIov6:53Wv3PYDk+jJmmRiOpJdDfIn

Malware Config

Targets

    • Target

      820e0a71982219ca6ec7d31e79104726_JaffaCakes118

    • Size

      868KB

    • MD5

      820e0a71982219ca6ec7d31e79104726

    • SHA1

      3fc78fae6a173e288a416807af9789e8729b7502

    • SHA256

      a7d7ba028a6515e77a978c95ced7e33f5586629aa0ce72e199584fd40a693621

    • SHA512

      fd632d63a163a1a0b2b5d3bcd7cd80179914166eb35b20c440a5cbc66c7e0dfc37468ce7547f227c5ef9df85da4867ece0dab3528e6b122c1a136707ddd2bd1d

    • SSDEEP

      24576:53qesv3PYDgBV0vjJmmR7sdOpJMeeXCD7bMHAIov6:53Wv3PYDk+jJmmRiOpJdDfIn

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Deletes itself

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Adds Run key to start application

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks