General

  • Target

    839f07be0f3fc47d43e6c86cacdf209b_JaffaCakes118

  • Size

    756KB

  • Sample

    241031-xr55lssgmn

  • MD5

    839f07be0f3fc47d43e6c86cacdf209b

  • SHA1

    894403d5db1265d57e8e50cdb37603977797cfb5

  • SHA256

    768b3adb95d7e973ece8056454fe08804244cbf50e163f87486e71914f9bfbb3

  • SHA512

    d1a4af536eb99beeca78d92c0608de9b1be4f0e49f32970da0a6e151062195cf9999a0d33dc7c336e046c2fd4999d8aab8463453c901ac4f6e484d0099f3e8c4

  • SSDEEP

    12288:4PD4CpYLzDvohLplCE1I3xavmuPiJtqZ1+GmAsbECr3BLHHvN9yqYoWYS9ue0SSD:A8C2nDaSavE93AsYqzPp89ESSvQP2T

Malware Config

Targets

    • Target

      839f07be0f3fc47d43e6c86cacdf209b_JaffaCakes118

    • Size

      756KB

    • MD5

      839f07be0f3fc47d43e6c86cacdf209b

    • SHA1

      894403d5db1265d57e8e50cdb37603977797cfb5

    • SHA256

      768b3adb95d7e973ece8056454fe08804244cbf50e163f87486e71914f9bfbb3

    • SHA512

      d1a4af536eb99beeca78d92c0608de9b1be4f0e49f32970da0a6e151062195cf9999a0d33dc7c336e046c2fd4999d8aab8463453c901ac4f6e484d0099f3e8c4

    • SSDEEP

      12288:4PD4CpYLzDvohLplCE1I3xavmuPiJtqZ1+GmAsbECr3BLHHvN9yqYoWYS9ue0SSD:A8C2nDaSavE93AsYqzPp89ESSvQP2T

    • Modifies security service

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Windows security modification

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks