General

  • Target

    8f1e0a417b4892614d1906ac82da0eb1_JaffaCakes118

  • Size

    600KB

  • Sample

    241104-ews2qswmfr

  • MD5

    8f1e0a417b4892614d1906ac82da0eb1

  • SHA1

    54dbbae11883b5b3e50d5c00ca6700001990bcaa

  • SHA256

    b3150efbf6f2ed9a80fd5d7f2f8f05baeff800987c8d39ca9ad3f7497980284a

  • SHA512

    9eae881a0f85e00bf71e58d6547f0974a69bba90c1caecf2b1c1f4c91c8136db7645556d439527d5f796c8d4e37959fd320da78e7604fd44d4fc3a2ef5b1598a

  • SSDEEP

    12288:mcx9bomnV7kiBJhorhQRRQl+3vjZdaTzN:5bDn9fBJ/7QcbZCN

Malware Config

Targets

    • Target

      8f1e0a417b4892614d1906ac82da0eb1_JaffaCakes118

    • Size

      600KB

    • MD5

      8f1e0a417b4892614d1906ac82da0eb1

    • SHA1

      54dbbae11883b5b3e50d5c00ca6700001990bcaa

    • SHA256

      b3150efbf6f2ed9a80fd5d7f2f8f05baeff800987c8d39ca9ad3f7497980284a

    • SHA512

      9eae881a0f85e00bf71e58d6547f0974a69bba90c1caecf2b1c1f4c91c8136db7645556d439527d5f796c8d4e37959fd320da78e7604fd44d4fc3a2ef5b1598a

    • SSDEEP

      12288:mcx9bomnV7kiBJhorhQRRQl+3vjZdaTzN:5bDn9fBJ/7QcbZCN

    • Adds policy Run key to start application

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks