General

  • Target

    afaf2335cbd8b65452e65f69e5feee49_JaffaCakes118

  • Size

    299KB

  • Sample

    241129-h3h2wsxqgm

  • MD5

    afaf2335cbd8b65452e65f69e5feee49

  • SHA1

    95f9e1971c739e17c6821196ef6e32b2d430b182

  • SHA256

    e5f0a29086f35cee8e5788791d1fd1c78aa3a14f20a227594605eff43e335665

  • SHA512

    ba55cada758ee5d3013b305d4b255e33a409ea72d43d1ec9392f23c03299ac18753010fa0a41d82f8b52278d18ef15177e933e148d92ad7bc17b30cbde485600

  • SSDEEP

    6144:dcdgyYh3w2+eZNcTHqkt+KP0oxFkfskmRV:dWgXh3v+eZNIbT8ogBmRV

Malware Config

Targets

    • Target

      afaf2335cbd8b65452e65f69e5feee49_JaffaCakes118

    • Size

      299KB

    • MD5

      afaf2335cbd8b65452e65f69e5feee49

    • SHA1

      95f9e1971c739e17c6821196ef6e32b2d430b182

    • SHA256

      e5f0a29086f35cee8e5788791d1fd1c78aa3a14f20a227594605eff43e335665

    • SHA512

      ba55cada758ee5d3013b305d4b255e33a409ea72d43d1ec9392f23c03299ac18753010fa0a41d82f8b52278d18ef15177e933e148d92ad7bc17b30cbde485600

    • SSDEEP

      6144:dcdgyYh3w2+eZNcTHqkt+KP0oxFkfskmRV:dWgXh3v+eZNIbT8ogBmRV

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

    • Deletes itself

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks