General

  • Target

    dec558ed05a4e33c7f71769d3832f107_JaffaCakes118

  • Size

    195KB

  • Sample

    241210-2gpr4asnds

  • MD5

    dec558ed05a4e33c7f71769d3832f107

  • SHA1

    073eb35eba241a631f900a67d10d794b25eeb28c

  • SHA256

    0e49b327e35f3e2c1328649d0752fa3fbe79b0aee1a875fbf36306a9fb587bd9

  • SHA512

    f7107ae2e184117c66cd3c63096f49852b6e578e51565ac3fe2a25a56a45901ce48df292aa7414f76df4dccdfdfcb5f48f103b29458ae7a1bf6867ea87dce91d

  • SSDEEP

    6144:Y1c6jL5pvnBYCLbb8Q5AGKgICNILqDe6x:Y1c6jL5pKCfZuyIQeg

Malware Config

Targets

    • Target

      dec558ed05a4e33c7f71769d3832f107_JaffaCakes118

    • Size

      195KB

    • MD5

      dec558ed05a4e33c7f71769d3832f107

    • SHA1

      073eb35eba241a631f900a67d10d794b25eeb28c

    • SHA256

      0e49b327e35f3e2c1328649d0752fa3fbe79b0aee1a875fbf36306a9fb587bd9

    • SHA512

      f7107ae2e184117c66cd3c63096f49852b6e578e51565ac3fe2a25a56a45901ce48df292aa7414f76df4dccdfdfcb5f48f103b29458ae7a1bf6867ea87dce91d

    • SSDEEP

      6144:Y1c6jL5pvnBYCLbb8Q5AGKgICNILqDe6x:Y1c6jL5pKCfZuyIQeg

    • Detects MyDoom family

    • Modifies firewall policy service

    • MyDoom

      MyDoom is a Worm that is written in C++.

    • Mydoom family

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks