General

  • Target

    ddfd5ba555c1ddb846bcfea284304962_JaffaCakes118

  • Size

    120KB

  • Sample

    241210-wgx6ks1rdv

  • MD5

    ddfd5ba555c1ddb846bcfea284304962

  • SHA1

    9e046cf863ee0dee8624c47d9eb3c21d1b9ea4d3

  • SHA256

    ad73f495299becc7d5b604d46e6c04d228ff16a012fdea41f67bf163d015a7ed

  • SHA512

    979e2ea5aed1774b9beebd518e0acb7b56ad4e1fa3f3378e32e0f45f41d930ebf4c90d75d75ba022603ea6232e6410be6fdf134f904d488e852df7f941a2d84f

  • SSDEEP

    3072:wcg3Hek0RcdUBNMAg9TpKq1JVLxw1ghxDg3UPZdeE7GCe65/:jgeRusmAghIq1JVS1YxRPZdRqCfp

Malware Config

Targets

    • Target

      ddfd5ba555c1ddb846bcfea284304962_JaffaCakes118

    • Size

      120KB

    • MD5

      ddfd5ba555c1ddb846bcfea284304962

    • SHA1

      9e046cf863ee0dee8624c47d9eb3c21d1b9ea4d3

    • SHA256

      ad73f495299becc7d5b604d46e6c04d228ff16a012fdea41f67bf163d015a7ed

    • SHA512

      979e2ea5aed1774b9beebd518e0acb7b56ad4e1fa3f3378e32e0f45f41d930ebf4c90d75d75ba022603ea6232e6410be6fdf134f904d488e852df7f941a2d84f

    • SSDEEP

      3072:wcg3Hek0RcdUBNMAg9TpKq1JVLxw1ghxDg3UPZdeE7GCe65/:jgeRusmAghIq1JVS1YxRPZdRqCfp

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Strrat family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks