General

  • Target

    JaffaCakes118_a19b07ba8129bd9a9375335887f5736e3d6a0c163b0df8ec3d6a3dbacdcfeed6

  • Size

    681.3MB

  • Sample

    241222-jb73dayrat

  • MD5

    3d2b342a8ac39e23ec8f44371fb4d001

  • SHA1

    9c0c0f3e80932b0d92b51249f273fd1d67511aa2

  • SHA256

    a19b07ba8129bd9a9375335887f5736e3d6a0c163b0df8ec3d6a3dbacdcfeed6

  • SHA512

    f41a978c97bed0ab49f4bd6256037cc94726bc58f2cd238c0d0ea5fb5d3e0400bd763a1fb98dd584277ab3cf07a1bec3a5a34ea23d6376d63df6d67a13ea8a43

  • SSDEEP

    49152:LbA3VkA0YiuBO8qbzb9ehNw6NbHHrc05RBtPXD2lIwgR3cjXBdlh:LbSx0ID26wY3T5DZXq2w3XBdr

Malware Config

Targets

    • Target

      JaffaCakes118_a19b07ba8129bd9a9375335887f5736e3d6a0c163b0df8ec3d6a3dbacdcfeed6

    • Size

      681.3MB

    • MD5

      3d2b342a8ac39e23ec8f44371fb4d001

    • SHA1

      9c0c0f3e80932b0d92b51249f273fd1d67511aa2

    • SHA256

      a19b07ba8129bd9a9375335887f5736e3d6a0c163b0df8ec3d6a3dbacdcfeed6

    • SHA512

      f41a978c97bed0ab49f4bd6256037cc94726bc58f2cd238c0d0ea5fb5d3e0400bd763a1fb98dd584277ab3cf07a1bec3a5a34ea23d6376d63df6d67a13ea8a43

    • SSDEEP

      49152:LbA3VkA0YiuBO8qbzb9ehNw6NbHHrc05RBtPXD2lIwgR3cjXBdlh:LbSx0ID26wY3T5DZXq2w3XBdr

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Netsupport family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks