General

  • Target

    JaffaCakes118_c3796170ce376b63718d114c759fc1c69045d09ce0923f74ad96ba8fc734d142

  • Size

    749.4MB

  • Sample

    241223-tfqn1atqaw

  • MD5

    35236ddbbeaffdbdbfbf0c9b26a300c2

  • SHA1

    4e4f97b9f77e04a9917d85c6d2b3c49e9769089f

  • SHA256

    c3796170ce376b63718d114c759fc1c69045d09ce0923f74ad96ba8fc734d142

  • SHA512

    1146a6dd72cfdc103707c811c38bb9af439ce9fd90965599d638ca95b70a81edb82ab1b56f87ccb2766b7b2beb6bf4f838514215861e2cd7f7f57e6fb728021d

  • SSDEEP

    786432:d1GbxO4RF4z4aIieFtnzZxVsWM0l3JSRR7faj/O631h6QeXJDjAwAZcho:d1gxV7g4aIiw9xVnMc5SX0/AQ6TAZG

Malware Config

Targets

    • Target

      JaffaCakes118_c3796170ce376b63718d114c759fc1c69045d09ce0923f74ad96ba8fc734d142

    • Size

      749.4MB

    • MD5

      35236ddbbeaffdbdbfbf0c9b26a300c2

    • SHA1

      4e4f97b9f77e04a9917d85c6d2b3c49e9769089f

    • SHA256

      c3796170ce376b63718d114c759fc1c69045d09ce0923f74ad96ba8fc734d142

    • SHA512

      1146a6dd72cfdc103707c811c38bb9af439ce9fd90965599d638ca95b70a81edb82ab1b56f87ccb2766b7b2beb6bf4f838514215861e2cd7f7f57e6fb728021d

    • SSDEEP

      786432:d1GbxO4RF4z4aIieFtnzZxVsWM0l3JSRR7faj/O631h6QeXJDjAwAZcho:d1gxV7g4aIiw9xVnMc5SX0/AQ6TAZG

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Netsupport family

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks