General

  • Target

    JaffaCakes118_63cf3271c242617c82e09d9def60eb9fec4ec205ab07c590288bed79eed300c1

  • Size

    21.6MB

  • Sample

    241223-tkn1zatqhw

  • MD5

    78d55bec3868cbfb8ddea16e43cc7d1d

  • SHA1

    1d9a7975b05634d227f848c745d8ebc2f4efe269

  • SHA256

    63cf3271c242617c82e09d9def60eb9fec4ec205ab07c590288bed79eed300c1

  • SHA512

    87edf121b27d9411747a7111ee8f9b98a68fb1d1036e3d09a3e57079fea994fcf5e712f9fdfa9f8b323b85702ef87e30c46ddcd76c85a40108788caf3e595b12

  • SSDEEP

    393216:9CTxOIMfqR6mcLk9ZSniBUPkX0Eblsdxp6/BXFiaN1ATLJ174kfD5d56sT9QW31O:9UKkXEckEtsckVd0sT/o

Malware Config

Targets

    • Target

      JaffaCakes118_63cf3271c242617c82e09d9def60eb9fec4ec205ab07c590288bed79eed300c1

    • Size

      21.6MB

    • MD5

      78d55bec3868cbfb8ddea16e43cc7d1d

    • SHA1

      1d9a7975b05634d227f848c745d8ebc2f4efe269

    • SHA256

      63cf3271c242617c82e09d9def60eb9fec4ec205ab07c590288bed79eed300c1

    • SHA512

      87edf121b27d9411747a7111ee8f9b98a68fb1d1036e3d09a3e57079fea994fcf5e712f9fdfa9f8b323b85702ef87e30c46ddcd76c85a40108788caf3e595b12

    • SSDEEP

      393216:9CTxOIMfqR6mcLk9ZSniBUPkX0Eblsdxp6/BXFiaN1ATLJ174kfD5d56sT9QW31O:9UKkXEckEtsckVd0sT/o

    • Xmrig family

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Stops running service(s)

    • Cryptocurrency Miner

      Makes network request to known mining pool URL.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks