General

  • Target

    JaffaCakes118_a2fe2e4c7616bd5a654611000e6bd0c751558e06fd611feae3d2b4d16b71a3cb

  • Size

    2.9MB

  • Sample

    241223-ycyyesynez

  • MD5

    c6484314a40bf277741522ce7b29245e

  • SHA1

    ddf76065ffabd8865977edc7a1b13a52518a865b

  • SHA256

    a2fe2e4c7616bd5a654611000e6bd0c751558e06fd611feae3d2b4d16b71a3cb

  • SHA512

    e7392340da7d85048bbdbac90b8bec388967d5756ccbcf3bbbe498da4ca22eef4511e06ac240dc773e4a49418d253be339ee6cec1e13e0f4b350f0e49842fea7

  • SSDEEP

    49152:ktmU2zO7Uh8avKQm4+tbwE4sJEOqBW12eqgN1mH0S/BpYarkXkCx55yar:GmU2zO7WKTJtbFZ4rgGUoBp2XbxLyo

Malware Config

Targets

    • Target

      Installer.bin

    • Size

      4.6MB

    • MD5

      43dba66b8c79ae15207a60f4151934ca

    • SHA1

      20d2f0cb9a7df3808aff1fb65a1a039c32508584

    • SHA256

      03ebe6a1c6d8aca197174ddf127b9f4cdbfc9607eeba60920531d70170deb64f

    • SHA512

      6d4492e06a039959cccc67b073b4d12293cf32a46858a99f850a9301f242df896a488bb1caba6a673719259091adb34170606225f2987c93f3111c2390821474

    • SSDEEP

      49152:PrX04x/He4aIqYuUvsY5HXc8fqv6hugnMJ0dUBsAJjAwuoiap81gDy9zsESdFM:w4xfZ7T9fh/nMJ9fWq81oE

    • Xmrig family

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • System Binary Proxy Execution: InstallUtil

      Abuse InstallUtil to proxy execution of malicious code.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks