General

  • Target

    JaffaCakes118_25c9569f4a819fcf2769b9cf2bb9eb04bb98703a05ad663684336da3cd443cb7

  • Size

    576KB

  • Sample

    241224-1rkqfsykd1

  • MD5

    313c578950797324f44422aaf4d3dc12

  • SHA1

    2e5f7f7f529417268b11d3c5d9b4e97d2615e099

  • SHA256

    25c9569f4a819fcf2769b9cf2bb9eb04bb98703a05ad663684336da3cd443cb7

  • SHA512

    82020d4c0f51e560722fd96cc5ca6d83478a9c32dea2131863696e281ed3494efadb89e511ada89c8154b827dfe51471dbcc1e36ff60ae03e965ec3793a7ee64

  • SSDEEP

    12288:fhJN6mnWljsFEmgS00IwtGosgvqYJ8VCuaXv2zHYQoiBjt:f/320uoNvL6xaNziFt

Malware Config

Targets

    • Target

      Synapse X Serial Key Generator.exe

    • Size

      600KB

    • MD5

      768b21c1c518aa0258ebf0c3af5c5aaa

    • SHA1

      81baff6aae38f8103457d15313166b571623be94

    • SHA256

      54490440082d4db95180097552899a6c178d4bb90bba15390ba668088adf867b

    • SHA512

      f684171d80146123a2eae78af97b4be318167a9ca4ad17e5c8017cb4f51876eb73c98f41791126d27eb170e032dd291bf28f970db7d5c3e8f23c9381f4a4ebe3

    • SSDEEP

      12288:ymkOy/IwEUvC+Q3gwUVN9WCWqsDgpbaN8rO1X3m1PYGapR7pSiha0bKqgqZ6J3N:yfOy0Uq0jiqsEpbVkXgPYFpR7of0bDgl

    • Xmrig family

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks