General

  • Target

    JaffaCakes118_236e27a2224e5480ffb3c2ada9fbae11a4bd7fe3dc4df9cb1e90567bf9132956

  • Size

    683.0MB

  • Sample

    241224-czgrrsyrfx

  • MD5

    d57abd0bc2e3205c55e2c640d067dd9c

  • SHA1

    1367417d612289d5b260e5b0db4e8f2d125306b7

  • SHA256

    236e27a2224e5480ffb3c2ada9fbae11a4bd7fe3dc4df9cb1e90567bf9132956

  • SHA512

    a8c175116cabdf22f6fb356174864fe6d05bf50011d203ee50a426706635b516a6446a2e59f05654c75bfb01e0bba0c829ac0adfb8c8d431a12ca19a9e9ecd92

  • SSDEEP

    49152:cSpX9ZhA3oCQy/VanXF3zPq0eiXrhXDZf:cSpXzqoCl/VQV3zPqabhXDJ

Malware Config

Targets

    • Target

      JaffaCakes118_236e27a2224e5480ffb3c2ada9fbae11a4bd7fe3dc4df9cb1e90567bf9132956

    • Size

      683.0MB

    • MD5

      d57abd0bc2e3205c55e2c640d067dd9c

    • SHA1

      1367417d612289d5b260e5b0db4e8f2d125306b7

    • SHA256

      236e27a2224e5480ffb3c2ada9fbae11a4bd7fe3dc4df9cb1e90567bf9132956

    • SHA512

      a8c175116cabdf22f6fb356174864fe6d05bf50011d203ee50a426706635b516a6446a2e59f05654c75bfb01e0bba0c829ac0adfb8c8d431a12ca19a9e9ecd92

    • SSDEEP

      49152:cSpX9ZhA3oCQy/VanXF3zPq0eiXrhXDZf:cSpXzqoCl/VQV3zPqabhXDJ

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Netsupport family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks