General

  • Target

    JaffaCakes118_5b500b555cf6d66e25f4fae3e02acb61

  • Size

    770KB

  • Sample

    250115-s8r7vsxkes

  • MD5

    5b500b555cf6d66e25f4fae3e02acb61

  • SHA1

    d880567a94a242b92b863387eef5d93444ee1f95

  • SHA256

    ffed93a0cafb2758d56765700e7031bc19c124c86bf88758aa75891567cceb7b

  • SHA512

    1b3365296ab64efadd071e964c34d83f00b39c1772328758ed03ebc09510e74d49af9e7b7961ee0fe90e6836d7b3f1dddc9ee01552d6d009f4dd27c0348263b0

  • SSDEEP

    24576:IdK+pf896k3UeD+f3DBCFr2liS4SBe6ZO/l:Igg84CV2wS0YO/l

Malware Config

Targets

    • Target

      JaffaCakes118_5b500b555cf6d66e25f4fae3e02acb61

    • Size

      770KB

    • MD5

      5b500b555cf6d66e25f4fae3e02acb61

    • SHA1

      d880567a94a242b92b863387eef5d93444ee1f95

    • SHA256

      ffed93a0cafb2758d56765700e7031bc19c124c86bf88758aa75891567cceb7b

    • SHA512

      1b3365296ab64efadd071e964c34d83f00b39c1772328758ed03ebc09510e74d49af9e7b7961ee0fe90e6836d7b3f1dddc9ee01552d6d009f4dd27c0348263b0

    • SSDEEP

      24576:IdK+pf896k3UeD+f3DBCFr2liS4SBe6ZO/l:Igg84CV2wS0YO/l

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks