General

  • Target

    JaffaCakes118_c600ee5ebb97e7036ff4df33f78fd660

  • Size

    171KB

  • Sample

    250119-m8a1pavraj

  • MD5

    c600ee5ebb97e7036ff4df33f78fd660

  • SHA1

    ce4626c36502cd3828940924b490226e1201a3b8

  • SHA256

    f2fa63ae2637df4875f3543bb0501abc6f1777711fa8e0aa96dd2332672fca8f

  • SHA512

    00f8d24b47e5d729b191ad450bfbb723671a9f3a9db06f81e66069620fefe7727f45add06ef61f137f03a61c75b12c2d47f42cf1262d7602836956800f3ee7b5

  • SSDEEP

    3072:bB4FJ4DTw6EVSp0ydsKA/QcbM7f5CGg4IZDA5a/c2AHJyWza9q4iuOneRLaZmqQF:bBq4Ds6asUZDA5F2Cyt9DGeRLaZmqsDZ

Malware Config

Targets

    • Target

      JaffaCakes118_c600ee5ebb97e7036ff4df33f78fd660

    • Size

      171KB

    • MD5

      c600ee5ebb97e7036ff4df33f78fd660

    • SHA1

      ce4626c36502cd3828940924b490226e1201a3b8

    • SHA256

      f2fa63ae2637df4875f3543bb0501abc6f1777711fa8e0aa96dd2332672fca8f

    • SHA512

      00f8d24b47e5d729b191ad450bfbb723671a9f3a9db06f81e66069620fefe7727f45add06ef61f137f03a61c75b12c2d47f42cf1262d7602836956800f3ee7b5

    • SSDEEP

      3072:bB4FJ4DTw6EVSp0ydsKA/QcbM7f5CGg4IZDA5a/c2AHJyWza9q4iuOneRLaZmqQF:bBq4Ds6asUZDA5F2Cyt9DGeRLaZmqsDZ

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks