General

  • Target

    JaffaCakes118_c62550d1e7fb266da9965f1a8261d288

  • Size

    195KB

  • Sample

    250119-ncejnsvles

  • MD5

    c62550d1e7fb266da9965f1a8261d288

  • SHA1

    9f7c1c5f6687b1a7238ee3570a069be6ab277fe9

  • SHA256

    1d39a5666089d7b4618cf996bcd9d8da6ad9d7e5d0ce33045bbfdd2680e4efc2

  • SHA512

    3adc6193fabee4d97ac81666ab94d4c95954c4f9124faca6464de20811668dc83482c61bdf5c2b90eb09f0c9a8750540360da364dd8f696ec2b79026dd94f2a2

  • SSDEEP

    3072:pTykGZAhxA5kikn634tnxgdan7U+q2cW0e+vPCK2AKtJ2cIK15dx:pTy9OhS5kZ6qOMnThSeIn2A4J2C5

Malware Config

Targets

    • Target

      JaffaCakes118_c62550d1e7fb266da9965f1a8261d288

    • Size

      195KB

    • MD5

      c62550d1e7fb266da9965f1a8261d288

    • SHA1

      9f7c1c5f6687b1a7238ee3570a069be6ab277fe9

    • SHA256

      1d39a5666089d7b4618cf996bcd9d8da6ad9d7e5d0ce33045bbfdd2680e4efc2

    • SHA512

      3adc6193fabee4d97ac81666ab94d4c95954c4f9124faca6464de20811668dc83482c61bdf5c2b90eb09f0c9a8750540360da364dd8f696ec2b79026dd94f2a2

    • SSDEEP

      3072:pTykGZAhxA5kikn634tnxgdan7U+q2cW0e+vPCK2AKtJ2cIK15dx:pTy9OhS5kZ6qOMnThSeIn2A4J2C5

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks