General

  • Target

    JaffaCakes118_c84f7d1786881a145efc5a59b4f67cd3

  • Size

    773KB

  • Sample

    250119-p4h7lsyndl

  • MD5

    c84f7d1786881a145efc5a59b4f67cd3

  • SHA1

    b73af6e3d0fd83a4e5c9a047b800abba44153781

  • SHA256

    ded2242d5b4f7989e828d88c58e36b2354272d4580079ec250a6d05001ed77a3

  • SHA512

    e468f7038603336aa47f49afc6a7c31010e996e13c54957a95e6478e814b7bab9fb7a4fd2327e2bf2163a8229bd4be53e0c8d9fb6aa735ae30d820e712e20f8b

  • SSDEEP

    24576:4VRpylS9YyOBaT6vIhgKfGkF3ruCYSet:4dyCY1aT6wNVe

Malware Config

Targets

    • Target

      JaffaCakes118_c84f7d1786881a145efc5a59b4f67cd3

    • Size

      773KB

    • MD5

      c84f7d1786881a145efc5a59b4f67cd3

    • SHA1

      b73af6e3d0fd83a4e5c9a047b800abba44153781

    • SHA256

      ded2242d5b4f7989e828d88c58e36b2354272d4580079ec250a6d05001ed77a3

    • SHA512

      e468f7038603336aa47f49afc6a7c31010e996e13c54957a95e6478e814b7bab9fb7a4fd2327e2bf2163a8229bd4be53e0c8d9fb6aa735ae30d820e712e20f8b

    • SSDEEP

      24576:4VRpylS9YyOBaT6vIhgKfGkF3ruCYSet:4dyCY1aT6wNVe

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks