General

  • Target

    JaffaCakes118_003a0da3d1257cbb728be359297a0a3d

  • Size

    83KB

  • Sample

    250120-1t4w4s1nev

  • MD5

    003a0da3d1257cbb728be359297a0a3d

  • SHA1

    6462cebe71a23c15481050a9c2ebc596dd215612

  • SHA256

    75ea86b540bbb074e93e92d7eff98f871cde4f2373719ed8b9f5ba1834b11b7e

  • SHA512

    c2d23f14bc36793d152f52c9523cf53c05d2420224f3b3492ce3e001cf0e5bcb0e9ea3ef84ae81998ab7803868611c605fa407eea4c4a57fd78b32a0c01e7cc8

  • SSDEEP

    1536:WUCIvI+Qzwanmilo258jF1/HoSEBFNL22243KyJVl8lWfHC3wWkj:WUdQM8ojFBwBFNKo3KyJqIi3w

Malware Config

Targets

    • Target

      JaffaCakes118_003a0da3d1257cbb728be359297a0a3d

    • Size

      83KB

    • MD5

      003a0da3d1257cbb728be359297a0a3d

    • SHA1

      6462cebe71a23c15481050a9c2ebc596dd215612

    • SHA256

      75ea86b540bbb074e93e92d7eff98f871cde4f2373719ed8b9f5ba1834b11b7e

    • SHA512

      c2d23f14bc36793d152f52c9523cf53c05d2420224f3b3492ce3e001cf0e5bcb0e9ea3ef84ae81998ab7803868611c605fa407eea4c4a57fd78b32a0c01e7cc8

    • SSDEEP

      1536:WUCIvI+Qzwanmilo258jF1/HoSEBFNL22243KyJVl8lWfHC3wWkj:WUdQM8ojFBwBFNKo3KyJqIi3w

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Indicator Removal: Clear Windows Event Logs

      Clear Windows Event Logs to hide the activity of an intrusion.

    • Loads dropped DLL

    • Modifies file permissions

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks