General

  • Target

    JaffaCakes118_40c2d13d8ebbd9c83acb0c4a02fe661b

  • Size

    33KB

  • Sample

    250127-sdadkatngx

  • MD5

    40c2d13d8ebbd9c83acb0c4a02fe661b

  • SHA1

    7542595f1aafc65731907235814a808a7b40c761

  • SHA256

    e978f34df962d94386dfa24ab780246f77370eaba6da3f2e1ad0e554d9007471

  • SHA512

    e4cebf36018f7c2453f4514a13de987a8ffe8d949e16d57fba3498d2a2fb1da5fb2b5b961eca400366438e4b8cacec30c19e81a7427bc07b310c8e281b7f5181

  • SSDEEP

    768:uqSdfoTQvkdak16IjCsLpZcPm162qEZhP9iUI2jJWAEkXyG:uFfoTskdakk49Zc+Nv/IdAEkC

Malware Config

Targets

    • Target

      JaffaCakes118_40c2d13d8ebbd9c83acb0c4a02fe661b

    • Size

      33KB

    • MD5

      40c2d13d8ebbd9c83acb0c4a02fe661b

    • SHA1

      7542595f1aafc65731907235814a808a7b40c761

    • SHA256

      e978f34df962d94386dfa24ab780246f77370eaba6da3f2e1ad0e554d9007471

    • SHA512

      e4cebf36018f7c2453f4514a13de987a8ffe8d949e16d57fba3498d2a2fb1da5fb2b5b961eca400366438e4b8cacec30c19e81a7427bc07b310c8e281b7f5181

    • SSDEEP

      768:uqSdfoTQvkdak16IjCsLpZcPm162qEZhP9iUI2jJWAEkXyG:uFfoTskdakk49Zc+Nv/IdAEkC

    • Modifies WinLogon for persistence

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks