General

  • Target

    JaffaCakes118_43705e199165c7555981fd76c017cb69

  • Size

    142KB

  • Sample

    250127-zbry6avjgs

  • MD5

    43705e199165c7555981fd76c017cb69

  • SHA1

    9ee2894c3c2e2d0fde789ff04bff72a72800e8f1

  • SHA256

    e4b876634e7b5d74df61d0a17ad44bea4b348d22fce9b5c0f8190e22d0321468

  • SHA512

    d0ca71df53b553282a6fe6ec58f2bbc0e458a104172b6b9d82d6b873fe1ecb2a5df14d110d00bad492b014298b469204b911ebc352100f1794b7900a35b993a6

  • SSDEEP

    3072:VRD2vx4t2pU17CRDW2PTgagnLE5vqfGGEHklCv54:bD2Z4SUuD3QE5fGxlCm

Score
10/10

Malware Config

Targets

    • Target

      JaffaCakes118_43705e199165c7555981fd76c017cb69

    • Size

      142KB

    • MD5

      43705e199165c7555981fd76c017cb69

    • SHA1

      9ee2894c3c2e2d0fde789ff04bff72a72800e8f1

    • SHA256

      e4b876634e7b5d74df61d0a17ad44bea4b348d22fce9b5c0f8190e22d0321468

    • SHA512

      d0ca71df53b553282a6fe6ec58f2bbc0e458a104172b6b9d82d6b873fe1ecb2a5df14d110d00bad492b014298b469204b911ebc352100f1794b7900a35b993a6

    • SSDEEP

      3072:VRD2vx4t2pU17CRDW2PTgagnLE5vqfGGEHklCv54:bD2Z4SUuD3QE5fGxlCm

    Score
    10/10
    • Modifies WinLogon for persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks