General

  • Target

    JaffaCakes118_438ccd32bd29a5a893dd927c850dff72

  • Size

    38KB

  • Sample

    250127-zlvg2avrfq

  • MD5

    438ccd32bd29a5a893dd927c850dff72

  • SHA1

    458c2139f8259460a71dc2a21fece2deb2034fe3

  • SHA256

    ead9114bdf48f8a702b3addeed275e6f97634d8aaff8c0722b4cd9d6b0551f89

  • SHA512

    61dcd12bead2193f0dc41794fb989da93d96115e17bb52f4421c483e3186057e7b08bef974c797ae30d8af03c4b99a059a2068992094df884f14f7a93d196f7f

  • SSDEEP

    768:XcfGaro8snFd2piQF+wJsV1qn0Sn+4uWlKSWyp7j77Qhi:XKGj8yb2pz81NSnmWlsyVUi

Malware Config

Targets

    • Target

      JaffaCakes118_438ccd32bd29a5a893dd927c850dff72

    • Size

      38KB

    • MD5

      438ccd32bd29a5a893dd927c850dff72

    • SHA1

      458c2139f8259460a71dc2a21fece2deb2034fe3

    • SHA256

      ead9114bdf48f8a702b3addeed275e6f97634d8aaff8c0722b4cd9d6b0551f89

    • SHA512

      61dcd12bead2193f0dc41794fb989da93d96115e17bb52f4421c483e3186057e7b08bef974c797ae30d8af03c4b99a059a2068992094df884f14f7a93d196f7f

    • SSDEEP

      768:XcfGaro8snFd2piQF+wJsV1qn0Sn+4uWlKSWyp7j77Qhi:XKGj8yb2pz81NSnmWlsyVUi

    • Modifies WinLogon for persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks