General

  • Target

    JaffaCakes118_8ad5786bd8973d15d926e4fd2d4d9a5c

  • Size

    969KB

  • Sample

    250328-t1bqksyvat

  • MD5

    8ad5786bd8973d15d926e4fd2d4d9a5c

  • SHA1

    8ee7846bab2b6a2b5ef518f6200f9d06762ff1d3

  • SHA256

    a2e9381c96ebfac40bf1c3e471d157397d526f5fcd44e2b911460ad493dee4fa

  • SHA512

    4a79d9bda26c14f41d8bbb09a65beec07c05541a0de3d64b5c30b1454708ba63b31d73002fda3f80590d76aa416bd991070e74422051ad2f2afbfd355899d314

  • SSDEEP

    24576:xUP3DQ1pFy9U83Zn8tnc56FctQj5K/jtZrXPz:OPDQ1Ly9AtncRQdK7tZ3

Malware Config

Targets

    • Target

      JaffaCakes118_8ad5786bd8973d15d926e4fd2d4d9a5c

    • Size

      969KB

    • MD5

      8ad5786bd8973d15d926e4fd2d4d9a5c

    • SHA1

      8ee7846bab2b6a2b5ef518f6200f9d06762ff1d3

    • SHA256

      a2e9381c96ebfac40bf1c3e471d157397d526f5fcd44e2b911460ad493dee4fa

    • SHA512

      4a79d9bda26c14f41d8bbb09a65beec07c05541a0de3d64b5c30b1454708ba63b31d73002fda3f80590d76aa416bd991070e74422051ad2f2afbfd355899d314

    • SSDEEP

      24576:xUP3DQ1pFy9U83Zn8tnc56FctQj5K/jtZrXPz:OPDQ1Ly9AtncRQdK7tZ3

    Score
    7/10
    • Loads dropped DLL

    • Target

      $PLUGINSDIR/StartMenu.dll

    • Size

      7KB

    • MD5

      72f18eaa88886bd0d46de64a17d9720c

    • SHA1

      e604c84de0ded023cf4c5e215c0534faf1d18227

    • SHA256

      05f699d932f1fea8e6f1a711c3bc8ba51463b924b78a68bfd0683295de008da1

    • SHA512

      5a80e303f1418dde67ffe0b9b60d574b85634de0d2b557a6691229812e9b376fb34ba7e276efd0e20f35baec91f1030b738e2138d7b7ee146715fcab5cd7e018

    • SSDEEP

      96:VgJbo7bG2VHk3C45rJixqE+6nSvMn0iGLG8wq/aAtJ1t2RhU1fU:qJk7ZHgRJRHvcwBwqP/t6wf

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      2b54369538b0fb45e1bb9f49f71ce2db

    • SHA1

      c20df42fda5854329e23826ba8f2015f506f7b92

    • SHA256

      761dcdf12f41d119f49dbdca9bcab3928bbdfd8edd67e314d54689811f9d3e2f

    • SHA512

      25e4898e3c082632dfd493756c4cc017decbef43ffa0b68f36d037841a33f2a1721f30314a85597ac30c7ecc99b7257ea43f3a903744179578a9c65fcf57a8b7

    • SSDEEP

      192:ibEOXfXZQ6i1AZ2q6grklcm/iaULQAos:ib/41AZN6uklckLUJo

    Score
    3/10
    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      c6284e23cd7e4d11db8298deb4541083

    • SHA1

      e338686c7579620383ab8cc5a51bbb8d846f60cf

    • SHA256

      79914940cbbf70a385f13a9970a9d577d7a7e07d240fe44563b45a472cd4bc3f

    • SHA512

      72103e470d770fb402a18e975ff339526a3e4c9aeb8fac1b0977995a6eace0eca965b1915404df9b5a25b59628db1b199d2b9b10372841309c137054356a5cd7

    • SSDEEP

      96:q0HzOxnC1hncrcpRciM8wcxMkDOW6LbUXv8X2PXv5bcndYosRn:qJxw3pmiMRxNE/8c5bcdo

    Score
    3/10
    • Target

      $PROGRAMFILES/NetMeeting/360.knl

    • Size

      6KB

    • MD5

      5c1512b2632927dd12837c74f431061c

    • SHA1

      b2bea9c32771b258a23c89934d33476518b25371

    • SHA256

      161941a6efafa22308ea856b4c07b859de3c0b80c0e16874b0483a9e34f46f69

    • SHA512

      8cfeb98a1fff40c30b3b3dce463a1f2987c4c2028f414b27843375446667df33ee1494b7f3f99a662066af9f9010d656ea7223fca84dd129d74d3f672cac6973

    • SSDEEP

      192:MjNBQi2529bCkp40e9As/7gS8kPzJszGQ:MjNKN52ZCb0pScS5DQ

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      $PROGRAMFILES/files/3.bat

    • Size

      3KB

    • MD5

      175c06ae5ec020506749d7dbd0c72923

    • SHA1

      dfe43fb80dc91eef02427c9f2ee903225f6b1725

    • SHA256

      0ab58ea7a47d1050faf4ba0f4d8fe6786be2e5616b662a2a3ed90457ee57d7f4

    • SHA512

      0a90b1135163dea907aabe6545e7b7d36196a303010e283c235e82c2ac1de38bcde67f330a00a6887a88a7e42e49047096d84e0ea965a268ee27dd78ea900731

    Score
    1/10
    • Target

      $PROGRAMFILES/files/3.vbs

    • Size

      1KB

    • MD5

      647fbc4e1b3eea4ee899b37a8ee29a5a

    • SHA1

      b169eba879ef6b0bdda1906ced2f9036672bb55b

    • SHA256

      4073d8deeb8790f49fe9d2933e86bb696cc48c928014b4b02e5cd1b2dc1708c6

    • SHA512

      8d9b4aeeb35c4362d5dc0c5d5af92a624d2b79a3302fa91fc378dc97476b5e2b249d3371ba1c186aecbebe42aa54e10708d8aab966c92f5e7690b5eaaa05cb54

    Score
    3/10
    • Target

      $PROGRAMFILES/files/q

    • Size

      2KB

    • MD5

      97af5fe6faf87f3a438f6220e4a67337

    • SHA1

      431095968ed4b65f95d548a2aee327dd27a23f2a

    • SHA256

      5ec1a99388aff9ac4333f616df25dbb1e9d2c0ee46fa8c2837c7c329b0c24e73

    • SHA512

      03f1b50f954af9d2244f7ebc36a27d1334ecacc00ecd307c3aec0c1854357656a6c0d3c2e6f1f081a9d02bd82b3a3490bad52174e58a6104a9aa11e8f973141f

    Score
    3/10
    • Target

      $TEMP/SeFastInstall3_3201.exe

    • Size

      227KB

    • MD5

      97a0b8d4d70e2358f67721496fd901de

    • SHA1

      f5a39a0636dbe64cfbaa4f5888a620e2ef291bfe

    • SHA256

      78b79361df52fbafd5503471094af6c21c9d998f53feb57d9cfcf64a8b54d7f8

    • SHA512

      cfa66b29677ac35c20183e95322916591da1b519e3cf6e7767d2a264eb6b0b80829ae2a2d64eab3836e4c73589789702bfd6ad5157abe547d651e687d7200f79

    • SSDEEP

      6144:SDez3bkqxR5/zpu9EKR7NutEdfUv95u9rn39Vk+K5d:SDcxRW93NldmkdLBK5d

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      ֮.exe

    • Size

      1.4MB

    • MD5

      5b09029117dedb91f4b06ef3c0e8b94f

    • SHA1

      6cef43f5147d5fe01b66748157782626cce44c28

    • SHA256

      4dbc3ae45a04dea291f318cfefdd091af2d6a2a747f4970a1c369752ca093558

    • SHA512

      fdd0385a7f094774fb77bec9830c7eb62fa081936c55c91539394421d2b0b8dde8ea7bb84a48001814a1e0b496e741cc5ee5c2ebd905c9ef945e7dbb22e38c32

    • SSDEEP

      24576:SRFS7Iid6Nx7izcFsaWrtLTOITQA6kOStpbspT63cGnD:vDd6ziVTOITQAOpT63cGnD

MITRE ATT&CK Enterprise v15

Tasks