General

  • Target

    JaffaCakes118_ac18028c305cd56e3120e32a8964ad0d

  • Size

    808KB

  • Sample

    250410-3vz1navmx3

  • MD5

    ac18028c305cd56e3120e32a8964ad0d

  • SHA1

    79e012db4e4c849db0a8cd7dfe9b57a4ef0ef8f5

  • SHA256

    2a68112962920e1a64313e1dd8519f80c400636e68451c55e99729b166617e5b

  • SHA512

    7ff46425c72b28a2046f20bbf1fd146451423e081ceead8934416ac1c4fb9b08e86eed769768968836309df204d42b99a67fdb447fb0cbc45ce2b5cf255f00a3

  • SSDEEP

    6144:wmXqNhOPOUFLccF/nHkcPLRFB/fhLeiNruEnOldMrhJ11PUM1nF1WPz:wmaNhOPnxBnHkapLjTn/rhlUy1W7

Malware Config

Targets

    • Target

      JaffaCakes118_ac18028c305cd56e3120e32a8964ad0d

    • Size

      808KB

    • MD5

      ac18028c305cd56e3120e32a8964ad0d

    • SHA1

      79e012db4e4c849db0a8cd7dfe9b57a4ef0ef8f5

    • SHA256

      2a68112962920e1a64313e1dd8519f80c400636e68451c55e99729b166617e5b

    • SHA512

      7ff46425c72b28a2046f20bbf1fd146451423e081ceead8934416ac1c4fb9b08e86eed769768968836309df204d42b99a67fdb447fb0cbc45ce2b5cf255f00a3

    • SSDEEP

      6144:wmXqNhOPOUFLccF/nHkcPLRFB/fhLeiNruEnOldMrhJ11PUM1nF1WPz:wmaNhOPnxBnHkapLjTn/rhlUy1W7

    • Modifies WinLogon for persistence

    • Pykspa

      Pykspa is a worm spreads via Skype uses DGA and it's written in C++.

    • Pykspa family

    • Detect Pykspa worm

    • Adds policy Run key to start application

    • Disables RegEdit via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Hijack Execution Flow: Executable Installer File Permissions Weakness

      Possible Turn off User Account Control's privilege elevation for standard users.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks