General

  • Target

    JaffaCakes118_a8a6afa326f55f4aa211c165806a8edd

  • Size

    540KB

  • Sample

    250410-ggnvkssps3

  • MD5

    a8a6afa326f55f4aa211c165806a8edd

  • SHA1

    caf867e23c1ddd04a52e1b935fdafccdaa223439

  • SHA256

    0ca8dc9d9d8469d78ea8045f74e52243759e52e09f480116f54289672d23b99a

  • SHA512

    2b57c4dfea7d1965a31fb22285d77165ae46502b38566c25c4a101f27af9b32801846c2d03313a4c87ba8049d7362a19a061a9be9b19b502767c58e078bbe39d

  • SSDEEP

    6144:pj6/wndfF/gl0LQIk8DR3dEuAI7pEfxsZozAm9TMdGQLUg1nYmefPImdrion:Z6onxOp8FySpE5zvIdtU+Ymef

Malware Config

Targets

    • Target

      JaffaCakes118_a8a6afa326f55f4aa211c165806a8edd

    • Size

      540KB

    • MD5

      a8a6afa326f55f4aa211c165806a8edd

    • SHA1

      caf867e23c1ddd04a52e1b935fdafccdaa223439

    • SHA256

      0ca8dc9d9d8469d78ea8045f74e52243759e52e09f480116f54289672d23b99a

    • SHA512

      2b57c4dfea7d1965a31fb22285d77165ae46502b38566c25c4a101f27af9b32801846c2d03313a4c87ba8049d7362a19a061a9be9b19b502767c58e078bbe39d

    • SSDEEP

      6144:pj6/wndfF/gl0LQIk8DR3dEuAI7pEfxsZozAm9TMdGQLUg1nYmefPImdrion:Z6onxOp8FySpE5zvIdtU+Ymef

    • Modifies WinLogon for persistence

    • Pykspa

      Pykspa is a worm spreads via Skype uses DGA and it's written in C++.

    • Pykspa family

    • Detect Pykspa worm

    • Adds policy Run key to start application

    • Disables RegEdit via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Hijack Execution Flow: Executable Installer File Permissions Weakness

      Possible Turn off User Account Control's privilege elevation for standard users.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks