General

  • Target

    JaffaCakes118_d00acf4b571383eb48cb7a06b8bc8d85

  • Size

    2.7MB

  • Sample

    250422-26rb8azxhy

  • MD5

    d00acf4b571383eb48cb7a06b8bc8d85

  • SHA1

    224047bc05d03d6f9f5154e2eb293a8453b7c576

  • SHA256

    8705f1cd2755aa9ad15afacba9ddb6d25cc7398bf53e9ed7edb51c6f7e527bbe

  • SHA512

    25f0323b473da62a7c4378ad07b879b5325aaded453481a1d6ed41260a001935ff2ab48ecb443fc363e56887686004d5f323daaa068dd78d0e9313e70bea6da0

  • SSDEEP

    49152:1AJYJOsBs2vL52JmKkD/ixmIusQwxYnt/oEmgOOjj6MJiWqiPpHEt01aPBL4DRJ/:GJYJrK2vL52J+D/igIujsYtg3gOOjj6A

Malware Config

Targets

    • Target

      JaffaCakes118_d00acf4b571383eb48cb7a06b8bc8d85

    • Size

      2.7MB

    • MD5

      d00acf4b571383eb48cb7a06b8bc8d85

    • SHA1

      224047bc05d03d6f9f5154e2eb293a8453b7c576

    • SHA256

      8705f1cd2755aa9ad15afacba9ddb6d25cc7398bf53e9ed7edb51c6f7e527bbe

    • SHA512

      25f0323b473da62a7c4378ad07b879b5325aaded453481a1d6ed41260a001935ff2ab48ecb443fc363e56887686004d5f323daaa068dd78d0e9313e70bea6da0

    • SSDEEP

      49152:1AJYJOsBs2vL52JmKkD/ixmIusQwxYnt/oEmgOOjj6MJiWqiPpHEt01aPBL4DRJ/:GJYJrK2vL52J+D/igIujsYtg3gOOjj6A

    • Disables service(s)

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    • Rms family

    • Indicator Removal: Network Share Connection Removal

      Adversaries may remove share connections that are no longer useful in order to clean up traces of their operation.

    • Modifies Windows Firewall

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks