General

  • Target

    JaffaCakes118_d8d14cf4c08f1c92c7283c7d779622e4

  • Size

    3.3MB

  • Sample

    250425-x7a96sytg1

  • MD5

    d8d14cf4c08f1c92c7283c7d779622e4

  • SHA1

    ad86a16cba59e41c06f07ba22fbe92fd68d889d0

  • SHA256

    9acbaf49d9b19d2b207a0ed90e963bdc21276ddf427d38d0f9ddf0efcf587597

  • SHA512

    f99e7ec5ce3153572766dcb1bade724033967036572859b47064666baca661d318d0d595af132908ac4069f0c75f3c20410ce73d16e6f3e383e8e6ac13980c4c

  • SSDEEP

    98304:7JYCAwP4unYP+0O8NPKDUDpQCOfCJ+N4dP5CVSBX:7J7Oo8DDpS6Y4ck

Malware Config

Targets

    • Target

      JaffaCakes118_d8d14cf4c08f1c92c7283c7d779622e4

    • Size

      3.3MB

    • MD5

      d8d14cf4c08f1c92c7283c7d779622e4

    • SHA1

      ad86a16cba59e41c06f07ba22fbe92fd68d889d0

    • SHA256

      9acbaf49d9b19d2b207a0ed90e963bdc21276ddf427d38d0f9ddf0efcf587597

    • SHA512

      f99e7ec5ce3153572766dcb1bade724033967036572859b47064666baca661d318d0d595af132908ac4069f0c75f3c20410ce73d16e6f3e383e8e6ac13980c4c

    • SSDEEP

      98304:7JYCAwP4unYP+0O8NPKDUDpQCOfCJ+N4dP5CVSBX:7J7Oo8DDpS6Y4ck

    • Disables service(s)

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    • Rms family

    • Indicator Removal: Network Share Connection Removal

      Adversaries may remove share connections that are no longer useful in order to clean up traces of their operation.

    • Modifies Windows Firewall

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks