General

  • Target

    JaffaCakes118_00311e8deabd64e4292372319e458670

  • Size

    322KB

  • Sample

    250508-xrl2qsvvbs

  • MD5

    00311e8deabd64e4292372319e458670

  • SHA1

    829bb99498667b1fb207f63131bfb174be7caf86

  • SHA256

    b4cd57a6a5a5b28f792c3a9233d1e0e41cef016c3ec633f820fcf13e0be4fc22

  • SHA512

    519559987dc625d239d7f5a89737c26483e28cee7b47f42ce04b774a47663ebd738d7c2a8a35a84734bc70067fe8c2004ece08dbe3fb43c27f607f5d128a07e9

  • SSDEEP

    6144:wsTkY2MLCyeZ2iSxn0SH78oKRxN51hzN/8QNQfLXh+r8X37Grg58jM:w+krOXiun0cWZ511+Qaf8rS374gD

Malware Config

Targets

    • Target

      JaffaCakes118_00311e8deabd64e4292372319e458670

    • Size

      322KB

    • MD5

      00311e8deabd64e4292372319e458670

    • SHA1

      829bb99498667b1fb207f63131bfb174be7caf86

    • SHA256

      b4cd57a6a5a5b28f792c3a9233d1e0e41cef016c3ec633f820fcf13e0be4fc22

    • SHA512

      519559987dc625d239d7f5a89737c26483e28cee7b47f42ce04b774a47663ebd738d7c2a8a35a84734bc70067fe8c2004ece08dbe3fb43c27f607f5d128a07e9

    • SSDEEP

      6144:wsTkY2MLCyeZ2iSxn0SH78oKRxN51hzN/8QNQfLXh+r8X37Grg58jM:w+krOXiun0cWZ511+Qaf8rS374gD

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

    • Imminent family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v16

Tasks