General

  • Target

    d35381609a7837b54625620b260ceba0_JaffaCakes118

  • Size

    580KB

  • Sample

    240405-pbmpbsbe51

  • MD5

    d35381609a7837b54625620b260ceba0

  • SHA1

    e2a849cd29fe4584fe183ec4a3d231b96c11510f

  • SHA256

    e451310ccd2dc212d3c4233ef75c6bd4a6b238e6ef44119ae4769cac2a2e5f54

  • SHA512

    a12e110cba61403f88f16ce101297d221f29050c5b7111245c73ed6dbd797493d3f96ed18a175106a1f49d57bd628b2e69695c637e624319a848dc513fd3092e

  • SSDEEP

    12288:Q4gzhRXZrOMlRYpl3U077HwPoTxqLWPiXjJ/whUFT:ehRXZr1ypl3p77QwTUki9/who

Score
7/10

Malware Config

Targets

    • Target

      d35381609a7837b54625620b260ceba0_JaffaCakes118

    • Size

      580KB

    • MD5

      d35381609a7837b54625620b260ceba0

    • SHA1

      e2a849cd29fe4584fe183ec4a3d231b96c11510f

    • SHA256

      e451310ccd2dc212d3c4233ef75c6bd4a6b238e6ef44119ae4769cac2a2e5f54

    • SHA512

      a12e110cba61403f88f16ce101297d221f29050c5b7111245c73ed6dbd797493d3f96ed18a175106a1f49d57bd628b2e69695c637e624319a848dc513fd3092e

    • SSDEEP

      12288:Q4gzhRXZrOMlRYpl3U077HwPoTxqLWPiXjJ/whUFT:ehRXZr1ypl3p77QwTUki9/who

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks