Overview

overview

8

Static

static

3

e8c95e4e55...18.exe

windows7-x64

8

e8c95e4e55...18.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    e8c95e4e550d5fd4fd49b0dfcfa6019c_JaffaCakes118

  • Size

    327KB

  • Sample

    240409-aqws8abg3t

  • MD5

    e8c95e4e550d5fd4fd49b0dfcfa6019c

  • SHA1

    42511c1612c1a478796dd5f2f13b3fb606570a6e

  • SHA256

    c6eb2706e143ab85be01195116147af57c3a3a025cac39329b70b6e999cb4e69

  • SHA512

    a5e075a1b68d180f703f7179f3764a598a283b9f3fa7faa0bbc579fcdd19f24500ec659ed4d74ffa12f4f24462df38e718dbb43d554de52e81c531511dee8e87

  • SSDEEP

    6144:IP/LqQPkY1TXUDW/jb+oMTKuiQnrL9AlVs+Qz4UJa5eteCPU2Fl:IP/LVdTXUDWn78K0nrZAMV0gCeDPUG

Score
8/10
evasionspywarestealer

Malware Config

Targets

    • Target

      e8c95e4e550d5fd4fd49b0dfcfa6019c_JaffaCakes118

    • Size

      327KB

    • MD5

      e8c95e4e550d5fd4fd49b0dfcfa6019c

    • SHA1

      42511c1612c1a478796dd5f2f13b3fb606570a6e

    • SHA256

      c6eb2706e143ab85be01195116147af57c3a3a025cac39329b70b6e999cb4e69

    • SHA512

      a5e075a1b68d180f703f7179f3764a598a283b9f3fa7faa0bbc579fcdd19f24500ec659ed4d74ffa12f4f24462df38e718dbb43d554de52e81c531511dee8e87

    • SSDEEP

      6144:IP/LqQPkY1TXUDW/jb+oMTKuiQnrL9AlVs+Qz4UJa5eteCPU2Fl:IP/LVdTXUDWn78K0nrZAMV0gCeDPUG

    Score
    8/10
    evasionspywarestealer

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks