Overview

overview

10

Static

static

3

f1670cab1f...18.exe

windows7-x64

10

f1670cab1f...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f1670cab1f506b29baa4668af746391c_JaffaCakes118

  • Size

    8.3MB

  • Sample

    240415-s287ssaa38

  • MD5

    f1670cab1f506b29baa4668af746391c

  • SHA1

    3250cf0a0d4eaed6b69f45877161f1a8a512a6b4

  • SHA256

    cbba1c25ba9360cbc5ffbffc878fc73eb113393f1868b1a65efc7e227913f49f

  • SHA512

    789c808e3a53932546e47d0fe79c45c801075e07188a30804f7549912e021f7ee8ec7eeb39b3d58e77642782d7e6e96a12b35a24480e77a58edaf95134b405c9

  • SSDEEP

    196608:jVAvAcJaMYqBAcGZDblWAoU9juRitUgvgVAl4NQWqTVi:jVMR96cGZDRWAb98iCgvgYFTs

Score
10/10
banloaddownloaderdropperpersistencetrojan

Malware Config

Targets

    • Target

      f1670cab1f506b29baa4668af746391c_JaffaCakes118

    • Size

      8.3MB

    • MD5

      f1670cab1f506b29baa4668af746391c

    • SHA1

      3250cf0a0d4eaed6b69f45877161f1a8a512a6b4

    • SHA256

      cbba1c25ba9360cbc5ffbffc878fc73eb113393f1868b1a65efc7e227913f49f

    • SHA512

      789c808e3a53932546e47d0fe79c45c801075e07188a30804f7549912e021f7ee8ec7eeb39b3d58e77642782d7e6e96a12b35a24480e77a58edaf95134b405c9

    • SSDEEP

      196608:jVAvAcJaMYqBAcGZDblWAoU9juRitUgvgVAl4NQWqTVi:jVMR96cGZDRWAb98iCgvgYFTs

    Score
    10/10
    banloaddownloaderdropperpersistencetrojan

    • Banload

      Banload variants download malicious files, then install and execute the files.

      trojandropperdownloaderbanload

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks