Overview

overview

10

Static

static

3

f432143eef...18.exe

windows7-x64

10

f432143eef...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f432143eef13263ec5956b7db2242c2a_JaffaCakes118

  • Size

    2.0MB

  • Sample

    240416-yfcjlacd4z

  • MD5

    f432143eef13263ec5956b7db2242c2a

  • SHA1

    61cfba11d6e0ceac08a8e2afc43d0fd1afa8b9b6

  • SHA256

    98d74cdbcf31e2166ee1beca480bb0110278ab7ae76a5355d5fd6d63b909f101

  • SHA512

    7ab0d95e77aec8fe913872cd30badcb1e6fe43676fb4e48429cd13272f9e2969f38704cfe7a2093657c6bb5e41d10dc57de6f3a3440348e7e8e11f6503d54ccd

  • SSDEEP

    49152:O9AmFHzPIldt9QFm0yfR0MRhYHAoniaq01LOXLtF81o:OCZldQyHhYbBd1L0XAo

Score
10/10
netsupportrat

Malware Config

Targets

    • Target

      f432143eef13263ec5956b7db2242c2a_JaffaCakes118

    • Size

      2.0MB

    • MD5

      f432143eef13263ec5956b7db2242c2a

    • SHA1

      61cfba11d6e0ceac08a8e2afc43d0fd1afa8b9b6

    • SHA256

      98d74cdbcf31e2166ee1beca480bb0110278ab7ae76a5355d5fd6d63b909f101

    • SHA512

      7ab0d95e77aec8fe913872cd30badcb1e6fe43676fb4e48429cd13272f9e2969f38704cfe7a2093657c6bb5e41d10dc57de6f3a3440348e7e8e11f6503d54ccd

    • SSDEEP

      49152:O9AmFHzPIldt9QFm0yfR0MRhYHAoniaq01LOXLtF81o:OCZldQyHhYbBd1L0XAo

    Score
    10/10
    netsupportrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks