Overview

overview

10

Static

static

10

f7cded298c...18.exe

windows7-x64

10

f7cded298c...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f7cded298cdf3671d5be20511ca4fcb1_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240418-mhhb3sac94

  • MD5

    f7cded298cdf3671d5be20511ca4fcb1

  • SHA1

    242e12edbe1a9fd6ba663099c1432df12b9a2064

  • SHA256

    c49db28c90989f14866faa6781fc5e6531c8a63d3c3f3d245b4c4d752ce5ebf0

  • SHA512

    1227350d1340597f350f62cae03568cb700cd0470bb555dca1ff4bac5bb01fd57c1b55071e311dddd2cd7feb6daf823f5cbac4dfa74da25353a445f1e15a6d72

  • SSDEEP

    24576:Jq5mFG/nW3aTDtFj3RbjBN9fmuyXtw/4TL2lDNY/to4:45fuKT7jxj9foTylD2o4

Score
10/10
privateloaderriseproevasionspywarestealertrojan

Malware Config

Targets

    • Target

      f7cded298cdf3671d5be20511ca4fcb1_JaffaCakes118

    • Size

      1.1MB

    • MD5

      f7cded298cdf3671d5be20511ca4fcb1

    • SHA1

      242e12edbe1a9fd6ba663099c1432df12b9a2064

    • SHA256

      c49db28c90989f14866faa6781fc5e6531c8a63d3c3f3d245b4c4d752ce5ebf0

    • SHA512

      1227350d1340597f350f62cae03568cb700cd0470bb555dca1ff4bac5bb01fd57c1b55071e311dddd2cd7feb6daf823f5cbac4dfa74da25353a445f1e15a6d72

    • SSDEEP

      24576:Jq5mFG/nW3aTDtFj3RbjBN9fmuyXtw/4TL2lDNY/to4:45fuKT7jxj9foTylD2o4

    Score
    10/10
    evasionspywarestealertrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Modify Registry

2
T1112

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks