Overview

overview

7

Static

static

3

fb0d5ef6aa...18.exe

windows7-x64

7

fb0d5ef6aa...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    fb0d5ef6aa00ea8172c2f06a18006bba_JaffaCakes118

  • Size

    871KB

  • Sample

    240419-ymn6zaef8z

  • MD5

    fb0d5ef6aa00ea8172c2f06a18006bba

  • SHA1

    35ec47d2141b860e9c075867aa271cb393808d71

  • SHA256

    ebf524997af43953c6c124093182cc565d30cc0efda51c01a08e1b2264ffde49

  • SHA512

    72e6d8aa90f190a88ea09e9d48d401e1ad2c0e6a982ffc0d1d9b515997ea406c26c0de1ff01b50854ad4dbf07e1099b7e6f4ef524eb4baf87bd5201ab5fa03ac

  • SSDEEP

    24576:au1e/bbLrswYfFBa6sFXFZb9H2QPY9EjIgqbPbKmuxyqsNJ:aOefswYfruDlTPcYIgyP9q6J

Score
7/10
persistence

Malware Config

Targets

    • Target

      fb0d5ef6aa00ea8172c2f06a18006bba_JaffaCakes118

    • Size

      871KB

    • MD5

      fb0d5ef6aa00ea8172c2f06a18006bba

    • SHA1

      35ec47d2141b860e9c075867aa271cb393808d71

    • SHA256

      ebf524997af43953c6c124093182cc565d30cc0efda51c01a08e1b2264ffde49

    • SHA512

      72e6d8aa90f190a88ea09e9d48d401e1ad2c0e6a982ffc0d1d9b515997ea406c26c0de1ff01b50854ad4dbf07e1099b7e6f4ef524eb4baf87bd5201ab5fa03ac

    • SSDEEP

      24576:au1e/bbLrswYfFBa6sFXFZb9H2QPY9EjIgqbPbKmuxyqsNJ:aOefswYfruDlTPcYIgyP9q6J

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks