Overview

overview

10

Static

static

7

ff643925ab...18.exe

windows7-x64

ff643925ab...18.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ff643925ab1766e8824df0ea24bd360d_JaffaCakes118

  • Size

    319KB

  • Sample

    240421-qt7b5ace44

  • MD5

    ff643925ab1766e8824df0ea24bd360d

  • SHA1

    51d1d7776a51c091dbce0941d05bacf17558ed29

  • SHA256

    3383331a239a845adc5491cae5c4c5f506d995512f39cf3274bd2c9a02ee7aef

  • SHA512

    413ef73606c2d8ec0ccd4307da86e0ca2aa5825ee9f072b5376920cfd06d4a752af92c29e54d2b6568432a28c453c8442eab492659bb7562bcd401b5063c4b0d

  • SSDEEP

    6144:IcZHcar1Y1F4kTtCE8y7gSCpgUXGqyzLlxE95/wWT2tHR+weaZ:fHNWw7dy7gS9UX2YPS2a

Score
10/10
persistenceupx

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://rerererererere.com/inst.php?id=forbidden

Targets

    • Target

      ff643925ab1766e8824df0ea24bd360d_JaffaCakes118

    • Size

      319KB

    • MD5

      ff643925ab1766e8824df0ea24bd360d

    • SHA1

      51d1d7776a51c091dbce0941d05bacf17558ed29

    • SHA256

      3383331a239a845adc5491cae5c4c5f506d995512f39cf3274bd2c9a02ee7aef

    • SHA512

      413ef73606c2d8ec0ccd4307da86e0ca2aa5825ee9f072b5376920cfd06d4a752af92c29e54d2b6568432a28c453c8442eab492659bb7562bcd401b5063c4b0d

    • SSDEEP

      6144:IcZHcar1Y1F4kTtCE8y7gSCpgUXGqyzLlxE95/wWT2tHR+weaZ:fHNWw7dy7gS9UX2YPS2a

    Score
    10/10
    persistenceupx

    • Modifies WinLogon for persistence

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks