Overview

overview

7

Static

static

3

010c349699...18.exe

windows7-x64

7

010c349699...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    010c349699e55d3d5f616b50acf88ef5_JaffaCakes118

  • Size

    262KB

  • Sample

    240426-skc32aeb78

  • MD5

    010c349699e55d3d5f616b50acf88ef5

  • SHA1

    8685e53d55a0a1f95788fe890b2b5964aa8c9c15

  • SHA256

    4cd49753eb7cb8dd78c53272fd88cf6ddb7913b16e7cf39bfaa7c6922d600cd0

  • SHA512

    56daca604bd979868d485219c1025b55ec58edafda5a02fde3b4d3a8d3d378e7e353cc6f43527510365f07360f426fef33d40f7b2da392c66bf11d23ff82ea43

  • SSDEEP

    3072:pqTUgnUmSY/WWKY/Wy6cW8ooK6DnD6tyYWhx0/nTysMapnXDtkx3bNc:kUuWY/W0DIxfyYMx5sMaRhk

Score
7/10
adwarediscoverypersistencestealer

Malware Config

Targets

    • Target

      010c349699e55d3d5f616b50acf88ef5_JaffaCakes118

    • Size

      262KB

    • MD5

      010c349699e55d3d5f616b50acf88ef5

    • SHA1

      8685e53d55a0a1f95788fe890b2b5964aa8c9c15

    • SHA256

      4cd49753eb7cb8dd78c53272fd88cf6ddb7913b16e7cf39bfaa7c6922d600cd0

    • SHA512

      56daca604bd979868d485219c1025b55ec58edafda5a02fde3b4d3a8d3d378e7e353cc6f43527510365f07360f426fef33d40f7b2da392c66bf11d23ff82ea43

    • SSDEEP

      3072:pqTUgnUmSY/WWKY/Wy6cW8ooK6DnD6tyYWhx0/nTysMapnXDtkx3bNc:kUuWY/W0DIxfyYMx5sMaRhk

    Score
    7/10
    adwarediscoverypersistencestealer

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Browser Extensions

1
T1176

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks