Overview

overview

10

Static

static

1

04b21b8763...18.exe

windows7-x64

10

04b21b8763...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    04b21b8763f3bc4ea2b395a13078ff87_JaffaCakes118

  • Size

    39.4MB

  • Sample

    240428-jjc7zabc3w

  • MD5

    04b21b8763f3bc4ea2b395a13078ff87

  • SHA1

    11da815d06e4b7fd855b4647e048424eac1ad5da

  • SHA256

    22795204fb8c5ab18cf452e6a723163c029d5b416870348254d45dedb6d1ec82

  • SHA512

    08a100c63f18e7e569cf63b7d13d61c31064f59a6d5529bb327b1f81fe8bf20a5e337af0921df0466ee244541df58075a2fa1d93d2be719f866492cdf82077f1

  • SSDEEP

    786432:/kxc4BiiqqeuC9H607Yd0FPAwt3f3DXXo1wg+37TLYVzvWVHQ:/sdqqez9H7wWPRt3f3bXo1wNC

Score
10/10
adwarediscoveryevasionpersistencestealer

Malware Config

Targets

    • Target

      04b21b8763f3bc4ea2b395a13078ff87_JaffaCakes118

    • Size

      39.4MB

    • MD5

      04b21b8763f3bc4ea2b395a13078ff87

    • SHA1

      11da815d06e4b7fd855b4647e048424eac1ad5da

    • SHA256

      22795204fb8c5ab18cf452e6a723163c029d5b416870348254d45dedb6d1ec82

    • SHA512

      08a100c63f18e7e569cf63b7d13d61c31064f59a6d5529bb327b1f81fe8bf20a5e337af0921df0466ee244541df58075a2fa1d93d2be719f866492cdf82077f1

    • SSDEEP

      786432:/kxc4BiiqqeuC9H607Yd0FPAwt3f3DXXo1wg+37TLYVzvWVHQ:/sdqqez9H7wWPRt3f3bXo1wNC

    Score
    10/10
    adwarediscoveryevasionpersistencestealer

    • Modifies firewall policy service

      evasion

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Browser Extensions

1
T1176

Privilege Escalation

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Defense Evasion

Modify Registry

5
T1112

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks