Overview

overview

7

Static

static

3

Photo1.exe

windows7-x64

7

Photo1.exe

windows10-2004-x64

7

Photo2.exe

windows7-x64

7

Photo2.exe

windows10-2004-x64

7

TConf.exe

windows7-x64

1

TConf.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2ca101f9e51c01c366975ee4094b3a1f_JaffaCakes118

  • Size

    131KB

  • Sample

    240510-bm4kbsac2w

  • MD5

    2ca101f9e51c01c366975ee4094b3a1f

  • SHA1

    6a6ab83750947a58a11125c82f0b67c5197886a6

  • SHA256

    24cf45e2f326516edf295ca49e7f619ccc6f11ea9a81cd28b1e4ffa6a376d1a7

  • SHA512

    5f7933aef38fc23ed592007d4a44699cae53a1535f665a08e45e462818a14face3e516b932d8006eb69cd03eb9101ee8c25424679a22c65cf35d3d8686e5a18c

  • SSDEEP

    3072:rvvrlnUnPh66Vy5Wp7MdWHfvTTiW4u85w7S0Gkep7:rvvrJUnPhRYWKufvTTi5h5gXeZ

Score
7/10
persistence

Malware Config

Targets

    • Target

      Photo1.exe

    • Size

      37KB

    • MD5

      134beec9243886fa1ae1fe09a2e8f0f2

    • SHA1

      70c91c4ce17b56a193b2976343bb4885971a0414

    • SHA256

      17230c5866d55f7c66039d773cc43132b4f02149bdff45bd396d41f08a2c0b45

    • SHA512

      8a905e31c71720977574f7a488b61d976719580b2cb6dbdca0bc6914ccf254daac692899373fcaaddbc07dfaa997676e3cf8f5d5b81bf2c65c21d1a1e73aa398

    • SSDEEP

      768:bX3pbhvZSjPrIHHVuLIFOXds2L6cJj3AD2DLy6cgDNCK1mMZ:t3Sr0HSPXdVLDpDLy6cgDNNr

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      Photo2.exe

    • Size

      37KB

    • MD5

      7b6fe54446ff5d20230b2d6f5ce45fad

    • SHA1

      d6404f74516285cc40272d345461d9abd90823b3

    • SHA256

      70aae83fad8fbbbd63c6a348fc4716abdd19a4f9bb9d011cb0f80850beb4543a

    • SHA512

      77ce4a4fbe85e9b2a4c63637b0247724ee33ca0b6024a6a39138c5e73b0a3b3ed36a11a14bed04e05ba1babac183e9bae30a0b5b01c1fb3a655a78a81063f477

    • SSDEEP

      768:LX3pbhvZSjPrIHHVuLIFOXds2L6cJj3AD2DLyxNCK1mM:d3Sr0HSPXdVLDpDLyxNN

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral3behavioral4

    • Target

      TConf.exe

    • Size

      308KB

    • MD5

      63be68e411e906c1d64248621159b9a7

    • SHA1

      e804f76368776381fd6e5984dd7a0fdbe0534f88

    • SHA256

      40362c8ae6f6584b7a1d8978f2409df2d4d32c0d0434c6821725ed7ad92bfe19

    • SHA512

      daa848bac3183e681a6bc13b6b3a47d3bef915d3ecfc757d181ff38b1e91c287dc29668ba68090dfb962d8cdd42724289e45af763599d40b9c617e802e9d74a3

    • SSDEEP

      3072:NuUoNfQlAmfKPRK0MFhBgqR/Qof0FpSMIWOq6jbO787as3X7HRlRnAJ+fI:hmnm6MFhuqcpY

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks