Overview

overview

7

Static

static

3

35320119bd...18.exe

windows7-x64

7

35320119bd...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    35320119bdf9b8953c68ffd5fd55a986_JaffaCakes118

  • Size

    285KB

  • Sample

    240511-sjhxwsfg72

  • MD5

    35320119bdf9b8953c68ffd5fd55a986

  • SHA1

    832af2ba23d8c3dd725a9e6ad542e6118ed29dc6

  • SHA256

    e4a62b2f18d22b58a104c2976e2e5104606e470a064bdf7d0bb2b0e9aba84bf9

  • SHA512

    f029ea1f6ace487bb6ad4ecdbb92f8c86effd4c77c3fa8440e3f0bd786d6bcbcb54acc08bb51ff1e1ee34a5209c5008e0fef7868fec7520f90a3432452d25dd7

  • SSDEEP

    6144:IkgmBi2yls2Yt8QFRpRaoI5/HJ1W97A4ck7g1Ok3rswn2fexNtqoWGDgE62W4oNf:IkgmBi2yls2YtInFTqoWGDgE62ucv25Z

Score
7/10
persistence

Malware Config

Targets

    • Target

      35320119bdf9b8953c68ffd5fd55a986_JaffaCakes118

    • Size

      285KB

    • MD5

      35320119bdf9b8953c68ffd5fd55a986

    • SHA1

      832af2ba23d8c3dd725a9e6ad542e6118ed29dc6

    • SHA256

      e4a62b2f18d22b58a104c2976e2e5104606e470a064bdf7d0bb2b0e9aba84bf9

    • SHA512

      f029ea1f6ace487bb6ad4ecdbb92f8c86effd4c77c3fa8440e3f0bd786d6bcbcb54acc08bb51ff1e1ee34a5209c5008e0fef7868fec7520f90a3432452d25dd7

    • SSDEEP

      6144:IkgmBi2yls2Yt8QFRpRaoI5/HJ1W97A4ck7g1Ok3rswn2fexNtqoWGDgE62W4oNf:IkgmBi2yls2YtInFTqoWGDgE62ucv25Z

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks