Overview

overview

10

Static

static

3

51ddbe4cbd...18.exe

windows7-x64

10

51ddbe4cbd...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    51ddbe4cbd6cf9e71ed36656961f62ac_JaffaCakes118

  • Size

    2.1MB

  • Sample

    240517-2p1jkafa3x

  • MD5

    51ddbe4cbd6cf9e71ed36656961f62ac

  • SHA1

    d4515419337741285e9ddefa13c4ad02f8dea4dd

  • SHA256

    b2fb69fe5a4d38d7c2ee4c2a9aa7badac6f342ec93fca10de04a4d9b2893fa56

  • SHA512

    3afee0f39b039b4551b77ea38029b5cef2aed7fd9db7f70bb8dd7a61e4abb4a5ec712bdfa92e3b20a8063db2440e4d13e1cf2547f59489d830b316563556fa99

  • SSDEEP

    49152:rh5n9jt3/btUZhdrQ31JeuhO45Eg9wVwdOv:RFgrQ3j/g45Eg9wiOv

Score
10/10
nanocoreevasionkeyloggerpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      51ddbe4cbd6cf9e71ed36656961f62ac_JaffaCakes118

    • Size

      2.1MB

    • MD5

      51ddbe4cbd6cf9e71ed36656961f62ac

    • SHA1

      d4515419337741285e9ddefa13c4ad02f8dea4dd

    • SHA256

      b2fb69fe5a4d38d7c2ee4c2a9aa7badac6f342ec93fca10de04a4d9b2893fa56

    • SHA512

      3afee0f39b039b4551b77ea38029b5cef2aed7fd9db7f70bb8dd7a61e4abb4a5ec712bdfa92e3b20a8063db2440e4d13e1cf2547f59489d830b316563556fa99

    • SSDEEP

      49152:rh5n9jt3/btUZhdrQ31JeuhO45Eg9wVwdOv:RFgrQ3j/g45Eg9wiOv

    Score
    10/10
    nanocoreevasionkeyloggerpersistencespywarestealertrojan

    • NanoCore

      NanoCore is a remote access tool (RAT) with a variety of capabilities.

      keyloggertrojanstealerspywarenanocore

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

1
T1064

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks