Overview

overview

10

Static

static

1

4f95b91733...18.exe

windows7-x64

10

4f95b91733...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    4f95b91733f00230f5ad8c7fbe8ffd18_JaffaCakes118

  • Size

    39.4MB

  • Sample

    240517-mqsssaed79

  • MD5

    4f95b91733f00230f5ad8c7fbe8ffd18

  • SHA1

    ff1da6dcc48b53f4e20e0d3a282924694c9e3e73

  • SHA256

    93a4adcf10aa72472b4f91ab6ec411141ac6cac57f1d4b68c302367b2fcbb65b

  • SHA512

    1fd7c7937e9292b92e97620bf748358e006f5cb4cdc2fadb578c32bc26185752f78ec5c2d3e1e04a183c0ad24790197ee8f69470852bdec1cb86cf6108a2382e

  • SSDEEP

    786432:Pkxc4BiiqqeuC9H607Yd0FPAwt3f3DXXo1wg+37TLYVzvWVHO:Psdqqez9H7wWPRt3f3bXo1wNw

Score
10/10
adwarediscoveryevasionpersistencestealer

Malware Config

Targets

    • Target

      4f95b91733f00230f5ad8c7fbe8ffd18_JaffaCakes118

    • Size

      39.4MB

    • MD5

      4f95b91733f00230f5ad8c7fbe8ffd18

    • SHA1

      ff1da6dcc48b53f4e20e0d3a282924694c9e3e73

    • SHA256

      93a4adcf10aa72472b4f91ab6ec411141ac6cac57f1d4b68c302367b2fcbb65b

    • SHA512

      1fd7c7937e9292b92e97620bf748358e006f5cb4cdc2fadb578c32bc26185752f78ec5c2d3e1e04a183c0ad24790197ee8f69470852bdec1cb86cf6108a2382e

    • SSDEEP

      786432:Pkxc4BiiqqeuC9H607Yd0FPAwt3f3DXXo1wg+37TLYVzvWVHO:Psdqqez9H7wWPRt3f3bXo1wNw

    Score
    10/10
    adwarediscoveryevasionpersistencestealer

    • Modifies firewall policy service

      evasion

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks