Overview

overview

10

Static

static

3

5eeabe4d57...18.exe

windows7-x64

10

5eeabe4d57...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    5eeabe4d5741c00bbd3021a023779fe6_JaffaCakes118

  • Size

    6.9MB

  • Sample

    240520-nz2byshh82

  • MD5

    5eeabe4d5741c00bbd3021a023779fe6

  • SHA1

    b2f37471bd0db8af963c7893920eaccfd9a8a7f5

  • SHA256

    e9d6e465a79e865cabae62195762b8005320a7c539ba17260445dc1378eec353

  • SHA512

    f3a291a225c62fe4732c59de0e202c5e5a12d33fe921a88bc5a7ea2656046603c326b3cf33b29a2118e17865c990da489ed7bf0cd9a3a4a6602403d78ad070c8

  • SSDEEP

    196608:nRj1OsUwkV1EMnkKEFa2L6LPooooooogOHbBGPtKIX:njJmuaIb40IX

Score
10/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      5eeabe4d5741c00bbd3021a023779fe6_JaffaCakes118

    • Size

      6.9MB

    • MD5

      5eeabe4d5741c00bbd3021a023779fe6

    • SHA1

      b2f37471bd0db8af963c7893920eaccfd9a8a7f5

    • SHA256

      e9d6e465a79e865cabae62195762b8005320a7c539ba17260445dc1378eec353

    • SHA512

      f3a291a225c62fe4732c59de0e202c5e5a12d33fe921a88bc5a7ea2656046603c326b3cf33b29a2118e17865c990da489ed7bf0cd9a3a4a6602403d78ad070c8

    • SSDEEP

      196608:nRj1OsUwkV1EMnkKEFa2L6LPooooooogOHbBGPtKIX:njJmuaIb40IX

    Score
    10/10
    evasionpersistencetrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks