Overview

overview

8

Static

static

1

6922e3ad58...18.doc

windows7-x64

1

6922e3ad58...18.doc

windows10-2004-x64

1

decrypted.xlsx

windows7-x64

8

decrypted.xlsx

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6922e3ad588509bc726c47d4c89e471a_JaffaCakes118

  • Size

    667KB

  • Sample

    240523-arb57sef7x

  • MD5

    6922e3ad588509bc726c47d4c89e471a

  • SHA1

    428a3ec8d7f5db735bf1d9d6fba0f7f90394e3b8

  • SHA256

    a1f3b7bd804a3f61b92fcf7da6f2fa61b32cdbff244569b34f88b6e4740250e2

  • SHA512

    7462437fb254aa47198955fa611e4ef98fe1d0b90c3996a3ed5329bfe926b9530aeb8008ea8a9b2b1cbe37e19cd18511909907f38bf98cef35214bbd3f29895a

  • SSDEEP

    12288:slC3lN1JymZnlPU8upnb+o9ImEVjtDFHxh1EVMr55uB/+fYwQ4+1JgG:slC1zBlP65+og53Hxh1EVMr2/+Y4G

Score
8/10

Malware Config

Targets

    • Target

      6922e3ad588509bc726c47d4c89e471a_JaffaCakes118

    • Size

      667KB

    • MD5

      6922e3ad588509bc726c47d4c89e471a

    • SHA1

      428a3ec8d7f5db735bf1d9d6fba0f7f90394e3b8

    • SHA256

      a1f3b7bd804a3f61b92fcf7da6f2fa61b32cdbff244569b34f88b6e4740250e2

    • SHA512

      7462437fb254aa47198955fa611e4ef98fe1d0b90c3996a3ed5329bfe926b9530aeb8008ea8a9b2b1cbe37e19cd18511909907f38bf98cef35214bbd3f29895a

    • SSDEEP

      12288:slC3lN1JymZnlPU8upnb+o9ImEVjtDFHxh1EVMr55uB/+fYwQ4+1JgG:slC1zBlP65+og53Hxh1EVMr2/+Y4G

    Score
    1/10
    behavioral1behavioral2

    • Target

      decrypted

    • Size

      653KB

    • MD5

      e2a5a633051b4e7e253ad4a0b11e3ccc

    • SHA1

      b82222381ffcc1cb65d5f79246006ac91b546a98

    • SHA256

      c2328ce920a800b3e331eaf0ef4215a26a948706b7b9d3c580e2f43b03248138

    • SHA512

      ff4f3ecc5b4e680283bfda9ee786779cf06c68321244c503b46d4b8ecc1f38bcdf9980173552a4958f4d8f341b8dca13428255beb718e3d0aeebea46e5390a29

    • SSDEEP

      12288:WTu3u39EzsTY1kFKRm41qNx6AV0VlpExk2wWLE4+lT8xA6/eMR6Fa:WzizsTYFLcPd0N6k2wYKlYyWpR6Fa

    Score
    8/10

    • Blocklisted process makes network request

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

6
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks