Overview

overview

7

Static

static

3

6b56450f1c...18.exe

windows7-x64

7

6b56450f1c...18.exe

windows10-2004-x64

5

Sharing

Copy URL Twitter E-mail

General

  • Target

    6b56450f1c4d203252d90c2ae53bcec7_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240523-shvv3afc6v

  • MD5

    6b56450f1c4d203252d90c2ae53bcec7

  • SHA1

    01d66aed5a8fe6fa791429087c9e8f389e624a39

  • SHA256

    bb0db8813d9dfd506ffda0f5b3f719074a8b2eedf727de15c2ab4ac7be991101

  • SHA512

    10085a96a6e6f42d27f9ef81510a6815808e3d1d9967bf29cb0ca5cac0add09442b35aa15a498b40ee14f041d1d20362eec723f4b944eeca6159b5117c338d08

  • SSDEEP

    12288:GCJ3TMIOIXgaNJhSG2ceRqgXcryXuzN8W0jzdzUuuppTjvYDAYvu8n3m0osURy2w:GCeJVaF2czrH8FYppTjv7Yvu81oL2Lv

Score
7/10
persistencespywarestealer

Malware Config

Targets

    • Target

      6b56450f1c4d203252d90c2ae53bcec7_JaffaCakes118

    • Size

      1.2MB

    • MD5

      6b56450f1c4d203252d90c2ae53bcec7

    • SHA1

      01d66aed5a8fe6fa791429087c9e8f389e624a39

    • SHA256

      bb0db8813d9dfd506ffda0f5b3f719074a8b2eedf727de15c2ab4ac7be991101

    • SHA512

      10085a96a6e6f42d27f9ef81510a6815808e3d1d9967bf29cb0ca5cac0add09442b35aa15a498b40ee14f041d1d20362eec723f4b944eeca6159b5117c338d08

    • SSDEEP

      12288:GCJ3TMIOIXgaNJhSG2ceRqgXcryXuzN8W0jzdzUuuppTjvYDAYvu8n3m0osURy2w:GCeJVaF2czrH8FYppTjv7Yvu81oL2Lv

    Score
    7/10
    persistencespywarestealer

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks