Overview

overview

10

Static

static

3

ab9e0b9509...18.exe

windows7-x64

10

ab9e0b9509...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ab9e0b950938b3a10447fd0dc2071e1e_JaffaCakes118

  • Size

    3.5MB

  • Sample

    240614-1pljza1dll

  • MD5

    ab9e0b950938b3a10447fd0dc2071e1e

  • SHA1

    9b5b542de41972e682e58dd62998b6bcb1924625

  • SHA256

    b764f02f85eb694ef3692cac3a87e7acb59a8fc4120c46c36312e60593db25b3

  • SHA512

    643c9809c98d0b8a5c5c883a62b9a92819502c38b7a2978c9376b17659d6abcdebe38036a3ec386b608b54aadcd750c21f4ef9ee1512b5cac4ec145d51938bcf

  • SSDEEP

    98304:AIAyzVdlGHbKzAoUHKt/O9DLbKV/bHO2lvUUgVcB+:jAO/KKzIf9vo/73vUUJB

Score
10/10
evasionexecutiontrojan

Malware Config

Targets

    • Target

      ab9e0b950938b3a10447fd0dc2071e1e_JaffaCakes118

    • Size

      3.5MB

    • MD5

      ab9e0b950938b3a10447fd0dc2071e1e

    • SHA1

      9b5b542de41972e682e58dd62998b6bcb1924625

    • SHA256

      b764f02f85eb694ef3692cac3a87e7acb59a8fc4120c46c36312e60593db25b3

    • SHA512

      643c9809c98d0b8a5c5c883a62b9a92819502c38b7a2978c9376b17659d6abcdebe38036a3ec386b608b54aadcd750c21f4ef9ee1512b5cac4ec145d51938bcf

    • SSDEEP

      98304:AIAyzVdlGHbKzAoUHKt/O9DLbKV/bHO2lvUUgVcB+:jAO/KKzIf9vo/73vUUJB

    Score
    10/10
    evasionexecutiontrojan

    • UAC bypass

      evasiontrojan

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks whether UAC is enabled

      evasiontrojan

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks