Overview

overview

10

Static

static

3

adc39a303e...18.exe

windows7-x64

10

adc39a303e...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    adc39a303e9f77185758587875097bb6_JaffaCakes118

  • Size

    230KB

  • Sample

    240615-lfchdavhqc

  • MD5

    adc39a303e9f77185758587875097bb6

  • SHA1

    134d9e732a33413519341e4947013e7c7e521415

  • SHA256

    bfb8d13fcb64e3d09de2850b47d64492dbfc7bba58766546c1511f1fa59a64c9

  • SHA512

    6db6ff0de121a8f41e51fa011f17d14c9910a57ccf5bcb0237879a9e15f6d1eda209c5bae969c8edf5874ce44f90c826919697694aae86768c6169044d982230

  • SSDEEP

    6144:CpQpG5qElACE3GDOCG9FsEpkKBFaPwdgiCdp:8J5AGiC4DR3ao9Cdp

Score
10/10
golddragonbackdoor

Malware Config

Targets

    • Target

      adc39a303e9f77185758587875097bb6_JaffaCakes118

    • Size

      230KB

    • MD5

      adc39a303e9f77185758587875097bb6

    • SHA1

      134d9e732a33413519341e4947013e7c7e521415

    • SHA256

      bfb8d13fcb64e3d09de2850b47d64492dbfc7bba58766546c1511f1fa59a64c9

    • SHA512

      6db6ff0de121a8f41e51fa011f17d14c9910a57ccf5bcb0237879a9e15f6d1eda209c5bae969c8edf5874ce44f90c826919697694aae86768c6169044d982230

    • SSDEEP

      6144:CpQpG5qElACE3GDOCG9FsEpkKBFaPwdgiCdp:8J5AGiC4DR3ao9Cdp

    Score
    10/10
    golddragonbackdoor

    • GoldDragon

      GoldDragon is a second-stage backdoor attributed to Kimsuky.

      backdoorgolddragon

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks