Overview

overview

8

Static

static

3

06aa076fa7...18.exe

windows7-x64

8

06aa076fa7...18.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    06aa076fa74fead0897a23145659fc9c_JaffaCakes118

  • Size

    532KB

  • Sample

    240620-rd28xawank

  • MD5

    06aa076fa74fead0897a23145659fc9c

  • SHA1

    7418be31b8117e32edfdaf158212c7350301dee4

  • SHA256

    32223115434ad60c1c74e916b72f3afabc4c61ad15f4e15ec1b22f3b71d4d94e

  • SHA512

    c32e0ce62dfef5af1e7bce13242f17c4bb52dcbb7220692dc465bae65f6a5856f002aeb9dd1aea2e5cb4faccb64caa756d9679e222794f771849ff8e62191963

  • SSDEEP

    3072:Q94sjiJeBjaoadjE5aTtEyXM5hkftw39t+unk++T3mNNb5NOV8aOQdE:04sZBOZdjEYTPXMhaMP/kFTA7OAJ

Score
8/10
persistence

Malware Config

Targets

    • Target

      06aa076fa74fead0897a23145659fc9c_JaffaCakes118

    • Size

      532KB

    • MD5

      06aa076fa74fead0897a23145659fc9c

    • SHA1

      7418be31b8117e32edfdaf158212c7350301dee4

    • SHA256

      32223115434ad60c1c74e916b72f3afabc4c61ad15f4e15ec1b22f3b71d4d94e

    • SHA512

      c32e0ce62dfef5af1e7bce13242f17c4bb52dcbb7220692dc465bae65f6a5856f002aeb9dd1aea2e5cb4faccb64caa756d9679e222794f771849ff8e62191963

    • SSDEEP

      3072:Q94sjiJeBjaoadjE5aTtEyXM5hkftw39t+unk++T3mNNb5NOV8aOQdE:04sZBOZdjEYTPXMhaMP/kFTA7OAJ

    Score
    8/10
    persistence

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks