Overview

overview

10

Static

static

3

0aa54d6995...18.exe

windows7-x64

10

0aa54d6995...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0aa54d699597ac9bc70fe036fd22224d_JaffaCakes118

  • Size

    286KB

  • Sample

    240624-y2fs5s1dlh

  • MD5

    0aa54d699597ac9bc70fe036fd22224d

  • SHA1

    4372610375089d43bec9b53ffd281c46b7badc33

  • SHA256

    c94bdbfe33a13077fc488af7e80ade7fda83afe1fd367554befa34bd4c3b8593

  • SHA512

    e43dfde3d494b9ee5304ac023ada1ad011d4b618c798f0ab4fa1317a2c32a461afec20e0a91e468fe61356f610b6560221d08aca56c2af57227000c942dbd217

  • SSDEEP

    6144:gDCwfG1bnxLEDuG148sd5aqrq96mU0D5qTd:g72bntEDuG1QjH2fU09qB

Score
10/10
defense_evasionevasionpersistence

Malware Config

Targets

    • Target

      0aa54d699597ac9bc70fe036fd22224d_JaffaCakes118

    • Size

      286KB

    • MD5

      0aa54d699597ac9bc70fe036fd22224d

    • SHA1

      4372610375089d43bec9b53ffd281c46b7badc33

    • SHA256

      c94bdbfe33a13077fc488af7e80ade7fda83afe1fd367554befa34bd4c3b8593

    • SHA512

      e43dfde3d494b9ee5304ac023ada1ad011d4b618c798f0ab4fa1317a2c32a461afec20e0a91e468fe61356f610b6560221d08aca56c2af57227000c942dbd217

    • SSDEEP

      6144:gDCwfG1bnxLEDuG148sd5aqrq96mU0D5qTd:g72bntEDuG1QjH2fU09qB

    Score
    10/10
    defense_evasionevasionpersistence

    • Modifies visibility of file extensions in Explorer

      evasion

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Adds policy Run key to start application

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

      defense_evasion

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks