Overview

overview

10

Static

static

3

0aaec3baeb...18.exe

windows7-x64

10

0aaec3baeb...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    0aaec3baeba8956fc9ad9362dc560083_JaffaCakes118

  • Size

    101KB

  • Sample

    240624-y7ne6s1fqe

  • MD5

    0aaec3baeba8956fc9ad9362dc560083

  • SHA1

    382343cd4ae1f29e64d370c208ef8cc8a1dc68a4

  • SHA256

    c1120b0b32a0276505fd2c2b60d8a91755c6d592ab951bcf7bdfead3d7a938c0

  • SHA512

    49349b261f98932b5a766e90e1c893ca3f5343214eddebea902aab56a7586222db43ddd2210b7ffe08d408f81aa5ae0865381f3deb9b010e373f049f030c98ef

  • SSDEEP

    1536:YYfPo4gNDuo5ES+2zwy78ROAYx/5SoqWyy0y:Bo/YUESgy7BAu/5SoqWyW

Score
10/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      0aaec3baeba8956fc9ad9362dc560083_JaffaCakes118

    • Size

      101KB

    • MD5

      0aaec3baeba8956fc9ad9362dc560083

    • SHA1

      382343cd4ae1f29e64d370c208ef8cc8a1dc68a4

    • SHA256

      c1120b0b32a0276505fd2c2b60d8a91755c6d592ab951bcf7bdfead3d7a938c0

    • SHA512

      49349b261f98932b5a766e90e1c893ca3f5343214eddebea902aab56a7586222db43ddd2210b7ffe08d408f81aa5ae0865381f3deb9b010e373f049f030c98ef

    • SSDEEP

      1536:YYfPo4gNDuo5ES+2zwy78ROAYx/5SoqWyy0y:Bo/YUESgy7BAu/5SoqWyW

    Score
    10/10
    evasionpersistencetrojan

    • Modifies WinLogon for persistence

      persistence

    • Modifies visibility of file extensions in Explorer

      evasion

    • UAC bypass

      evasiontrojan

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

4
T1112

Credential Access

Discovery

Query Registry

1
T1012

Remote System Discovery

2
T1018

System Information Discovery

3
T1082

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Command and Control

Exfiltration

Impact

Tasks