Overview

overview

8

Static

static

3

0e25cb51b2...18.exe

windows7-x64

8

0e25cb51b2...18.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    0e25cb51b2d0566c9ce2927f50cbee74_JaffaCakes118

  • Size

    65KB

  • Sample

    240625-p4et7atflk

  • MD5

    0e25cb51b2d0566c9ce2927f50cbee74

  • SHA1

    32dff88ee5dae6967bea7834bb3c65c70b3dcca1

  • SHA256

    4093535e7cdf6fb365af1b50216a7eb12784239272dfbf7f63ede6cb35d52103

  • SHA512

    dfc056eebe2e29d0d74ae496ec22a296e07500e027839792f0aa442688ea332e8e193b6353e8b4b3fc7fd22574b1f607528ff971c63715512e09428c402b0d74

  • SSDEEP

    1536:Kbu3OEBwI5538Lri+cm9c74FwyZrt9OajUSp1SROFPl0jO15:Kbu3DqI55385c3NGR9MRGl3

Score
8/10
defense_evasionevasionpersistence

Malware Config

Targets

    • Target

      0e25cb51b2d0566c9ce2927f50cbee74_JaffaCakes118

    • Size

      65KB

    • MD5

      0e25cb51b2d0566c9ce2927f50cbee74

    • SHA1

      32dff88ee5dae6967bea7834bb3c65c70b3dcca1

    • SHA256

      4093535e7cdf6fb365af1b50216a7eb12784239272dfbf7f63ede6cb35d52103

    • SHA512

      dfc056eebe2e29d0d74ae496ec22a296e07500e027839792f0aa442688ea332e8e193b6353e8b4b3fc7fd22574b1f607528ff971c63715512e09428c402b0d74

    • SSDEEP

      1536:Kbu3OEBwI5538Lri+cm9c74FwyZrt9OajUSp1SROFPl0jO15:Kbu3DqI55385c3NGR9MRGl3

    Score
    8/10
    defense_evasionevasionpersistence

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Disables use of System Restore points

      evasion

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

      defense_evasion

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks