Overview

overview

10

Static

static

3

2d57d5b3e5...18.exe

windows7-x64

1

2d57d5b3e5...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2d57d5b3e5f2c05975e55437b817fece_JaffaCakes118

  • Size

    73KB

  • Sample

    240708-wv5sksvakh

  • MD5

    2d57d5b3e5f2c05975e55437b817fece

  • SHA1

    5180e06065681f3f3636c0eb22631147aaf03968

  • SHA256

    8576a75c652dc9e6cd91c64aeeb3de8eedff58dea0ca89da19f36176314abfe4

  • SHA512

    0a9439f4a28c00590f67f47344668ec5f3210f4a28a4cb9d88ee77e9c79e6025701752674c529e6aff44d1c3e478d795c8ddf2ad89892b8b2f001f06fb2f8d69

  • SSDEEP

    1536:VW+0rI7A0w8J5eTUqN+I04zUD/8Jj2B0wOCnLDpCLk:X0rPuAAQ+Ie8JzwOCDpv

Score
10/10
defense_evasionevasionpersistence

Malware Config

Targets

    • Target

      2d57d5b3e5f2c05975e55437b817fece_JaffaCakes118

    • Size

      73KB

    • MD5

      2d57d5b3e5f2c05975e55437b817fece

    • SHA1

      5180e06065681f3f3636c0eb22631147aaf03968

    • SHA256

      8576a75c652dc9e6cd91c64aeeb3de8eedff58dea0ca89da19f36176314abfe4

    • SHA512

      0a9439f4a28c00590f67f47344668ec5f3210f4a28a4cb9d88ee77e9c79e6025701752674c529e6aff44d1c3e478d795c8ddf2ad89892b8b2f001f06fb2f8d69

    • SSDEEP

      1536:VW+0rI7A0w8J5eTUqN+I04zUD/8Jj2B0wOCnLDpCLk:X0rPuAAQ+Ie8JzwOCDpv

    Score
    10/10
    defense_evasionevasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Disables use of System Restore points

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

      defense_evasion

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks