Overview

overview

7

Static

static

1

3406b37e3f...18.exe

windows7-x64

7

3406b37e3f...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    3406b37e3f2f3e463119a65f49198222_JaffaCakes118

  • Size

    876KB

  • Sample

    240710-knmgwaxgrk

  • MD5

    3406b37e3f2f3e463119a65f49198222

  • SHA1

    8e9c476468f24fbcbf2f2cc64c70da208ee1edf3

  • SHA256

    48a80366f7e52363535c9f3e836bcaa77b13808ecd57f95ba0c72c690b9f0377

  • SHA512

    8383b9dbfdcaa1d4c99bcdc538e8594b4a114109e66bf7953bfc25aa2859b619ebd5dc4039d7c0d19012a61a2d3128ec99093b683308eda8150c5bc0636ed8d2

  • SSDEEP

    24576:ZaGGOLdMfkd9kf2YFfLqxIWPVdBI5kgx+mbW:GOLE8kDNLqxv9lma

Score
7/10
persistencespywarestealer

Malware Config

Targets

    • Target

      3406b37e3f2f3e463119a65f49198222_JaffaCakes118

    • Size

      876KB

    • MD5

      3406b37e3f2f3e463119a65f49198222

    • SHA1

      8e9c476468f24fbcbf2f2cc64c70da208ee1edf3

    • SHA256

      48a80366f7e52363535c9f3e836bcaa77b13808ecd57f95ba0c72c690b9f0377

    • SHA512

      8383b9dbfdcaa1d4c99bcdc538e8594b4a114109e66bf7953bfc25aa2859b619ebd5dc4039d7c0d19012a61a2d3128ec99093b683308eda8150c5bc0636ed8d2

    • SSDEEP

      24576:ZaGGOLdMfkd9kf2YFfLqxIWPVdBI5kgx+mbW:GOLE8kDNLqxv9lma

    Score
    7/10
    persistencespywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks