Overview

overview

7

Static

static

3

379fe08180...18.exe

windows7-x64

7

379fe08180...18.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    379fe081805a9c374a58af723249cdab_JaffaCakes118

  • Size

    171KB

  • Sample

    240711-ekgjkazhle

  • MD5

    379fe081805a9c374a58af723249cdab

  • SHA1

    36705f0ab555be2fb26e9ac889746828e27e4148

  • SHA256

    ec98c7ef56c1f16d95df010ee8fbc1b14de375d50fb48c1ac1319f8e7079a7da

  • SHA512

    19adc215e41b5adc1d9c628537f9e992725b0a97157a314ee279cb98c9e45643aab98c3ffe5abfdb6d37fa60f50a96ffb4aa70d7228251d2df024f63e7555d6a

  • SSDEEP

    3072:t/9gV7p0RDfJgkhmeXcjMuLePApweeSlDJVk04pj/cA4BKwvHExs93oQ:zs7pKfJguFapePdeeqFefvwvkxs

Score
7/10
discoverypersistencespywarestealer

Malware Config

Targets

    • Target

      379fe081805a9c374a58af723249cdab_JaffaCakes118

    • Size

      171KB

    • MD5

      379fe081805a9c374a58af723249cdab

    • SHA1

      36705f0ab555be2fb26e9ac889746828e27e4148

    • SHA256

      ec98c7ef56c1f16d95df010ee8fbc1b14de375d50fb48c1ac1319f8e7079a7da

    • SHA512

      19adc215e41b5adc1d9c628537f9e992725b0a97157a314ee279cb98c9e45643aab98c3ffe5abfdb6d37fa60f50a96ffb4aa70d7228251d2df024f63e7555d6a

    • SSDEEP

      3072:t/9gV7p0RDfJgkhmeXcjMuLePApweeSlDJVk04pj/cA4BKwvHExs93oQ:zs7pKfJguFapePdeeqFefvwvkxs

    Score
    7/10
    discoverypersistencespywarestealer

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks