Overview

overview

8

Static

static

3

382af56f07...18.exe

windows7-x64

8

382af56f07...18.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    382af56f07093801a0ebdc5dd3591c14_JaffaCakes118

  • Size

    16.6MB

  • Sample

    240711-h1mbjaxeqa

  • MD5

    382af56f07093801a0ebdc5dd3591c14

  • SHA1

    2463e605cf9a141097dd55757a0924a7991d6cb2

  • SHA256

    da7753e918cd9724db7460f148f52c1ed9d82a26f0d52996db07e4a0265f6d95

  • SHA512

    d454863bb9ab6e568d0cea00c1c96756dc35d98a20bd6499f38572cb465d4cd1e29d9d24ce6d37f1cdd873e47b876985d4790e4a9628db961b056227ad064158

  • SSDEEP

    393216:uJjS/1DWcbM4UUx/ldheoiv8S13gFtyLLsJ2rKXs49Lun:MjSNWcQ4zzzivj13gFwDKc49Lun

Score
8/10
discoveryevasionpersistenceprivilege_escalationspywarestealertrojan

Malware Config

Targets

    • Target

      382af56f07093801a0ebdc5dd3591c14_JaffaCakes118

    • Size

      16.6MB

    • MD5

      382af56f07093801a0ebdc5dd3591c14

    • SHA1

      2463e605cf9a141097dd55757a0924a7991d6cb2

    • SHA256

      da7753e918cd9724db7460f148f52c1ed9d82a26f0d52996db07e4a0265f6d95

    • SHA512

      d454863bb9ab6e568d0cea00c1c96756dc35d98a20bd6499f38572cb465d4cd1e29d9d24ce6d37f1cdd873e47b876985d4790e4a9628db961b056227ad064158

    • SSDEEP

      393216:uJjS/1DWcbM4UUx/ldheoiv8S13gFtyLLsJ2rKXs49Lun:MjSNWcQ4zzzivj13gFwDKc49Lun

    Score
    8/10
    discoveryevasionpersistenceprivilege_escalationspywarestealertrojan

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Server Software Component: Terminal Services DLL

      persistence

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks