Overview

overview

8

Static

static

7

4012045460...18.exe

windows7-x64

8

4012045460...18.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4012045460206ff1153ee15c957874e5_JaffaCakes118

  • Size

    149KB

  • Sample

    240713-ebs61avakk

  • MD5

    4012045460206ff1153ee15c957874e5

  • SHA1

    e5ce8eb6ffd88418e52e9ba6c781939dc6760838

  • SHA256

    5facb6ab81515930978b8aca1a70ff2c9a899b82b078f0a56108a64a37ea58e7

  • SHA512

    18d28132d6a4017b260d9e6b6d2a2f22488eb767e577763fcbaa245b3cb748a8711ef32488584bf12fabf91c51b5094aea3ea8090fc6582718e878001420245a

  • SSDEEP

    3072:vzYoutPgyj8gRXYhOLdhulE5Vuvy0VYZSagWM3ZP:bYoSPgQX1LSlQuvy0VYZkL

Score
8/10
defense_evasionevasionpersistenceupx

Malware Config

Targets

    • Target

      4012045460206ff1153ee15c957874e5_JaffaCakes118

    • Size

      149KB

    • MD5

      4012045460206ff1153ee15c957874e5

    • SHA1

      e5ce8eb6ffd88418e52e9ba6c781939dc6760838

    • SHA256

      5facb6ab81515930978b8aca1a70ff2c9a899b82b078f0a56108a64a37ea58e7

    • SHA512

      18d28132d6a4017b260d9e6b6d2a2f22488eb767e577763fcbaa245b3cb748a8711ef32488584bf12fabf91c51b5094aea3ea8090fc6582718e878001420245a

    • SSDEEP

      3072:vzYoutPgyj8gRXYhOLdhulE5Vuvy0VYZSagWM3ZP:bYoSPgQX1LSlQuvy0VYZkL

    Score
    8/10
    defense_evasionevasionpersistenceupx

    • Disables use of System Restore points

      evasion

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

      defense_evasion

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks