Overview

overview

8

Static

static

3

431d78aa27...18.exe

windows7-x64

8

431d78aa27...18.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    431d78aa27415e461ea853a8e28c6afe_JaffaCakes118

  • Size

    384KB

  • Sample

    240713-yl5sbsvdpp

  • MD5

    431d78aa27415e461ea853a8e28c6afe

  • SHA1

    0adb417abfe1f5d24f401678736921558074235b

  • SHA256

    abf5c7111a90c6308ceeca1101d86d1b1baecb12504d82c8ac0c5906f7a7fa92

  • SHA512

    724345a0ef6341d8d8987d7c782d281013b9207000cb629420bc1d918e64a99a6af5e7ec9050b57631cfc021517ffa88325552cffad80177c8b61ce9ce9a85de

  • SSDEEP

    12288:acewDe9wZoNQoZlzPTvjPeq2IfpJmHb+E5lHCPxqwbWSUO4FLhTpb7lGtyzgYB20:acewDeuZoNQoZlzPTvjPeq2IfpJmHb+0

Score
8/10
persistence

Malware Config

Targets

    • Target

      431d78aa27415e461ea853a8e28c6afe_JaffaCakes118

    • Size

      384KB

    • MD5

      431d78aa27415e461ea853a8e28c6afe

    • SHA1

      0adb417abfe1f5d24f401678736921558074235b

    • SHA256

      abf5c7111a90c6308ceeca1101d86d1b1baecb12504d82c8ac0c5906f7a7fa92

    • SHA512

      724345a0ef6341d8d8987d7c782d281013b9207000cb629420bc1d918e64a99a6af5e7ec9050b57631cfc021517ffa88325552cffad80177c8b61ce9ce9a85de

    • SSDEEP

      12288:acewDe9wZoNQoZlzPTvjPeq2IfpJmHb+E5lHCPxqwbWSUO4FLhTpb7lGtyzgYB20:acewDeuZoNQoZlzPTvjPeq2IfpJmHb+0

    Score
    8/10
    persistence

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks