Overview

overview

8

Static

static

3

43c8b0bbcc...18.exe

windows7-x64

8

43c8b0bbcc...18.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    43c8b0bbcc6257d09cc76110006535b8_JaffaCakes118

  • Size

    1012KB

  • Sample

    240714-amytea1grp

  • MD5

    43c8b0bbcc6257d09cc76110006535b8

  • SHA1

    59719792cbe3bd3272875eb34aa04febe4f86e35

  • SHA256

    62d8fdf51fb4f105edf0e3b14eb4c5b72285961a7fd1acc5bb8490b6e7ce8078

  • SHA512

    36a07fb5647f1fa7ab5a2865d746bf1a95f0d6b527a10e8ae45d53a59f1a247e175039e57ba4860f1ee127854f536e0f517d013d39d8a2b7d449ffafd0e6db6f

  • SSDEEP

    12288:Ny4odSslmBcfJe2uj2aEP4By18ZplYzQpgrrvMfwoz+UcF4YsUJ6RY5iK25thv8X:N0yBcjLa04BK8JaLMfwo2rsUJ8L8X

Score
8/10
evasionpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      43c8b0bbcc6257d09cc76110006535b8_JaffaCakes118

    • Size

      1012KB

    • MD5

      43c8b0bbcc6257d09cc76110006535b8

    • SHA1

      59719792cbe3bd3272875eb34aa04febe4f86e35

    • SHA256

      62d8fdf51fb4f105edf0e3b14eb4c5b72285961a7fd1acc5bb8490b6e7ce8078

    • SHA512

      36a07fb5647f1fa7ab5a2865d746bf1a95f0d6b527a10e8ae45d53a59f1a247e175039e57ba4860f1ee127854f536e0f517d013d39d8a2b7d449ffafd0e6db6f

    • SSDEEP

      12288:Ny4odSslmBcfJe2uj2aEP4By18ZplYzQpgrrvMfwoz+UcF4YsUJ6RY5iK25thv8X:N0yBcjLa04BK8JaLMfwo2rsUJ8L8X

    Score
    8/10
    evasionpersistenceprivilege_escalation

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

2
T1546

Netsh Helper DLL

1
T1546.007

Screensaver

1
T1546.002

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

2
T1546

Netsh Helper DLL

1
T1546.007

Screensaver

1
T1546.002

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks