Overview

overview

7

Static

static

3

4d6ba37c7c...18.exe

windows7-x64

7

4d6ba37c7c...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    4d6ba37c7c16f6174534dab16056ba2b_JaffaCakes118

  • Size

    823KB

  • Sample

    240716-jr7fsavdrf

  • MD5

    4d6ba37c7c16f6174534dab16056ba2b

  • SHA1

    d5f2baff0fe0669b024ef93d3aae44ed830fa623

  • SHA256

    1cf630275f6f4073ba9dacd900fc9534ac81485682a23113e11a63a535c858da

  • SHA512

    cc6aca6739abb56cbed99858eaa193cedeb277c5b7dd30c5144432eaba1364435ba76b320e384e867de36e8bd45b72cd89b69f2ee7047051de6be5bd42b1fc4d

  • SSDEEP

    12288:LqSdxqNdaASdjqSdxqNdaASdjqSdxqNdaASdjqSdxqNdaASdjqSdxqNdaASdtyQZ:/H4aA8H4aA8H4aA8H4aA8H4aAInabi

Score
7/10
persistencespywarestealer

Malware Config

Targets

    • Target

      4d6ba37c7c16f6174534dab16056ba2b_JaffaCakes118

    • Size

      823KB

    • MD5

      4d6ba37c7c16f6174534dab16056ba2b

    • SHA1

      d5f2baff0fe0669b024ef93d3aae44ed830fa623

    • SHA256

      1cf630275f6f4073ba9dacd900fc9534ac81485682a23113e11a63a535c858da

    • SHA512

      cc6aca6739abb56cbed99858eaa193cedeb277c5b7dd30c5144432eaba1364435ba76b320e384e867de36e8bd45b72cd89b69f2ee7047051de6be5bd42b1fc4d

    • SSDEEP

      12288:LqSdxqNdaASdjqSdxqNdaASdjqSdxqNdaASdjqSdxqNdaASdjqSdxqNdaASdtyQZ:/H4aA8H4aA8H4aA8H4aA8H4aAInabi

    Score
    7/10
    persistencespywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks