Overview

overview

8

Static

static

3

5c964b00f4...18.exe

windows7-x64

8

5c964b00f4...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5c964b00f42d449c70c160710f02bcb5_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240719-s66bpsybqm

  • MD5

    5c964b00f42d449c70c160710f02bcb5

  • SHA1

    1b49080b9e0826e7f17efa9d77443facd82e6fbf

  • SHA256

    d8ef5dee0a4b60e1d4988f7ecbd23e7de89e8a3e45e70f60cb472d6ff89c87df

  • SHA512

    9713ac29a55ce7ff10c7263f9da03a27a66f034476a3e8b286ba029195d61304ffee22d9e5663cc9be99f5418a788b84b2caeb6c4be62833a86757df1cd27b59

  • SSDEEP

    24576:dvLE+68vl9upnoIDUhkul/xdjFmJ3PUKvDNju03gX9KarXL:dvY+6clknvgbhFmJ3Pr9gX9KajL

Score
8/10
adwareevasionpersistenceprivilege_escalationstealerupx

Malware Config

Targets

    • Target

      5c964b00f42d449c70c160710f02bcb5_JaffaCakes118

    • Size

      1.3MB

    • MD5

      5c964b00f42d449c70c160710f02bcb5

    • SHA1

      1b49080b9e0826e7f17efa9d77443facd82e6fbf

    • SHA256

      d8ef5dee0a4b60e1d4988f7ecbd23e7de89e8a3e45e70f60cb472d6ff89c87df

    • SHA512

      9713ac29a55ce7ff10c7263f9da03a27a66f034476a3e8b286ba029195d61304ffee22d9e5663cc9be99f5418a788b84b2caeb6c4be62833a86757df1cd27b59

    • SSDEEP

      24576:dvLE+68vl9upnoIDUhkul/xdjFmJ3PUKvDNju03gX9KarXL:dvY+6clknvgbhFmJ3Pr9gX9KajL

    Score
    8/10
    adwareevasionpersistenceprivilege_escalationstealerupx

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

      persistenceprivilege_escalation

    • Modifies Windows Firewall

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Browser Extensions

1
T1176

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

2
T1546

AppInit DLLs

1
T1546.010

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

2
T1546

AppInit DLLs

1
T1546.010

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

3
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks