Overview

overview

10

Static

static

3

63f6fc5ae3...18.exe

windows7-x64

10

63f6fc5ae3...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    63f6fc5ae3b8b40c6fccb070f0f5f5c5_JaffaCakes118

  • Size

    136KB

  • Sample

    240722-t8gxkaxfqp

  • MD5

    63f6fc5ae3b8b40c6fccb070f0f5f5c5

  • SHA1

    23e29ebd227a0ef82acb4964c3ab262eecbda16a

  • SHA256

    a9c7ebba80b25983d74082441fdfd36effd70ef5b21bbcbe8a25c500075672b3

  • SHA512

    157a06015262801381e93092eb6bf91151f44e7e1c454c0e693b45f4f6cca98a7be2165b8c3cdedafaf66612be5a586c9985f05bbfdc36ceb9b2be3b4b6c4fb8

  • SSDEEP

    3072:BmUOCtwjBfQn7WbIqH0ybZBiOllyEmcP82+aVdOt66VGegmf:BmnQn7WbIqH0ybZBiOllyE5D+aVkjseN

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      63f6fc5ae3b8b40c6fccb070f0f5f5c5_JaffaCakes118

    • Size

      136KB

    • MD5

      63f6fc5ae3b8b40c6fccb070f0f5f5c5

    • SHA1

      23e29ebd227a0ef82acb4964c3ab262eecbda16a

    • SHA256

      a9c7ebba80b25983d74082441fdfd36effd70ef5b21bbcbe8a25c500075672b3

    • SHA512

      157a06015262801381e93092eb6bf91151f44e7e1c454c0e693b45f4f6cca98a7be2165b8c3cdedafaf66612be5a586c9985f05bbfdc36ceb9b2be3b4b6c4fb8

    • SSDEEP

      3072:BmUOCtwjBfQn7WbIqH0ybZBiOllyEmcP82+aVdOt66VGegmf:BmnQn7WbIqH0ybZBiOllyE5D+aVkjseN

    Score
    10/10
    evasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks