Overview

overview

8

Static

static

3

69c1c382c5...18.dll

windows7-x64

8

69c1c382c5...18.dll

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    69c1c382c503cdcdcf33f7d1a712078e_JaffaCakes118

  • Size

    338KB

  • Sample

    240724-byk75azhkp

  • MD5

    69c1c382c503cdcdcf33f7d1a712078e

  • SHA1

    db99df900e58b1fae8218b4ce2a370a8b02fa9c1

  • SHA256

    a16c68da94638876628939052c3ba971dd4c72575f60d1dec9054d0f2f1c3627

  • SHA512

    6800a91e80c1eec71ab02768a8d66efaace50f42b93d6968bcf06055695402a7e9addd487d2cd550b6775372918e82f51b559441306e41318e1649b681a57277

  • SSDEEP

    6144:st5V+ZAyHs3018cgdUkSfLtOnzlfeawK443zFeZXiR6jqHD0Lom8573L6Z:sJ+p4sEUtJOnzlfeY3zFuwoaILF8B3WZ

Score
8/10
defense_evasiondiscoverypersistence

Malware Config

Targets

    • Target

      69c1c382c503cdcdcf33f7d1a712078e_JaffaCakes118

    • Size

      338KB

    • MD5

      69c1c382c503cdcdcf33f7d1a712078e

    • SHA1

      db99df900e58b1fae8218b4ce2a370a8b02fa9c1

    • SHA256

      a16c68da94638876628939052c3ba971dd4c72575f60d1dec9054d0f2f1c3627

    • SHA512

      6800a91e80c1eec71ab02768a8d66efaace50f42b93d6968bcf06055695402a7e9addd487d2cd550b6775372918e82f51b559441306e41318e1649b681a57277

    • SSDEEP

      6144:st5V+ZAyHs3018cgdUkSfLtOnzlfeawK443zFeZXiR6jqHD0Lom8573L6Z:sJ+p4sEUtJOnzlfeY3zFuwoaILF8B3WZ

    Score
    8/10
    defense_evasiondiscoverypersistence

    • Blocklisted process makes network request

    • Server Software Component: Terminal Services DLL

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks