Overview

overview

8

Static

static

3

6a592a1c10...18.exe

windows7-x64

8

6a592a1c10...18.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    6a592a1c1086b0b826ed91d196d1c70d_JaffaCakes118

  • Size

    13KB

  • Sample

    240724-ftbv4szbmm

  • MD5

    6a592a1c1086b0b826ed91d196d1c70d

  • SHA1

    01c96f43d37dfeb7bc26a02b7f6660257856eb30

  • SHA256

    a4d12a2e65298f2ca358bfa05d9157932747f3372b7a92359b4bd7c3a687ba92

  • SHA512

    9f25a2d0c8aa43d191c773148d21b4b2fa2e4cc3cd5981e87666473bb410c97272e1e1e8f7ebe5d5e5ab1215853bbd2c1a3af035c386f978a8a25a96b0be33a1

  • SSDEEP

    384:wJ7NexQklUcQxb5K/vzslY69ZjhbYsD7TjY:cmQNcQxbqbslpKI7TjY

Score
8/10
adwaredefense_evasiondiscoverypersistencestealer

Malware Config

Targets

    • Target

      6a592a1c1086b0b826ed91d196d1c70d_JaffaCakes118

    • Size

      13KB

    • MD5

      6a592a1c1086b0b826ed91d196d1c70d

    • SHA1

      01c96f43d37dfeb7bc26a02b7f6660257856eb30

    • SHA256

      a4d12a2e65298f2ca358bfa05d9157932747f3372b7a92359b4bd7c3a687ba92

    • SHA512

      9f25a2d0c8aa43d191c773148d21b4b2fa2e4cc3cd5981e87666473bb410c97272e1e1e8f7ebe5d5e5ab1215853bbd2c1a3af035c386f978a8a25a96b0be33a1

    • SSDEEP

      384:wJ7NexQklUcQxb5K/vzslY69ZjhbYsD7TjY:cmQNcQxbqbslpKI7TjY

    Score
    8/10
    adwaredefense_evasiondiscoverypersistencestealer

    • Adds policy Run key to start application

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks