Overview

overview

7

Static

static

3

73a9be4cdd...18.exe

windows7-x64

7

73a9be4cdd...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    73a9be4cdd221d0835cc2ebe1d796e2f_JaffaCakes118

  • Size

    2.7MB

  • Sample

    240726-mg5qzs1fpm

  • MD5

    73a9be4cdd221d0835cc2ebe1d796e2f

  • SHA1

    37307a293c1dd4fcfc70eb26dd2aaefd9761ab86

  • SHA256

    089bbbc623c7741f915a1fc0add4f9c10040e3d09bd227a23b7ff3281dd212ad

  • SHA512

    bed107fbb62cf736a91bea41bd71e2bf37ced786cb68aeb024bac5d198bd1c5d2dac71ec7b569480837ca2191d111aecac87389b376312a2679c07a8111aca44

  • SSDEEP

    49152:pFIfs9AQdR7f3GKo7E9lyuXa1y9AROUoHG055qNEO9lQ/l6CyYD:pyfs2Qb7oCyuh9AEfGdVQt/

Score
7/10
discoveryevasionpersistencetrojan

Malware Config

Targets

    • Target

      73a9be4cdd221d0835cc2ebe1d796e2f_JaffaCakes118

    • Size

      2.7MB

    • MD5

      73a9be4cdd221d0835cc2ebe1d796e2f

    • SHA1

      37307a293c1dd4fcfc70eb26dd2aaefd9761ab86

    • SHA256

      089bbbc623c7741f915a1fc0add4f9c10040e3d09bd227a23b7ff3281dd212ad

    • SHA512

      bed107fbb62cf736a91bea41bd71e2bf37ced786cb68aeb024bac5d198bd1c5d2dac71ec7b569480837ca2191d111aecac87389b376312a2679c07a8111aca44

    • SSDEEP

      49152:pFIfs9AQdR7f3GKo7E9lyuXa1y9AROUoHG055qNEO9lQ/l6CyYD:pyfs2Qb7oCyuh9AEfGdVQt/

    Score
    7/10
    discoveryevasionpersistencetrojan

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks