Overview

overview

8

Static

static

3

749d6e169b...18.exe

windows7-x64

8

749d6e169b...18.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    749d6e169b1b9eb0eccd872fb74cf5d1_JaffaCakes118

  • Size

    269KB

  • Sample

    240726-stan9szbpf

  • MD5

    749d6e169b1b9eb0eccd872fb74cf5d1

  • SHA1

    650c3400402853ac0e781909e20bb31001e79288

  • SHA256

    b57d4e5ce347cd70089cb4ee66e7756330b6f65c870afaccebdc4cbf512e7e03

  • SHA512

    d429f861834b157d9f42191434c4471782974291f701ed9326f460725249da9adb7793fbebd21eb01fd98de912d117b65ec87720b76fccb84e3a192adfd4eb8e

  • SSDEEP

    6144:grEGCkgR0Qq97lDV0Os75EfbPFK5g3mBU5KXB7PDpqjP:uCBCQq5VZ9WgOyKXxPD07

Score
8/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      749d6e169b1b9eb0eccd872fb74cf5d1_JaffaCakes118

    • Size

      269KB

    • MD5

      749d6e169b1b9eb0eccd872fb74cf5d1

    • SHA1

      650c3400402853ac0e781909e20bb31001e79288

    • SHA256

      b57d4e5ce347cd70089cb4ee66e7756330b6f65c870afaccebdc4cbf512e7e03

    • SHA512

      d429f861834b157d9f42191434c4471782974291f701ed9326f460725249da9adb7793fbebd21eb01fd98de912d117b65ec87720b76fccb84e3a192adfd4eb8e

    • SSDEEP

      6144:grEGCkgR0Qq97lDV0Os75EfbPFK5g3mBU5KXB7PDpqjP:uCBCQq5VZ9WgOyKXxPD07

    Score
    8/10
    discoverypersistenceprivilege_escalation

    • Event Triggered Execution: AppCert DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppCert DLLs loaded into processes.

      persistenceprivilege_escalation

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks