Overview

overview

10

Static

static

10

012c009df4...18.exe

windows7-x64

10

012c009df4...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    012c009df4e8ea10bbf7954fcd4520cd_JaffaCakes118

  • Size

    1.6MB

  • Sample

    240727-1saa4szhrn

  • MD5

    012c009df4e8ea10bbf7954fcd4520cd

  • SHA1

    3cc9bbe9d40f0b0c4be7c295e4f8d6857a81d3e3

  • SHA256

    f7cca408f174e5d7b970fff33810fe2bdac8c0baf4c9472f398d90ce4e16ead0

  • SHA512

    1494899d48fb44ee5c39f615d3449f5bf1d6cefdfb580ad27221151a0edfa7b964d567cb4b5ff8a565dbf6221af2f843dcbf0cf796664e8c81669cca0be30797

  • SSDEEP

    24576:hxY3NtGUmJr+4Obxd+tPZSZ5iE6EhE9xY3NtGUmJr+4Obxd+tPZSZziE6EhE7:LY3buzMq0IY3buzMg0E

Score
10/10
fakeavdiscoveryfakeavpersistencespyware

Malware Config

Targets

    • Target

      012c009df4e8ea10bbf7954fcd4520cd_JaffaCakes118

    • Size

      1.6MB

    • MD5

      012c009df4e8ea10bbf7954fcd4520cd

    • SHA1

      3cc9bbe9d40f0b0c4be7c295e4f8d6857a81d3e3

    • SHA256

      f7cca408f174e5d7b970fff33810fe2bdac8c0baf4c9472f398d90ce4e16ead0

    • SHA512

      1494899d48fb44ee5c39f615d3449f5bf1d6cefdfb580ad27221151a0edfa7b964d567cb4b5ff8a565dbf6221af2f843dcbf0cf796664e8c81669cca0be30797

    • SSDEEP

      24576:hxY3NtGUmJr+4Obxd+tPZSZ5iE6EhE9xY3NtGUmJr+4Obxd+tPZSZziE6EhE7:LY3buzMq0IY3buzMg0E

    Score
    10/10
    fakeavdiscoveryfakeavpersistencespyware

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

      fakeavspywarefakeav

    • FakeAV payload

      fakeavspyware

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks