Overview

overview

7

Static

static

3

81cc976724...18.exe

windows7-x64

7

81cc976724...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    81cc9767249f29c80138fb5d06cecb4c_JaffaCakes118

  • Size

    187KB

  • Sample

    240801-1dl2csxakp

  • MD5

    81cc9767249f29c80138fb5d06cecb4c

  • SHA1

    43516075d79d984b1139e9bf09d74beeac564488

  • SHA256

    32c8c88970559634f0d7ecf58f2e69077b6d646e50c96b1a8b035a1ca3f789ba

  • SHA512

    207c9ee472499a4e6db50fe9cbd05fdb63f6c9c707239db8b01c0b1c14247d2eddc8dfdeb0a84b105c82ca1cff0a412d504ea860c2b197474f150fd4c913c027

  • SSDEEP

    3072:c42SlppitxzLgqhkEhyyo/vFPL2hrzmSXy7tbGA0dLwoR3+nz:c4HlALLkqo+9XiNGA0dUoF+nz

Score
7/10
discoverypersistencespywarestealer

Malware Config

Targets

    • Target

      81cc9767249f29c80138fb5d06cecb4c_JaffaCakes118

    • Size

      187KB

    • MD5

      81cc9767249f29c80138fb5d06cecb4c

    • SHA1

      43516075d79d984b1139e9bf09d74beeac564488

    • SHA256

      32c8c88970559634f0d7ecf58f2e69077b6d646e50c96b1a8b035a1ca3f789ba

    • SHA512

      207c9ee472499a4e6db50fe9cbd05fdb63f6c9c707239db8b01c0b1c14247d2eddc8dfdeb0a84b105c82ca1cff0a412d504ea860c2b197474f150fd4c913c027

    • SSDEEP

      3072:c42SlppitxzLgqhkEhyyo/vFPL2hrzmSXy7tbGA0dLwoR3+nz:c4HlALLkqo+9XiNGA0dUoF+nz

    Score
    7/10
    discoverypersistencespywarestealer

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks