Overview

overview

8

Static

static

3

81c7637fe8...18.exe

windows7-x64

8

81c7637fe8...18.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    81c7637fe815028c581bf881e880a094_JaffaCakes118

  • Size

    168KB

  • Sample

    240801-z9yjlawgml

  • MD5

    81c7637fe815028c581bf881e880a094

  • SHA1

    a715083c31926b55f7030c282bfdd2f21b121f7d

  • SHA256

    5f0c3bb3a8fca1f310a7e34902310824e68298b686129fcf2bf89a9c45b94cbd

  • SHA512

    6a23534be333fa08415cef47afe7d038e4f9aaebf0b3dbea75b74543f2a4bd92826082ffb191a605363d9b1ac9ace036b7e5a173fc109274a091de620a3f385b

  • SSDEEP

    1536:AgIMXN4czoLRpCt98SaE4cku5V72O0zR1VuCEWWAERIxpE+S:BBARzSaEkuj72rzR1VuzWWCW

Score
8/10
defense_evasiondiscoveryevasionpersistence

Malware Config

Targets

    • Target

      81c7637fe815028c581bf881e880a094_JaffaCakes118

    • Size

      168KB

    • MD5

      81c7637fe815028c581bf881e880a094

    • SHA1

      a715083c31926b55f7030c282bfdd2f21b121f7d

    • SHA256

      5f0c3bb3a8fca1f310a7e34902310824e68298b686129fcf2bf89a9c45b94cbd

    • SHA512

      6a23534be333fa08415cef47afe7d038e4f9aaebf0b3dbea75b74543f2a4bd92826082ffb191a605363d9b1ac9ace036b7e5a173fc109274a091de620a3f385b

    • SSDEEP

      1536:AgIMXN4czoLRpCt98SaE4cku5V72O0zR1VuCEWWAERIxpE+S:BBARzSaEkuj72rzR1VuzWWCW

    Score
    8/10
    defense_evasiondiscoveryevasionpersistence

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks