Overview

overview

10

Static

static

3

865e43e66a...18.exe

windows7-x64

10

865e43e66a...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    865e43e66a1bd2fb7187c09d834ec7cc_JaffaCakes118

  • Size

    24KB

  • Sample

    240810-rhq2faxamg

  • MD5

    865e43e66a1bd2fb7187c09d834ec7cc

  • SHA1

    81ed323c314ea2152e58e60850ebab263a64e5a5

  • SHA256

    89b00ffcd0fea704c488cf949ec47b9286057dfb7e763be44d185218918dd682

  • SHA512

    376f5a2561837beff49733b73c89aa5e95461caddc16320d4d81ea435fd71be027e521bef8e5feff8a7b9143035793ef30797ba3139ac047d92bd7bde1725cfe

  • SSDEEP

    384:oPt32udhJEoDFLgAAq50Tait/glR+GmX2H4rPuuv4r/yTyw+7ol0eyHXZ6hMEHBk:ofEoDFLgDq50TaitOR+Gm346ywqeOZ6u

Score
10/10
discoveryevasionpersistencetrojan

Malware Config

Targets

    • Target

      865e43e66a1bd2fb7187c09d834ec7cc_JaffaCakes118

    • Size

      24KB

    • MD5

      865e43e66a1bd2fb7187c09d834ec7cc

    • SHA1

      81ed323c314ea2152e58e60850ebab263a64e5a5

    • SHA256

      89b00ffcd0fea704c488cf949ec47b9286057dfb7e763be44d185218918dd682

    • SHA512

      376f5a2561837beff49733b73c89aa5e95461caddc16320d4d81ea435fd71be027e521bef8e5feff8a7b9143035793ef30797ba3139ac047d92bd7bde1725cfe

    • SSDEEP

      384:oPt32udhJEoDFLgAAq50Tait/glR+GmX2H4rPuuv4r/yTyw+7ol0eyHXZ6hMEHBk:ofEoDFLgDq50TaitOR+Gm346ywqeOZ6u

    Score
    10/10
    discoveryevasionpersistencetrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks