Overview

overview

7

Static

static

3

a00fe918ff...18.exe

windows7-x64

7

a00fe918ff...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a00fe918ff084c9fc79df34f5b608324_JaffaCakes118

  • Size

    138KB

  • Sample

    240816-1nhrpaserp

  • MD5

    a00fe918ff084c9fc79df34f5b608324

  • SHA1

    15b341c9ba3b60bd89cb9d0429e50cbe95e9c509

  • SHA256

    badbc96d2550b110179ebc4800c3cdf6c7cc2507c29bcc5d659ecba21307888e

  • SHA512

    f681cfa838b99272b1d47879f39fe1b7654f50a4c048e5dc2b5b734320ad2679f4077f9531351176ca4898b416fce5bbbb99beeedaa0f5e4b6d016159de1ef75

  • SSDEEP

    3072:/caqyte6YV77snHLLxtAyaXOqdPNbnhW4IxZx5kCZuubFrhU1wKKrONmw:/caBtW77snHRTY7PNNW4IxZ7zbC0rONh

Score
7/10
discoverypersistencespywarestealer

Malware Config

Targets

    • Target

      a00fe918ff084c9fc79df34f5b608324_JaffaCakes118

    • Size

      138KB

    • MD5

      a00fe918ff084c9fc79df34f5b608324

    • SHA1

      15b341c9ba3b60bd89cb9d0429e50cbe95e9c509

    • SHA256

      badbc96d2550b110179ebc4800c3cdf6c7cc2507c29bcc5d659ecba21307888e

    • SHA512

      f681cfa838b99272b1d47879f39fe1b7654f50a4c048e5dc2b5b734320ad2679f4077f9531351176ca4898b416fce5bbbb99beeedaa0f5e4b6d016159de1ef75

    • SSDEEP

      3072:/caqyte6YV77snHLLxtAyaXOqdPNbnhW4IxZx5kCZuubFrhU1wKKrONmw:/caBtW77snHRTY7PNNW4IxZ7zbC0rONh

    Score
    7/10
    discoverypersistencespywarestealer

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks