Overview

overview

8

Static

static

3

a15afc2a3b...18.exe

windows7-x64

8

a15afc2a3b...18.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    a15afc2a3b09c8b7df5125f8828751f5_JaffaCakes118

  • Size

    548KB

  • Sample

    240817-f6gl5azarf

  • MD5

    a15afc2a3b09c8b7df5125f8828751f5

  • SHA1

    cd519a7d05fc7cd6139313b60d522005015f7ff5

  • SHA256

    2dfcf8a76f9885e3b61b2aba503dde8758c0028e4376d005aea6e2bd73b71b70

  • SHA512

    e96272bab7eb02374404dfba5ef764e48d63fe62ce34ffcaa8ac23b9ddf60c8f8d0859f6722ce09878175aaaf3395e3426cb5b87c533f18483bcb37e3e214328

  • SSDEEP

    12288:0MMnMMMMMtzyPJhi6YUbSHi1oe9miKMUyCl2nFuM2Aj3hSU:0MMnMMMMMtz6W6lb2Moe9miGyCaBFj3R

Score
8/10
discoveryevasionpersistence

Malware Config

Targets

    • Target

      a15afc2a3b09c8b7df5125f8828751f5_JaffaCakes118

    • Size

      548KB

    • MD5

      a15afc2a3b09c8b7df5125f8828751f5

    • SHA1

      cd519a7d05fc7cd6139313b60d522005015f7ff5

    • SHA256

      2dfcf8a76f9885e3b61b2aba503dde8758c0028e4376d005aea6e2bd73b71b70

    • SHA512

      e96272bab7eb02374404dfba5ef764e48d63fe62ce34ffcaa8ac23b9ddf60c8f8d0859f6722ce09878175aaaf3395e3426cb5b87c533f18483bcb37e3e214328

    • SSDEEP

      12288:0MMnMMMMMtzyPJhi6YUbSHi1oe9miKMUyCl2nFuM2Aj3hSU:0MMnMMMMMtz6W6lb2Moe9miGyCaBFj3R

    Score
    8/10
    discoveryevasionpersistence

    • Disables Task Manager via registry modification

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks