Overview

overview

8

Static

static

7

a2e2dad980...18.exe

windows7-x64

8

a2e2dad980...18.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    a2e2dad980092443d55679450ed6b42c_JaffaCakes118

  • Size

    76KB

  • Sample

    240817-rphzeazeme

  • MD5

    a2e2dad980092443d55679450ed6b42c

  • SHA1

    c9e8824652de4fe190cad6490c8fa5a6e63e8235

  • SHA256

    05bf55992355d409a899dc0e53bd897f2dbb050d25aa34bd8efd0f24be9ea117

  • SHA512

    193056ad85e77d466d34483693a6aaacf9310cab527401d27f8d2b61e8cb20cec9c22010dbc3ee2db8e970f3d394227389fe2653d971aced2d94e817b1e98838

  • SSDEEP

    1536:5NwNIcF9GsADrUsxUNSSFpKHOtcOoxiI8ItfqWX:ENdF0DXgGOqO+H8+qu

Score
8/10
aspackv2discoverypersistence

Malware Config

Targets

    • Target

      a2e2dad980092443d55679450ed6b42c_JaffaCakes118

    • Size

      76KB

    • MD5

      a2e2dad980092443d55679450ed6b42c

    • SHA1

      c9e8824652de4fe190cad6490c8fa5a6e63e8235

    • SHA256

      05bf55992355d409a899dc0e53bd897f2dbb050d25aa34bd8efd0f24be9ea117

    • SHA512

      193056ad85e77d466d34483693a6aaacf9310cab527401d27f8d2b61e8cb20cec9c22010dbc3ee2db8e970f3d394227389fe2653d971aced2d94e817b1e98838

    • SSDEEP

      1536:5NwNIcF9GsADrUsxUNSSFpKHOtcOoxiI8ItfqWX:ENdF0DXgGOqO+H8+qu

    Score
    8/10
    discoverypersistence

    • Server Software Component: Terminal Services DLL

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks