Overview

overview

10

Static

static

3

aca39079a9...18.exe

windows7-x64

10

aca39079a9...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aca39079a9cb09927b828f9f03a17939_JaffaCakes118

  • Size

    189KB

  • Sample

    240819-z8yg7szhjl

  • MD5

    aca39079a9cb09927b828f9f03a17939

  • SHA1

    495681cf78fcf59827e438b046b9e9dc31a4bc2c

  • SHA256

    b081aa1d84d9f7ab47b24fc234e4b30a4f353146f484c4e70abaad26fd7dbdd5

  • SHA512

    1b2a7d282e9f6cf7077f177b2cefa680be9c9c31a0684e211f8ce27f778193d7fd6fa04c6e546e906db27821fe9ee8c5f1acd245b78293cfcc2ed89e90dc5a21

  • SSDEEP

    3072:9nkkA5jMDre5E6Rtk1955yFa+vsK3UPGZ0Y/tprraxQFaFzBdJK+Aq:9kawm9558vlU80ktpraWFaFHJ4q

Score
10/10
discoveryevasiontrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    =-09876yuiop[]

Targets

    • Target

      aca39079a9cb09927b828f9f03a17939_JaffaCakes118

    • Size

      189KB

    • MD5

      aca39079a9cb09927b828f9f03a17939

    • SHA1

      495681cf78fcf59827e438b046b9e9dc31a4bc2c

    • SHA256

      b081aa1d84d9f7ab47b24fc234e4b30a4f353146f484c4e70abaad26fd7dbdd5

    • SHA512

      1b2a7d282e9f6cf7077f177b2cefa680be9c9c31a0684e211f8ce27f778193d7fd6fa04c6e546e906db27821fe9ee8c5f1acd245b78293cfcc2ed89e90dc5a21

    • SSDEEP

      3072:9nkkA5jMDre5E6Rtk1955yFa+vsK3UPGZ0Y/tprraxQFaFzBdJK+Aq:9kawm9558vlU80ktpraWFaFHJ4q

    Score
    10/10
    discoveryevasiontrojan

    • UAC bypass

      evasiontrojan

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks