Overview

overview

7

Static

static

3

b33f1b9d59...18.exe

windows7-x64

7

b33f1b9d59...18.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    b33f1b9d59cd752a56b41ed9687793e0_JaffaCakes118

  • Size

    194KB

  • Sample

    240821-nckqpayfrr

  • MD5

    b33f1b9d59cd752a56b41ed9687793e0

  • SHA1

    c195e7858bcdace58f302f27a2996a89ec4f2793

  • SHA256

    a60d6247af46ae80515f179c406b07d4ce1f9705f13d98cd2c9114c7de1fd64f

  • SHA512

    7a8c7aeb1b546ef43b1ec322278e35310d0f410ea54277540f80849f12e67d1b245e246875b1971f84ec7e8c8a3feb950ddf6eec7426acec13d80fdb1186f44a

  • SSDEEP

    3072:U27BeCgrio6Fgq+hZSfp5qZf0oeHCc4LBtWvM:U6wC8hq9wVQzJU

Score
7/10
discoverypersistencespywarestealer

Malware Config

Targets

    • Target

      b33f1b9d59cd752a56b41ed9687793e0_JaffaCakes118

    • Size

      194KB

    • MD5

      b33f1b9d59cd752a56b41ed9687793e0

    • SHA1

      c195e7858bcdace58f302f27a2996a89ec4f2793

    • SHA256

      a60d6247af46ae80515f179c406b07d4ce1f9705f13d98cd2c9114c7de1fd64f

    • SHA512

      7a8c7aeb1b546ef43b1ec322278e35310d0f410ea54277540f80849f12e67d1b245e246875b1971f84ec7e8c8a3feb950ddf6eec7426acec13d80fdb1186f44a

    • SSDEEP

      3072:U27BeCgrio6Fgq+hZSfp5qZf0oeHCc4LBtWvM:U6wC8hq9wVQzJU

    Score
    7/10
    discoverypersistencespywarestealer

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks