Overview

overview

7

Static

static

3

ba789fd32c...18.exe

windows7-x64

7

ba789fd32c...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    ba789fd32cbe5b24ac51fd6e503ba7d7_JaffaCakes118

  • Size

    1.5MB

  • Sample

    240823-fsbtqawhkh

  • MD5

    ba789fd32cbe5b24ac51fd6e503ba7d7

  • SHA1

    7d6ac497593655cab4eb6bf68e35a833792ba9a7

  • SHA256

    68e49cf3235fcb625339a802b78fc026d3bb41a1b1aa8bd3442e1ddc5c7f7336

  • SHA512

    93c02672203a52896e9fb623a8a5d5ecc6edcb20f6774095b868098140d6a002c0158bcd3e8e0507a7db59bcbbab8fe101afe9a7758b05b31d6d6e479e68b485

  • SSDEEP

    24576:w+4lXmXZpTOMgLQbDnHbfWqartqyxCgJrozHCsXUD5CiMtXGGhMTyTHwahuj4nLv:wNKaRQbraq2qyqVUDA1PhpQa2YL1h

Score
7/10
discoveryevasionpersistence

Malware Config

Targets

    • Target

      ba789fd32cbe5b24ac51fd6e503ba7d7_JaffaCakes118

    • Size

      1.5MB

    • MD5

      ba789fd32cbe5b24ac51fd6e503ba7d7

    • SHA1

      7d6ac497593655cab4eb6bf68e35a833792ba9a7

    • SHA256

      68e49cf3235fcb625339a802b78fc026d3bb41a1b1aa8bd3442e1ddc5c7f7336

    • SHA512

      93c02672203a52896e9fb623a8a5d5ecc6edcb20f6774095b868098140d6a002c0158bcd3e8e0507a7db59bcbbab8fe101afe9a7758b05b31d6d6e479e68b485

    • SSDEEP

      24576:w+4lXmXZpTOMgLQbDnHbfWqartqyxCgJrozHCsXUD5CiMtXGGhMTyTHwahuj4nLv:wNKaRQbraq2qyqVUDA1PhpQa2YL1h

    Score
    7/10
    discoveryevasionpersistence

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks