Overview

overview

9

Static

static

3

beae90a4c4...18.exe

windows7-x64

beae90a4c4...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    beae90a4c4d0637f34b0c432a292e3d2_JaffaCakes118

  • Size

    437KB

  • Sample

    240824-qnqr7atfml

  • MD5

    beae90a4c4d0637f34b0c432a292e3d2

  • SHA1

    94d5a653a4010da4f76742dca992239bab4ac4ca

  • SHA256

    cbd589bd0b27a84befb4f8bd187cb842a0ea12a1bc79c507985229188f547220

  • SHA512

    33241e2ad2cf2a9b0c309eaa163868227c6b3d0e9ab039ac3b6b84483de7740f6ebbf86489b6c2a65ff08e5d1671a199cc7b1f9c985691edb62c2090f0f644bb

  • SSDEEP

    12288:OEC1Fo9faQp++gs7s7ytNr72gUxNBRh9:r9f/pMMs78UbB

Score
9/10
defense_evasiondiscoveryevasionpersistenceransomware

Malware Config

Targets

    • Target

      beae90a4c4d0637f34b0c432a292e3d2_JaffaCakes118

    • Size

      437KB

    • MD5

      beae90a4c4d0637f34b0c432a292e3d2

    • SHA1

      94d5a653a4010da4f76742dca992239bab4ac4ca

    • SHA256

      cbd589bd0b27a84befb4f8bd187cb842a0ea12a1bc79c507985229188f547220

    • SHA512

      33241e2ad2cf2a9b0c309eaa163868227c6b3d0e9ab039ac3b6b84483de7740f6ebbf86489b6c2a65ff08e5d1671a199cc7b1f9c985691edb62c2090f0f644bb

    • SSDEEP

      12288:OEC1Fo9faQp++gs7s7ytNr72gUxNBRh9:r9f/pMMs78UbB

    Score
    9/10
    defense_evasiondiscoveryevasionpersistenceransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Drops file in Drivers directory

    • Enables test signing to bypass driver trust controls

      Allows any signed driver to load without validation against a trusted certificate authority.

      defense_evasion

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks