Overview

overview

10

Static

static

1

lnstall_2018.exe

windows7-x64

10

lnstall_2018.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    c04cc44f6e715198296a66ebba9fdac9_JaffaCakes118

  • Size

    234KB

  • Sample

    240825-jx627stejf

  • MD5

    c04cc44f6e715198296a66ebba9fdac9

  • SHA1

    cd8d73e28697690a934ee44ae0f9d27ab6dac20e

  • SHA256

    657508a7f14cc08a0dbeb02c86449e34bdf18ff0cd2453bb39b29eb757848a80

  • SHA512

    900b0c002d05d64ce507f3e5beda7e101c847c5b95f99157d11f79aac464f81b74de0e44b1b242f4fdd36c9c993a823e07c30bc6471274517a724749aad105d3

  • SSDEEP

    6144:fc7YnysGhs6z6AeolsJuobIzdudqZuEn1b6aAh4R07apkdzafMp:fc7Ynysks6uy2uLhudsuAbQw07i2zafM

Score
10/10
discoverypersistence

Malware Config

Targets

    • Target

      lnstall_2018.exe

    • Size

      354KB

    • MD5

      3d1534f954e977c4f947af1d3ee1e682

    • SHA1

      593e7cd29b730531d7a6ebcb923cfad5f9f79cb8

    • SHA256

      f2ffd830709e6d7361039706a15b37c031c6120b0fa405c86f33a96455049bb9

    • SHA512

      3b2e0cbe8f19307482c3b1c8164b159030f0ff64fccf011f7e9a1d202544a35ad6173f90d80f6a3d5b9e803a5218837b72e55f54e102cbcd285305254c9750ac

    • SSDEEP

      6144:vKDGzEKoXFolXSwkPSLkteJ0o+j9vi5nPs5K+nJP0i3JlMC:vKDGzDoXFG/+SLkW0dQnPRgJ8GMC

    Score
    10/10
    discoverypersistence

    • Modifies WinLogon for persistence

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks