Overview

overview

8

Static

static

3

c87060dfcf...18.exe

windows7-x64

8

c87060dfcf...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    c87060dfcf292e5d42761cbd82608405_JaffaCakes118

  • Size

    87KB

  • Sample

    240829-jdn3aasbpr

  • MD5

    c87060dfcf292e5d42761cbd82608405

  • SHA1

    37cf186ced270f84f1049b98a8833fe9a9c052b2

  • SHA256

    948f403f86df0d9f53c41d85a57e0a6ef79635fe3194920d1a0781152995e78a

  • SHA512

    ac8f93b31f268c71f493b54017d58add678b2f520c6b2e9858cab2d36812de3dde4f0df11b4071166aff643d529f3e2c996c7a149a01bd6b399520b8b70ce6c8

  • SSDEEP

    1536:naBmyNQAXrpqRvMaHUR5MJx2emFhfN8ewQG/hctKp3vflC6WcP8qu75hBp4b4Qd:nbyNPXrpqOaHURiJIeUfNIQs3vfl0cP3

Score
8/10
defense_evasiondiscoverypersistence

Malware Config

Targets

    • Target

      c87060dfcf292e5d42761cbd82608405_JaffaCakes118

    • Size

      87KB

    • MD5

      c87060dfcf292e5d42761cbd82608405

    • SHA1

      37cf186ced270f84f1049b98a8833fe9a9c052b2

    • SHA256

      948f403f86df0d9f53c41d85a57e0a6ef79635fe3194920d1a0781152995e78a

    • SHA512

      ac8f93b31f268c71f493b54017d58add678b2f520c6b2e9858cab2d36812de3dde4f0df11b4071166aff643d529f3e2c996c7a149a01bd6b399520b8b70ce6c8

    • SSDEEP

      1536:naBmyNQAXrpqRvMaHUR5MJx2emFhfN8ewQG/hctKp3vflC6WcP8qu75hBp4b4Qd:nbyNPXrpqOaHURiJIeUfNIQs3vfl0cP3

    Score
    8/10
    defense_evasiondiscoverypersistence

    • Server Software Component: Terminal Services DLL

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks