Overview

overview

7

Static

static

3

cf31e5f86a...18.exe

windows7-x64

7

cf31e5f86a...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    cf31e5f86a2597674bdc0d20bf977d8e_JaffaCakes118

  • Size

    378KB

  • Sample

    240906-k6ejzsycjb

  • MD5

    cf31e5f86a2597674bdc0d20bf977d8e

  • SHA1

    115d96043f9921f1a021dac144882ab7df55b647

  • SHA256

    ca5cf4d992edd06dba1dc111bf62894c359d47127266f49a23904934c3939ef9

  • SHA512

    f3f84813871dc578d9fd2a59b50f53e8b5b16f7d9ceb43ac0c288d6a32b5bb49371d3b7f3e2e72f46c572f3aed0b4491a07518c35f09e9c78e70d2099b0fcd9b

  • SSDEEP

    6144:BfO9U+k6d/IVqQhPBDGfn8HGlNZJV3zer5pmJ/cSqIe3W2HJVOCaZQUdLeonr:c9UgtQhDHGV/KrTmJ/XqIem28QCDr

Score
7/10
discoverypersistence

Malware Config

Targets

    • Target

      cf31e5f86a2597674bdc0d20bf977d8e_JaffaCakes118

    • Size

      378KB

    • MD5

      cf31e5f86a2597674bdc0d20bf977d8e

    • SHA1

      115d96043f9921f1a021dac144882ab7df55b647

    • SHA256

      ca5cf4d992edd06dba1dc111bf62894c359d47127266f49a23904934c3939ef9

    • SHA512

      f3f84813871dc578d9fd2a59b50f53e8b5b16f7d9ceb43ac0c288d6a32b5bb49371d3b7f3e2e72f46c572f3aed0b4491a07518c35f09e9c78e70d2099b0fcd9b

    • SSDEEP

      6144:BfO9U+k6d/IVqQhPBDGfn8HGlNZJV3zer5pmJ/cSqIe3W2HJVOCaZQUdLeonr:c9UgtQhDHGV/KrTmJ/XqIem28QCDr

    Score
    7/10
    discoverypersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks