Overview

overview

7

Static

static

3

d016a532dc...18.exe

windows7-x64

7

d016a532dc...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d016a532dc7b306065aa2c08ba393c82_JaffaCakes118

  • Size

    150KB

  • Sample

    240906-v57t9ayhmn

  • MD5

    d016a532dc7b306065aa2c08ba393c82

  • SHA1

    1323142737880e4d06e2eaf71a29fcc069480a86

  • SHA256

    ae5236be1be78c4c2a3c372c76f3fa68586f562cac97662e1de5d8d84f381868

  • SHA512

    fa5452269f15569f0fbc005e53a337822f15dc6a55cd72bff3db3446a83eea22d7923c4197605120a4fe008869557ae2dddfe6ceb3a9c24b15ea455c002d3d85

  • SSDEEP

    3072:ffyn69zh7BYoUPtvMPdK990Ur8AHXTMJ4VsVdPEDWH/AqCcKGX:fK6RjYoUPt70UBZGh3dCaX

Score
7/10
discoverypersistencespywarestealer

Malware Config

Targets

    • Target

      d016a532dc7b306065aa2c08ba393c82_JaffaCakes118

    • Size

      150KB

    • MD5

      d016a532dc7b306065aa2c08ba393c82

    • SHA1

      1323142737880e4d06e2eaf71a29fcc069480a86

    • SHA256

      ae5236be1be78c4c2a3c372c76f3fa68586f562cac97662e1de5d8d84f381868

    • SHA512

      fa5452269f15569f0fbc005e53a337822f15dc6a55cd72bff3db3446a83eea22d7923c4197605120a4fe008869557ae2dddfe6ceb3a9c24b15ea455c002d3d85

    • SSDEEP

      3072:ffyn69zh7BYoUPtvMPdK990Ur8AHXTMJ4VsVdPEDWH/AqCcKGX:fK6RjYoUPt70UBZGh3dCaX

    Score
    7/10
    discoverypersistencespywarestealer

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Network Share Discovery

      Attempt to gather information on host network.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks