Overview

overview

10

Static

static

10

d440d843cc...18.msi

windows7-x64

d440d843cc...18.msi

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d440d843cc1c087ddf7ebf28acaf3256_JaffaCakes118

  • Size

    7.3MB

  • Sample

    240908-nk6m5atcjl

  • MD5

    d440d843cc1c087ddf7ebf28acaf3256

  • SHA1

    f5f7dd5c43ac8fcd0caf9bedfef6f48482113a83

  • SHA256

    9e20df0dae6e836dbd4dc3327b5bc76ce02cf824baa095dc26f364e620be034c

  • SHA512

    0f24acbd428e0adc9e59081bb679fef0bd1e8c92ac432d0a1f8e1646211466a67e70a52b44fb047127e5760628f965f5e399692ab52fdecbeee4b4066242826e

  • SSDEEP

    196608:OL+nswebsPdvfbtPJqNka37Nl+Pw9GSy2VxolA9qySL:OynTRtAlYdPSSG9qyS

Score
10/10
purplefoxdiscoverypersistenceprivilege_escalationrootkit

Malware Config

Targets

    • Target

      d440d843cc1c087ddf7ebf28acaf3256_JaffaCakes118

    • Size

      7.3MB

    • MD5

      d440d843cc1c087ddf7ebf28acaf3256

    • SHA1

      f5f7dd5c43ac8fcd0caf9bedfef6f48482113a83

    • SHA256

      9e20df0dae6e836dbd4dc3327b5bc76ce02cf824baa095dc26f364e620be034c

    • SHA512

      0f24acbd428e0adc9e59081bb679fef0bd1e8c92ac432d0a1f8e1646211466a67e70a52b44fb047127e5760628f965f5e399692ab52fdecbeee4b4066242826e

    • SSDEEP

      196608:OL+nswebsPdvfbtPJqNka37Nl+Pw9GSy2VxolA9qySL:OynTRtAlYdPSSG9qyS

    Score
    8/10
    discoverypersistenceprivilege_escalation

    • Drops file in Drivers directory

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks