Overview

overview

8

Static

static

1

d514a49b02...18.exe

windows7-x64

8

d514a49b02...18.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d514a49b0256b869727825c3ff7cd178_JaffaCakes118

  • Size

    255KB

  • Sample

    240908-zr1agavdrq

  • MD5

    d514a49b0256b869727825c3ff7cd178

  • SHA1

    3229a2f1b8be3c462c0d8a7f2a0d01899e2a07dd

  • SHA256

    ef2cef56fbf5130dc87bed999cbc5c1b1ddf90b76b24e37fa1bebd3ac58b0515

  • SHA512

    913445e33cc51dc341b7bf9f763130c40cf4de747c409f6420dc2b4635a62d84fa5f68291bbefb3a783328b76a0b5d04069bebe709006a4dbc53f07f6967bfa5

  • SSDEEP

    6144:aOfb2aUrJ4ntkrbh/7ZbZMWzpBmoz7010phdf:aO6aUVWkV7ZbZxbmi010phdf

Score
8/10
defense_evasiondiscoverypersistence

Malware Config

Targets

    • Target

      d514a49b0256b869727825c3ff7cd178_JaffaCakes118

    • Size

      255KB

    • MD5

      d514a49b0256b869727825c3ff7cd178

    • SHA1

      3229a2f1b8be3c462c0d8a7f2a0d01899e2a07dd

    • SHA256

      ef2cef56fbf5130dc87bed999cbc5c1b1ddf90b76b24e37fa1bebd3ac58b0515

    • SHA512

      913445e33cc51dc341b7bf9f763130c40cf4de747c409f6420dc2b4635a62d84fa5f68291bbefb3a783328b76a0b5d04069bebe709006a4dbc53f07f6967bfa5

    • SSDEEP

      6144:aOfb2aUrJ4ntkrbh/7ZbZMWzpBmoz7010phdf:aO6aUVWkV7ZbZxbmi010phdf

    Score
    8/10
    defense_evasiondiscoverypersistence

    • Server Software Component: Terminal Services DLL

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks