Overview

overview

7

Static

static

3

d57f9da6f6...18.exe

windows7-x64

7

d57f9da6f6...18.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    d57f9da6f6579f72d45f5003119b76d8_JaffaCakes118

  • Size

    170KB

  • Sample

    240909-cpjtdawhlq

  • MD5

    d57f9da6f6579f72d45f5003119b76d8

  • SHA1

    842711072af819ed5f69727d211ee97ab93f0c3a

  • SHA256

    c2d5639b198e0f3c35c6d4ead201ac28fb69a0134d793f8a351a7684dbbb74e8

  • SHA512

    abe597d041c344fe28bdd8642372a81a9001250681824c60ccae69771e825ced5ef0c4c3c27b7461a9b337e773bba838947587a39b6889e4a637434f2b037831

  • SSDEEP

    3072:DOp8KRaug8q9/ZXoOIeBBMLE0Y11rP3jHkvpoGoFjT7rEzmZ/B9Ww2CUQGO/bF0P:iCKRaczLE0oHkvpoGoqzY3zF0rth

Score
7/10
discoverypersistencespywarestealer

Malware Config

Targets

    • Target

      d57f9da6f6579f72d45f5003119b76d8_JaffaCakes118

    • Size

      170KB

    • MD5

      d57f9da6f6579f72d45f5003119b76d8

    • SHA1

      842711072af819ed5f69727d211ee97ab93f0c3a

    • SHA256

      c2d5639b198e0f3c35c6d4ead201ac28fb69a0134d793f8a351a7684dbbb74e8

    • SHA512

      abe597d041c344fe28bdd8642372a81a9001250681824c60ccae69771e825ced5ef0c4c3c27b7461a9b337e773bba838947587a39b6889e4a637434f2b037831

    • SSDEEP

      3072:DOp8KRaug8q9/ZXoOIeBBMLE0Y11rP3jHkvpoGoFjT7rEzmZ/B9Ww2CUQGO/bF0P:iCKRaczLE0oHkvpoGoqzY3zF0rth

    Score
    7/10
    discoverypersistencespywarestealer

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks