Overview

overview

7

Static

static

3

d7075adfcc...18.exe

windows7-x64

7

d7075adfcc...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d7075adfcc49afbe54eeee05edea100a_JaffaCakes118

  • Size

    177KB

  • Sample

    240909-y26pkazdqg

  • MD5

    d7075adfcc49afbe54eeee05edea100a

  • SHA1

    24bd371222f356e171e404e9c2a41657e3751330

  • SHA256

    7d943ffefae587b007d4c320febbbbb37fb5508e0712eb05ae25622135a43944

  • SHA512

    508d8ded45be190a3b9146ab31fb1959f7efe33fc75f43a4b1bffe4296d16f4db8a2b9e329ac57a1b7489c5fd7b48046716d0bd92bba9b5cf5ea78e3ec1775a7

  • SSDEEP

    3072:y5VTs2dzJpdQ12drw4GwLW+ICXeMie6C2ot5TU1D7YUZrGhjAtzMO4GUF+G8oiAz:ybdzDq/31oM1D7YU0Iz54GUFgxAxqGB/

Score
7/10
discoverypersistencespywarestealer

Malware Config

Targets

    • Target

      d7075adfcc49afbe54eeee05edea100a_JaffaCakes118

    • Size

      177KB

    • MD5

      d7075adfcc49afbe54eeee05edea100a

    • SHA1

      24bd371222f356e171e404e9c2a41657e3751330

    • SHA256

      7d943ffefae587b007d4c320febbbbb37fb5508e0712eb05ae25622135a43944

    • SHA512

      508d8ded45be190a3b9146ab31fb1959f7efe33fc75f43a4b1bffe4296d16f4db8a2b9e329ac57a1b7489c5fd7b48046716d0bd92bba9b5cf5ea78e3ec1775a7

    • SSDEEP

      3072:y5VTs2dzJpdQ12drw4GwLW+ICXeMie6C2ot5TU1D7YUZrGhjAtzMO4GUF+G8oiAz:ybdzDq/31oM1D7YU0Iz54GUFgxAxqGB/

    Score
    7/10
    discoverypersistencespywarestealer

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks