Overview

overview

10

Static

static

3

dda73a0896...18.exe

windows7-x64

10

dda73a0896...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    dda73a0896d03d2b30eef967250fa6d1_JaffaCakes118

  • Size

    360KB

  • Sample

    240913-et5mrateml

  • MD5

    dda73a0896d03d2b30eef967250fa6d1

  • SHA1

    952909c7ad5ad665723bc9660dd47c4724203fd2

  • SHA256

    1407f082426382f4c40b1dad6f9a38562d82f8dbfe09bf82d0a0e60102790450

  • SHA512

    9ca8b118d3a9bf97bbded2d07c4ce0aef481e3a48004c1105e56ba346b1b8fa680d9bf8258c57d43b2c29ff11034a584a213d06faae196f1460ff31b2f40b30f

  • SSDEEP

    6144:wBVt4nzqGVbFNxDouQj8HJqLVxx4qNDM9HeU9hBFHDKh2PlokQGze:64nZVJNVNQjSYx/NDM9HeAhBJjl1Qce

Score
10/10
discoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://goo.gl/5ZjYus

Targets

    • Target

      dda73a0896d03d2b30eef967250fa6d1_JaffaCakes118

    • Size

      360KB

    • MD5

      dda73a0896d03d2b30eef967250fa6d1

    • SHA1

      952909c7ad5ad665723bc9660dd47c4724203fd2

    • SHA256

      1407f082426382f4c40b1dad6f9a38562d82f8dbfe09bf82d0a0e60102790450

    • SHA512

      9ca8b118d3a9bf97bbded2d07c4ce0aef481e3a48004c1105e56ba346b1b8fa680d9bf8258c57d43b2c29ff11034a584a213d06faae196f1460ff31b2f40b30f

    • SSDEEP

      6144:wBVt4nzqGVbFNxDouQj8HJqLVxx4qNDM9HeU9hBFHDKh2PlokQGze:64nZVJNVNQjSYx/NDM9HeAhBJjl1Qce

    Score
    10/10
    discoveryexecution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks