Overview

overview

8

Static

static

3

ebf8dc9682...18.dll

windows7-x64

8

ebf8dc9682...18.dll

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ebf8dc9682be5a0001e92ffbc4849f64_JaffaCakes118

  • Size

    60KB

  • Sample

    240919-xemshavcqn

  • MD5

    ebf8dc9682be5a0001e92ffbc4849f64

  • SHA1

    5d70607581a1e5d23dbc35bddd39c7752c7b1102

  • SHA256

    3047f5d1c1a7dc90c2c1bb9f8eccaf3b04678f58fc3b707e183f4148894f6ba4

  • SHA512

    0fa3da2c56215f1e97d4dc9e747df9e4262a583de98d79ce7e169612d6db916d664d5740c2e0da0a731b2a56de61f4bffa63d8d0ee0045703cca776b3c3fa9d0

  • SSDEEP

    768:WBZX+Nzp4mjNx4Ds4l6iE18++uWdB9GBc81f+Iw5BLJUXNPgH9nmscY:WPdc1inuWdB9r8YXPJY2BmscY

Score
8/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      ebf8dc9682be5a0001e92ffbc4849f64_JaffaCakes118

    • Size

      60KB

    • MD5

      ebf8dc9682be5a0001e92ffbc4849f64

    • SHA1

      5d70607581a1e5d23dbc35bddd39c7752c7b1102

    • SHA256

      3047f5d1c1a7dc90c2c1bb9f8eccaf3b04678f58fc3b707e183f4148894f6ba4

    • SHA512

      0fa3da2c56215f1e97d4dc9e747df9e4262a583de98d79ce7e169612d6db916d664d5740c2e0da0a731b2a56de61f4bffa63d8d0ee0045703cca776b3c3fa9d0

    • SSDEEP

      768:WBZX+Nzp4mjNx4Ds4l6iE18++uWdB9GBc81f+Iw5BLJUXNPgH9nmscY:WPdc1inuWdB9r8YXPJY2BmscY

    Score
    8/10
    discoverypersistenceprivilege_escalation

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

      persistenceprivilege_escalation

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks