Overview

overview

10

Static

static

7

ed367dab29...18.exe

windows7-x64

10

ed367dab29...18.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ed367dab295de456f86d3bb87c471bb3_JaffaCakes118

  • Size

    218KB

  • Sample

    240920-kf9mfaxgqn

  • MD5

    ed367dab295de456f86d3bb87c471bb3

  • SHA1

    47f28e25106ce0a8b2f55f767b2e90f927183319

  • SHA256

    c2f76ee6aa8f218e960926beb62fd69139eba55eee459f0651a98cc9ac806add

  • SHA512

    e24acf6fdddde4dc7aa8b9197fb7431045fd5320a90701c4c392cf77458827ce97f10bc5994679bfd37d9ec20f7092e6bc8b4872f39f92b064b7866f1df3f903

  • SSDEEP

    6144:nc+yiZtsqepeFe5bc2pIHhY18Nih7uawcs:n9y2tsqmmYbclHq1e+yawc

Score
10/10
defense_evasiondiscoveryevasionpersistencetrojanupx

Malware Config

Targets

    • Target

      ed367dab295de456f86d3bb87c471bb3_JaffaCakes118

    • Size

      218KB

    • MD5

      ed367dab295de456f86d3bb87c471bb3

    • SHA1

      47f28e25106ce0a8b2f55f767b2e90f927183319

    • SHA256

      c2f76ee6aa8f218e960926beb62fd69139eba55eee459f0651a98cc9ac806add

    • SHA512

      e24acf6fdddde4dc7aa8b9197fb7431045fd5320a90701c4c392cf77458827ce97f10bc5994679bfd37d9ec20f7092e6bc8b4872f39f92b064b7866f1df3f903

    • SSDEEP

      6144:nc+yiZtsqepeFe5bc2pIHhY18Nih7uawcs:n9y2tsqmmYbclHq1e+yawc

    Score
    10/10
    defense_evasiondiscoveryevasionpersistencetrojanupx

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Hide Artifacts: Hidden Files and Directories

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks