Overview

overview

9

Static

static

1

f58a4369b8...18.exe

windows7-x64

9

f58a4369b8...18.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    f58a4369b8176edbde4396dc977c9008_JaffaCakes118

  • Size

    579KB

  • Sample

    240925-jrpwqswhna

  • MD5

    f58a4369b8176edbde4396dc977c9008

  • SHA1

    87668d14910c1e1bb8bbea0c6363f76e664dcd09

  • SHA256

    30c69d91247f8a72a69e4d7c4bce3eafba40975e5890c23dc4dbe7c9a11afa73

  • SHA512

    d9e747b4907ab21406ce52bdf05f61b62efb087ea4f6599a8441625511c3b4e959f3610bc3e00e39434691ad76b818a38756239acffae90a28a39e9862dd0fb7

  • SSDEEP

    12288:SGtys4IM48XKzDogrFgPb1fNZsHirZnyBK2HVUMLPztyea4douxdSXMA:51Y48XKnoQgKHirZnyBK2HKMLLtz3OM

Score
9/10
discoveryevasionpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      f58a4369b8176edbde4396dc977c9008_JaffaCakes118

    • Size

      579KB

    • MD5

      f58a4369b8176edbde4396dc977c9008

    • SHA1

      87668d14910c1e1bb8bbea0c6363f76e664dcd09

    • SHA256

      30c69d91247f8a72a69e4d7c4bce3eafba40975e5890c23dc4dbe7c9a11afa73

    • SHA512

      d9e747b4907ab21406ce52bdf05f61b62efb087ea4f6599a8441625511c3b4e959f3610bc3e00e39434691ad76b818a38756239acffae90a28a39e9862dd0fb7

    • SSDEEP

      12288:SGtys4IM48XKzDogrFgPb1fNZsHirZnyBK2HVUMLPztyea4douxdSXMA:51Y48XKnoQgKHirZnyBK2HKMLLtz3OM

    Score
    9/10
    discoveryevasionpersistenceprivilege_escalation

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Adds policy Run key to start application

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Deletes itself

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks