Overview

overview

10

Static

static

3

f6b6835d3f...18.exe

windows7-x64

10

f6b6835d3f...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    f6b6835d3f58f8ae4c25fec9fe564872_JaffaCakes118

  • Size

    252KB

  • Sample

    240925-x83e2swhpg

  • MD5

    f6b6835d3f58f8ae4c25fec9fe564872

  • SHA1

    67dcabd95302a89e69e05cbb2a4ea9475347fa66

  • SHA256

    586007cff9c0edce07e10dad4cdd6e0cc6e918a56dba985b4c64b6c81432d3d5

  • SHA512

    850492689c6acb619c7e3788985039754812c03f9d7c56aa100e35a9d7ebe95af2512889e793a5927a3086380080e8a69353115d5255df637db5da852881e812

  • SSDEEP

    3072:Vl0AZgYg9bVtgfzFHfzb51QRPr8GDiNQ:Vl9g59joFJyr8Gu

Score
10/10
discoveryevasionpersistence

Malware Config

Targets

    • Target

      f6b6835d3f58f8ae4c25fec9fe564872_JaffaCakes118

    • Size

      252KB

    • MD5

      f6b6835d3f58f8ae4c25fec9fe564872

    • SHA1

      67dcabd95302a89e69e05cbb2a4ea9475347fa66

    • SHA256

      586007cff9c0edce07e10dad4cdd6e0cc6e918a56dba985b4c64b6c81432d3d5

    • SHA512

      850492689c6acb619c7e3788985039754812c03f9d7c56aa100e35a9d7ebe95af2512889e793a5927a3086380080e8a69353115d5255df637db5da852881e812

    • SSDEEP

      3072:Vl0AZgYg9bVtgfzFHfzb51QRPr8GDiNQ:Vl9g59joFJyr8Gu

    Score
    10/10
    discoveryevasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks