Overview

overview

7

Static

static

3

f6e099e46b...18.exe

windows7-x64

7

f6e099e46b...18.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    f6e099e46b35fb312caa30529d068940_JaffaCakes118

  • Size

    119KB

  • Sample

    240925-z546ks1fkf

  • MD5

    f6e099e46b35fb312caa30529d068940

  • SHA1

    53d65e84bf71ff5dc9833fe7bd7ca1161d4244c3

  • SHA256

    005d806db1872ff20a13f7a200c994eeee426a63c8512eeaffab202a1e5ea037

  • SHA512

    17fddf5546f5a463b1db23d66924592fd76339dd2808504e828b7ccf6c599738b47a24b9ed3a0675b4c01021d05a7f92cc0421370c67e47fbf073f5665463e55

  • SSDEEP

    768:gyhT6fJ3RzXcQ95LRMua722c3NBqE4E9nIWmwTnaCbPmyxLfXIj9:gyhu7zbJsILqdKndmwTaeHBg

Score
7/10
discoverypersistencespywarestealer

Malware Config

Targets

    • Target

      f6e099e46b35fb312caa30529d068940_JaffaCakes118

    • Size

      119KB

    • MD5

      f6e099e46b35fb312caa30529d068940

    • SHA1

      53d65e84bf71ff5dc9833fe7bd7ca1161d4244c3

    • SHA256

      005d806db1872ff20a13f7a200c994eeee426a63c8512eeaffab202a1e5ea037

    • SHA512

      17fddf5546f5a463b1db23d66924592fd76339dd2808504e828b7ccf6c599738b47a24b9ed3a0675b4c01021d05a7f92cc0421370c67e47fbf073f5665463e55

    • SSDEEP

      768:gyhT6fJ3RzXcQ95LRMua722c3NBqE4E9nIWmwTnaCbPmyxLfXIj9:gyhu7zbJsILqdKndmwTaeHBg

    Score
    7/10
    discoverypersistencespywarestealer

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks