Overview

overview

7

Static

static

1

fb2b92d009...18.exe

windows7-x64

7

fb2b92d009...18.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    fb2b92d00900a52901665ec5e0bdca07_JaffaCakes118

  • Size

    105KB

  • Sample

    240928-arg2fszcqc

  • MD5

    fb2b92d00900a52901665ec5e0bdca07

  • SHA1

    1621301467443d0c8b616af2126a6b05838af82d

  • SHA256

    85f52727f8de0d44acc6d3c4a83abd08ccbbe64d29072017e5b943a15c5edc0d

  • SHA512

    51d5eefe7cf101c0573e9acc52aa9f063a9d3cfd75467ca4dcc227bd4f1d49b093b778f2cf438a4da566ecf318f75244fac561fbafd0cf074c09df3a111a4ae4

  • SSDEEP

    3072:JZUFuthmo5bKmQ+BZfoRWQOCYdmZ5JAio:JuFzoNQ+zbcamQv

Score
7/10
discoverypersistencespywarestealer

Malware Config

Targets

    • Target

      fb2b92d00900a52901665ec5e0bdca07_JaffaCakes118

    • Size

      105KB

    • MD5

      fb2b92d00900a52901665ec5e0bdca07

    • SHA1

      1621301467443d0c8b616af2126a6b05838af82d

    • SHA256

      85f52727f8de0d44acc6d3c4a83abd08ccbbe64d29072017e5b943a15c5edc0d

    • SHA512

      51d5eefe7cf101c0573e9acc52aa9f063a9d3cfd75467ca4dcc227bd4f1d49b093b778f2cf438a4da566ecf318f75244fac561fbafd0cf074c09df3a111a4ae4

    • SSDEEP

      3072:JZUFuthmo5bKmQ+BZfoRWQOCYdmZ5JAio:JuFzoNQ+zbcamQv

    Score
    7/10
    discoverypersistencespywarestealer

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks