Overview

overview

8

Static

static

3

fb66fcee79...18.exe

windows7-x64

8

fb66fcee79...18.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    fb66fcee79fd0c4cc2dbe887b98bcda2_JaffaCakes118

  • Size

    287KB

  • Sample

    240928-dv2rtaxame

  • MD5

    fb66fcee79fd0c4cc2dbe887b98bcda2

  • SHA1

    740ebc60176513a1e1a614d5ba7824d7fc7ae0cb

  • SHA256

    0b75f331290973cdd4191225d46e064a84c42f58a71030669a2a65f364ff2317

  • SHA512

    29079a8097f698035323f989df918e2b68fa2cfcad76131c1945b4126d3cb92032c3707efc7849c3c86a6e7f6275320603c6f75a869d4036da4294b702b31ec8

  • SSDEEP

    6144:zxddq5R7YJZNLqKvDd5M5X6BfnkZ5vkNS9jMl:zZq5R7KNuCY5KBf8xkNl

Score
8/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      fb66fcee79fd0c4cc2dbe887b98bcda2_JaffaCakes118

    • Size

      287KB

    • MD5

      fb66fcee79fd0c4cc2dbe887b98bcda2

    • SHA1

      740ebc60176513a1e1a614d5ba7824d7fc7ae0cb

    • SHA256

      0b75f331290973cdd4191225d46e064a84c42f58a71030669a2a65f364ff2317

    • SHA512

      29079a8097f698035323f989df918e2b68fa2cfcad76131c1945b4126d3cb92032c3707efc7849c3c86a6e7f6275320603c6f75a869d4036da4294b702b31ec8

    • SSDEEP

      6144:zxddq5R7YJZNLqKvDd5M5X6BfnkZ5vkNS9jMl:zZq5R7KNuCY5KBf8xkNl

    Score
    8/10
    discoverypersistenceprivilege_escalation

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

      persistenceprivilege_escalation

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks