Overview

overview

8

Static

static

3

fd85f3b244...18.exe

windows7-x64

8

fd85f3b244...18.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    fd85f3b244b167a869c319606021813b_JaffaCakes118

  • Size

    724KB

  • Sample

    240929-bqx7qathqn

  • MD5

    fd85f3b244b167a869c319606021813b

  • SHA1

    c63ec7aff4217dc99a19c47517e7bd7fdb13b787

  • SHA256

    8039db102cebe6ca2c438e477551850644994553021fdfcefde85f8217bd46a4

  • SHA512

    f99d558b4c081aee81187847ed411d7dca6e3dde4432c6c4b4ba5a9f7660a30b7712d015f8a653aeb1464cffef55a4d4bc0130a3f668df010edf01e5b40ccc6b

  • SSDEEP

    12288:V7VPFqnFVrohSHXIxxDSMYpEVPFrnQVrQhSMXIxxISMYph:JM4MXInSIvZDXIsSl

Score
8/10
discovery

Malware Config

Targets

    • Target

      fd85f3b244b167a869c319606021813b_JaffaCakes118

    • Size

      724KB

    • MD5

      fd85f3b244b167a869c319606021813b

    • SHA1

      c63ec7aff4217dc99a19c47517e7bd7fdb13b787

    • SHA256

      8039db102cebe6ca2c438e477551850644994553021fdfcefde85f8217bd46a4

    • SHA512

      f99d558b4c081aee81187847ed411d7dca6e3dde4432c6c4b4ba5a9f7660a30b7712d015f8a653aeb1464cffef55a4d4bc0130a3f668df010edf01e5b40ccc6b

    • SSDEEP

      12288:V7VPFqnFVrohSHXIxxDSMYpEVPFrnQVrQhSMXIxxISMYph:JM4MXInSIvZDXIsSl

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks