Overview

overview

7

Static

static

3

fe0c73db3f...18.exe

windows7-x64

7

fe0c73db3f...18.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    fe0c73db3ffc3d68cb03639e21d5a4a8_JaffaCakes118

  • Size

    220KB

  • Sample

    240929-h8rwzsxdmd

  • MD5

    fe0c73db3ffc3d68cb03639e21d5a4a8

  • SHA1

    11006fe171f35bbaf6d165f024dea83337046082

  • SHA256

    9d52602a19c8cefa45bb27b1035164e669b06a243e077b1a76d02943d12d2ffe

  • SHA512

    0f7b89d7559adb9799ee7f245049532bf929a194f627938e97a1f02088824f7e0254cb56a8fa8b98884426f7dd5e7eab70317e82f34d2a64dc07950b3e698df4

  • SSDEEP

    3072:++5ePIFBWOcdQbD4jtlFg4Oov9tX0FBEAMg8s4Y75zx0EPn:++5PFsfSbDimov0Ul0575zxdf

Score
7/10
discoverypersistencespywarestealer

Malware Config

Targets

    • Target

      fe0c73db3ffc3d68cb03639e21d5a4a8_JaffaCakes118

    • Size

      220KB

    • MD5

      fe0c73db3ffc3d68cb03639e21d5a4a8

    • SHA1

      11006fe171f35bbaf6d165f024dea83337046082

    • SHA256

      9d52602a19c8cefa45bb27b1035164e669b06a243e077b1a76d02943d12d2ffe

    • SHA512

      0f7b89d7559adb9799ee7f245049532bf929a194f627938e97a1f02088824f7e0254cb56a8fa8b98884426f7dd5e7eab70317e82f34d2a64dc07950b3e698df4

    • SSDEEP

      3072:++5ePIFBWOcdQbD4jtlFg4Oov9tX0FBEAMg8s4Y75zx0EPn:++5PFsfSbDimov0Ul0575zxdf

    Score
    7/10
    discoverypersistencespywarestealer

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks