Overview

overview

7

Static

static

3

0c1c2437f3...18.exe

windows7-x64

7

0c1c2437f3...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    0c1c2437f349eb85dbb0c72cf102024b_JaffaCakes118

  • Size

    1.3MB

  • Sample

    241002-xt72zssbkn

  • MD5

    0c1c2437f349eb85dbb0c72cf102024b

  • SHA1

    aff8c57c22f088327814f563074d92b1d14f89a4

  • SHA256

    cd5bf8da3750cffec1d2cbd37d7dc6c0cb894c45bedad5ae320539932be1f56f

  • SHA512

    7159588d39d804921d59a72b85643d1e97f47f8c16ecf72ab910eac78acd5ec6aa44990d749079683838e167af4f568ff2906773da4982e2680ba1ef558b3ef9

  • SSDEEP

    24576:GvwQyBaWnBCqyaaNCM2OAjfXQLCDpavxhrTaqbHLMvdURlqccnL:GvlyBaWntyrNBlAzXQO9QB+2Mvq8L

Score
7/10
discoverypersistence

Malware Config

Targets

    • Target

      0c1c2437f349eb85dbb0c72cf102024b_JaffaCakes118

    • Size

      1.3MB

    • MD5

      0c1c2437f349eb85dbb0c72cf102024b

    • SHA1

      aff8c57c22f088327814f563074d92b1d14f89a4

    • SHA256

      cd5bf8da3750cffec1d2cbd37d7dc6c0cb894c45bedad5ae320539932be1f56f

    • SHA512

      7159588d39d804921d59a72b85643d1e97f47f8c16ecf72ab910eac78acd5ec6aa44990d749079683838e167af4f568ff2906773da4982e2680ba1ef558b3ef9

    • SSDEEP

      24576:GvwQyBaWnBCqyaaNCM2OAjfXQLCDpavxhrTaqbHLMvdURlqccnL:GvlyBaWntyrNBlAzXQO9QB+2Mvq8L

    Score
    7/10
    discoverypersistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks