Overview

overview

10

Static

static

3

16b485d0bc...18.exe

windows7-x64

7

16b485d0bc...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    16b485d0bc1c593731cdf67189356fe5_JaffaCakes118

  • Size

    222KB

  • Sample

    241005-h6hwasserr

  • MD5

    16b485d0bc1c593731cdf67189356fe5

  • SHA1

    6c7d62cbad2fb47afbdc713188f0567fc407ddd2

  • SHA256

    88c1f8fe57fcf433da6d2855d13057d390066ad8469b878647842e637242427a

  • SHA512

    0c1a2486f1fc66b7dd3a44bdec2410af875cae7d21a17119695e196a261d25b5d93244d2885fab5070afe3e2c08d28063c64794bba0fd4b5081677949839964e

  • SSDEEP

    3072:Ydu0nEjbUQCN/bS0JPcTsCSI9EvMs/Oap4/kT4X9EiYo4X7M0B3mbVRfcE:QtydKPC3ScEvJ48stX4XXYbDfP

Score
10/10
defense_evasiondiscoveryevasionpersistenceupx

Malware Config

Targets

    • Target

      16b485d0bc1c593731cdf67189356fe5_JaffaCakes118

    • Size

      222KB

    • MD5

      16b485d0bc1c593731cdf67189356fe5

    • SHA1

      6c7d62cbad2fb47afbdc713188f0567fc407ddd2

    • SHA256

      88c1f8fe57fcf433da6d2855d13057d390066ad8469b878647842e637242427a

    • SHA512

      0c1a2486f1fc66b7dd3a44bdec2410af875cae7d21a17119695e196a261d25b5d93244d2885fab5070afe3e2c08d28063c64794bba0fd4b5081677949839964e

    • SSDEEP

      3072:Ydu0nEjbUQCN/bS0JPcTsCSI9EvMs/Oap4/kT4X9EiYo4X7M0B3mbVRfcE:QtydKPC3ScEvJ48stX4XXYbDfP

    Score
    10/10
    discoverypersistencedefense_evasionevasionupx

    • Modifies firewall policy service

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

3
T1112

Subvert Trust Controls

1
T1553

SIP and Trust Provider Hijacking

1
T1553.003

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks