Overview

overview

7

Static

static

3

2ad0cffb36...18.exe

windows7-x64

7

2ad0cffb36...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    2ad0cffb368cbc3d1180a6d785bc57b3_JaffaCakes118

  • Size

    223KB

  • Sample

    241009-e3knyawgql

  • MD5

    2ad0cffb368cbc3d1180a6d785bc57b3

  • SHA1

    0e48e294b6438012774c9b4ad79da13194b80d2f

  • SHA256

    e1689068f88b6505b5ea37961b2de29a342806811d4a462f658cd3f7713df14c

  • SHA512

    3c462a9d7431a94677c64dd7c0693ab48e2c3ac2b508dd99c2e317bd6987046901155ac5e3af14714131c9557bf9b6e4cb8039d5fb3e61f6f9cb406b5990514f

  • SSDEEP

    6144:kIxRcHU0hCwjWRYuwBiMbua6CJY6y6Ucj9yakf:kMc16RYxBJuThyg

Score
7/10
discoveryevasionpersistenceprivilege_escalationspywarestealertrojan

Malware Config

Targets

    • Target

      2ad0cffb368cbc3d1180a6d785bc57b3_JaffaCakes118

    • Size

      223KB

    • MD5

      2ad0cffb368cbc3d1180a6d785bc57b3

    • SHA1

      0e48e294b6438012774c9b4ad79da13194b80d2f

    • SHA256

      e1689068f88b6505b5ea37961b2de29a342806811d4a462f658cd3f7713df14c

    • SHA512

      3c462a9d7431a94677c64dd7c0693ab48e2c3ac2b508dd99c2e317bd6987046901155ac5e3af14714131c9557bf9b6e4cb8039d5fb3e61f6f9cb406b5990514f

    • SSDEEP

      6144:kIxRcHU0hCwjWRYuwBiMbua6CJY6y6Ucj9yakf:kMc16RYxBJuThyg

    Score
    7/10
    discoveryevasionpersistenceprivilege_escalationspywarestealertrojan

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Modify Registry

2
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks