Overview

overview

7

Static

static

3

306f8d1087...18.exe

windows7-x64

7

306f8d1087...18.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    306f8d1087a854ebf11c0bc491b74792_JaffaCakes118

  • Size

    199KB

  • Sample

    241010-r7lg9awfpp

  • MD5

    306f8d1087a854ebf11c0bc491b74792

  • SHA1

    07b606c9db42c16dd5d7e7ee99d220b14a8d6d52

  • SHA256

    a566e0b31a1aa1b8d13b3411a1675b7e4fafb3385a8c3845b1b25c24472423f4

  • SHA512

    dad214b193faf330076d8646f1ba47a1dfd216c162e4a18722b0e5f2f1c9009b87d943c50d1b42b8fe19f8e8331cc5d876e0a467be062f49a9950a48588a6598

  • SSDEEP

    3072:HiV+UVYZc11KP8LfREb9eXNzaHIdhHqeGFABib0w4DPJ9x7WqYTppJOf0Yhpzg:miyKPwfUEMRTAMGPJ9x7WqA/OfVg

Score
7/10
discoverypersistencespywarestealer

Malware Config

Targets

    • Target

      306f8d1087a854ebf11c0bc491b74792_JaffaCakes118

    • Size

      199KB

    • MD5

      306f8d1087a854ebf11c0bc491b74792

    • SHA1

      07b606c9db42c16dd5d7e7ee99d220b14a8d6d52

    • SHA256

      a566e0b31a1aa1b8d13b3411a1675b7e4fafb3385a8c3845b1b25c24472423f4

    • SHA512

      dad214b193faf330076d8646f1ba47a1dfd216c162e4a18722b0e5f2f1c9009b87d943c50d1b42b8fe19f8e8331cc5d876e0a467be062f49a9950a48588a6598

    • SSDEEP

      3072:HiV+UVYZc11KP8LfREb9eXNzaHIdhHqeGFABib0w4DPJ9x7WqYTppJOf0Yhpzg:miyKPwfUEMRTAMGPJ9x7WqA/OfVg

    Score
    7/10
    discoverypersistencespywarestealer

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks