Overview

overview

7

Static

static

1

30c7473bf9...18.exe

windows7-x64

7

30c7473bf9...18.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    30c7473bf95078d67bf3c085e646fda6_JaffaCakes118

  • Size

    320KB

  • Sample

    241010-tpw75szcrm

  • MD5

    30c7473bf95078d67bf3c085e646fda6

  • SHA1

    0f0fb6e51455985a259f65bf4caf70fa314eb182

  • SHA256

    a56378e94e672235543d5dd887b564d4b1cca0b2bb7a8be1919d82af3c791c40

  • SHA512

    5251bbba0a883dab9ac03cb2bad9eb2803ee0882d769ffb39e7eae7a18ccd951460cca57ef2b4a51ef92e28d579f74d3c81240f450d973f75a59e65f7d8cb626

  • SSDEEP

    6144:fVpAm6qyBu2vukCUT8AlG0KwCkspuJ2ViKpxQX34+ex:fklp+DwCkWG1KpxLZ

Score
7/10
discoverypersistencespywarestealer

Malware Config

Targets

    • Target

      30c7473bf95078d67bf3c085e646fda6_JaffaCakes118

    • Size

      320KB

    • MD5

      30c7473bf95078d67bf3c085e646fda6

    • SHA1

      0f0fb6e51455985a259f65bf4caf70fa314eb182

    • SHA256

      a56378e94e672235543d5dd887b564d4b1cca0b2bb7a8be1919d82af3c791c40

    • SHA512

      5251bbba0a883dab9ac03cb2bad9eb2803ee0882d769ffb39e7eae7a18ccd951460cca57ef2b4a51ef92e28d579f74d3c81240f450d973f75a59e65f7d8cb626

    • SSDEEP

      6144:fVpAm6qyBu2vukCUT8AlG0KwCkspuJ2ViKpxQX34+ex:fklp+DwCkWG1KpxLZ

    Score
    7/10
    discoverypersistencespywarestealer

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks