Overview

overview

7

Static

static

3

The G-20 A...rm.exe

windows7-x64

7

The G-20 A...rm.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    3d2ec2507e39e7dd3acecd7ea2ed3baf_JaffaCakes118

  • Size

    40KB

  • Sample

    241013-cdf84stcmc

  • MD5

    3d2ec2507e39e7dd3acecd7ea2ed3baf

  • SHA1

    376865d1c0dc257d24fbc5e52b4b6f0769357bdb

  • SHA256

    861e227350329924ac2f94b3d9006662808af3de15e95c28c3d717c0c47f43ff

  • SHA512

    7b8303e0c607fdded27e447bcb616d18fd670836743918136ba2d339fa10b7337dfa106c8a2b4f8e57258344813d51baa9ca1ad1712b103a4484dd57466312d6

  • SSDEEP

    768:yvzw/CPxOHD1gYeZJrIf3FgwVlXFch/nyVrF75dvbkala+3RqTHe7RUB:yLhPqDmbrIf3aulvIaMkqre7aB

Score
7/10
defense_evasiondiscoverypersistence

Malware Config

Targets

    • Target

      The G-20 And IMF Reform.exe

    • Size

      113KB

    • MD5

      a0c70bda407c2c3c87101804a08a6929

    • SHA1

      166b9d6e0316e8b9678a0a3fc9cce940881943db

    • SHA256

      cfd482743da45910d815e524ccd51710d716243460a669967254e6acd6a26549

    • SHA512

      45621238bbab055182b153f6c5a066a95f2677ed55951ca3222af6837001ce70aa272e052c7b0f996e34ef1d18fafc63b350a3807b4a8535dbf786fd8bb27ab9

    • SSDEEP

      768:bObkBqK5nO4rGQzTGfqc33emu4v/eo4z7VP7LdGSu2HyTAzfMgTAzfM0CAPfHXcQ:bGNQhd54vVfs7KKMCA65OUAT0jMyR

    Score
    7/10
    defense_evasiondiscoverypersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks