Overview

overview

7

Static

static

3

527815185e...18.exe

windows7-x64

7

527815185e...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    527815185e0a77f67985e4ad34a3aca6_JaffaCakes118

  • Size

    167KB

  • Sample

    241017-sk1t4asdkf

  • MD5

    527815185e0a77f67985e4ad34a3aca6

  • SHA1

    c67957d87d9291ee58c31d33c939965fc3cfc7ef

  • SHA256

    fa7059596ae2d973ceb94c161a1d781dbff61907f48e227bfb47dd4bbcf4c759

  • SHA512

    130884d8268359681e16322647c1a363fcadeddf145c922f8f701bc5ceb6024a52a6154fc0051be489e6be3e06e62d97f15a33e4a195cb45f6174c02e1a6de53

  • SSDEEP

    3072:+xY9O7jUpFUMMnMMMMMX7I7D6KGKdKTQO15+HCcoZsjh64uFuN0Cjmj36z0Nwaad:fOfUoMMnMMMMMaNGKmxFZw64+6s6z0Hw

Score
7/10
discoverypersistencespywarestealer

Malware Config

Targets

    • Target

      527815185e0a77f67985e4ad34a3aca6_JaffaCakes118

    • Size

      167KB

    • MD5

      527815185e0a77f67985e4ad34a3aca6

    • SHA1

      c67957d87d9291ee58c31d33c939965fc3cfc7ef

    • SHA256

      fa7059596ae2d973ceb94c161a1d781dbff61907f48e227bfb47dd4bbcf4c759

    • SHA512

      130884d8268359681e16322647c1a363fcadeddf145c922f8f701bc5ceb6024a52a6154fc0051be489e6be3e06e62d97f15a33e4a195cb45f6174c02e1a6de53

    • SSDEEP

      3072:+xY9O7jUpFUMMnMMMMMX7I7D6KGKdKTQO15+HCcoZsjh64uFuN0Cjmj36z0Nwaad:fOfUoMMnMMMMMaNGKmxFZw64+6s6z0Hw

    Score
    7/10
    discoverypersistencespywarestealer

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks