Overview

overview

7

Static

static

3

56c3018f2e...18.exe

windows7-x64

7

56c3018f2e...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    56c3018f2efae136f292a869f1d355c9_JaffaCakes118

  • Size

    646KB

  • Sample

    241018-ltcejasglj

  • MD5

    56c3018f2efae136f292a869f1d355c9

  • SHA1

    cf0e6bb9426d08377b7545b84ce0ffa3901563e7

  • SHA256

    bdfe58bd8475d62454e6c342e0a4739fe5fb0b90011bf3c08c99aee395c21601

  • SHA512

    751dec4a23b15859f005cc0776ef5075f13a395ea6e87cd65095aba8dc65666d88603db6c6197650d67218fcaa2c83fca1524f6d6f11155b83928b11b4a55f4c

  • SSDEEP

    768:46lJ40YEiiCGMGHG7e01yzx611pvy9BtNQJt/2e4fYsPI:Pk0Yhyr93NQJtZ36I

Score
7/10
credential_accesspersistencespywarestealer

Malware Config

Targets

    • Target

      56c3018f2efae136f292a869f1d355c9_JaffaCakes118

    • Size

      646KB

    • MD5

      56c3018f2efae136f292a869f1d355c9

    • SHA1

      cf0e6bb9426d08377b7545b84ce0ffa3901563e7

    • SHA256

      bdfe58bd8475d62454e6c342e0a4739fe5fb0b90011bf3c08c99aee395c21601

    • SHA512

      751dec4a23b15859f005cc0776ef5075f13a395ea6e87cd65095aba8dc65666d88603db6c6197650d67218fcaa2c83fca1524f6d6f11155b83928b11b4a55f4c

    • SSDEEP

      768:46lJ40YEiiCGMGHG7e01yzx611pvy9BtNQJt/2e4fYsPI:Pk0Yhyr93NQJtZ36I

    Score
    7/10
    credential_accesspersistencespywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks