Overview

overview

10

Static

static

3

QISFJPGM_ARBIF.scr

windows7-x64

10

QISFJPGM_ARBIF.scr

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7d1b1731ec56031086d6641636bc749d_JaffaCakes118

  • Size

    2.6MB

  • Sample

    241029-3ebywstjbr

  • MD5

    7d1b1731ec56031086d6641636bc749d

  • SHA1

    05048a656505e45ff029f35a03cf7429fe5de87c

  • SHA256

    b0b4b41a0724ac69d6ff098c6bab58de8b531763d60b0e37c476bfc474a86bb9

  • SHA512

    b0594e32ddfcfbf2890f5a0d4e8d045a7b8a6fc8992508383703bfa38494725d4c450be6ef6560801cc50b8facff27f484a35db9552a61652f2a27518be14f39

  • SSDEEP

    49152:PQkYiu9HMId52FMR3tpp/PxPc28WhgHFSFaoZ4N5U7oi0Vnx/m3Nsw8RdQr2ypLw:4kBosAvpPxPc28eglSFaoY5W0LeStaWD

Score
10/10
banloadcredential_accessdiscoverydownloaderdropperpersistenceransomwarespywarestealertrojan

Malware Config

Targets

    • Target

      QISFJPGM_ARBIF.scr

    • Size

      2.7MB

    • MD5

      297d2bd9dd5c1564226782d263fa3818

    • SHA1

      619df94b29f9515d793a8e649f7c190f310cb3d7

    • SHA256

      6a6c4d018027348d7269631f8b40eb5462fd3ad61efdb7337a32ba5dbc82f11c

    • SHA512

      36f2406e0f1deec208dc31a8b21755523eb786865ec9e7ddc03505dd4e54adbbd7d26e460ad292f41f0d74bfbb68777b616c201edf0581eecd1c73b783f9023a

    • SSDEEP

      49152:bXz+x0ii0ZyT4BpIlFEFG93v4cVvn0o280hOHFSDkCZx/Nf8r+qBk/q8RZQNk2q9:bXz+OAmys/4cV8o28QOlSDkCD/s+i2jd

    Score
    10/10
    banloadcredential_accessdiscoverydownloaderdropperpersistenceransomwarespywarestealertrojan

    • Banload

      Banload variants download malicious files, then install and execute the files.

      trojandropperdownloaderbanload

    • Banload family

      banload

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks