Overview

overview

8

Static

static

3

9ebbe7f3d0...18.exe

windows7-x64

8

9ebbe7f3d0...18.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9ebbe7f3d0d943ed49da5f96265456cc_JaffaCakes118

  • Size

    431KB

  • Sample

    241126-ajvycazrgj

  • MD5

    9ebbe7f3d0d943ed49da5f96265456cc

  • SHA1

    4805b176dcf5d84052ffde9c4cd14c7b6d8b08d2

  • SHA256

    6b73dba2d6e50f1bdc5bb31a8afef5f974180bf612353193a0cab3ac3b5ccac1

  • SHA512

    5ae5d9700c17af165fa3c68cb85ffb1689a5fa37e6207a4ed77bd3669e21c479b287bceefb713509903677fe10c0941f24d8296c0e2a5a8e2391d44629935e65

  • SSDEEP

    6144:Yg9R9ROR6ee9c8b0RsrJ3n0dK2NP0RHx8D98WTBPW8fF8oABm1nKw:tNeegqwKhHSDeWTRW8fdebw

Score
8/10
defense_evasiondiscoverypersistence

Malware Config

Targets

    • Target

      9ebbe7f3d0d943ed49da5f96265456cc_JaffaCakes118

    • Size

      431KB

    • MD5

      9ebbe7f3d0d943ed49da5f96265456cc

    • SHA1

      4805b176dcf5d84052ffde9c4cd14c7b6d8b08d2

    • SHA256

      6b73dba2d6e50f1bdc5bb31a8afef5f974180bf612353193a0cab3ac3b5ccac1

    • SHA512

      5ae5d9700c17af165fa3c68cb85ffb1689a5fa37e6207a4ed77bd3669e21c479b287bceefb713509903677fe10c0941f24d8296c0e2a5a8e2391d44629935e65

    • SSDEEP

      6144:Yg9R9ROR6ee9c8b0RsrJ3n0dK2NP0RHx8D98WTBPW8fF8oABm1nKw:tNeegqwKhHSDeWTRW8fdebw

    Score
    8/10
    defense_evasiondiscoverypersistence

    • Adds policy Run key to start application

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks