Overview

overview

7

Static

static

3

9ef5bdc615...18.exe

windows7-x64

7

9ef5bdc615...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9ef5bdc61586c73eb4f775ab3bb16c9c_JaffaCakes118

  • Size

    261KB

  • Sample

    241126-bfhpaawkdz

  • MD5

    9ef5bdc61586c73eb4f775ab3bb16c9c

  • SHA1

    f9794ce350f231c5dc20c40a255128bc3147a76c

  • SHA256

    1c4e3fe2b33c66d0ff8e3375958b9c3c6df2fb43f133fb1e72803a69dd626dfc

  • SHA512

    90a92f1381ae5a408e84685e96269100e35884fbd39deb5028e97c1b5888e0f072a38104350c09790220aa6571603b7b69dc2997e6dfe873bbe495e714047145

  • SSDEEP

    3072:ZYUb5QoJ4g+Ri+Zj6Iz1ZdW4SrO7FSVpuc:ZY7xh6SZI4z7FSVpuc

Score
7/10
defense_evasiondiscovery

Malware Config

Targets

    • Target

      9ef5bdc61586c73eb4f775ab3bb16c9c_JaffaCakes118

    • Size

      261KB

    • MD5

      9ef5bdc61586c73eb4f775ab3bb16c9c

    • SHA1

      f9794ce350f231c5dc20c40a255128bc3147a76c

    • SHA256

      1c4e3fe2b33c66d0ff8e3375958b9c3c6df2fb43f133fb1e72803a69dd626dfc

    • SHA512

      90a92f1381ae5a408e84685e96269100e35884fbd39deb5028e97c1b5888e0f072a38104350c09790220aa6571603b7b69dc2997e6dfe873bbe495e714047145

    • SSDEEP

      3072:ZYUb5QoJ4g+Ri+Zj6Iz1ZdW4SrO7FSVpuc:ZY7xh6SZI4z7FSVpuc

    Score
    7/10
    defense_evasiondiscovery

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks