Overview

overview

10

Static

static

1

a26a4bd258...118.js

windows7-x64

10

a26a4bd258...118.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a26a4bd2586d13bca78597254180bf01_JaffaCakes118

  • Size

    982KB

  • Sample

    241126-rqr9ga1mdp

  • MD5

    a26a4bd2586d13bca78597254180bf01

  • SHA1

    911e9e29caa44600f547e26d94c98c61c94d2c16

  • SHA256

    1a4cd5bbbbd14dd406a54082778e8da2cbcea83e04fa05957f345daedaa5f7dd

  • SHA512

    fc137b3f78c357281573e7eb0ca3a3f1dc087460ef67b221f532b795ba50feea11d06efca230c59a8d368c18acffde384041ff290d5beae90f505b9d332f32a8

  • SSDEEP

    12288:28feM/AN7advmjFB6fsAp/cdeZLSNklJTTGzMj/PgU8qcS:28CNmdvmXSpwuGM7wS

Score
10/10
adwindexecutionpersistencetrojan

Malware Config

Targets

    • Target

      a26a4bd2586d13bca78597254180bf01_JaffaCakes118

    • Size

      982KB

    • MD5

      a26a4bd2586d13bca78597254180bf01

    • SHA1

      911e9e29caa44600f547e26d94c98c61c94d2c16

    • SHA256

      1a4cd5bbbbd14dd406a54082778e8da2cbcea83e04fa05957f345daedaa5f7dd

    • SHA512

      fc137b3f78c357281573e7eb0ca3a3f1dc087460ef67b221f532b795ba50feea11d06efca230c59a8d368c18acffde384041ff290d5beae90f505b9d332f32a8

    • SSDEEP

      12288:28feM/AN7advmjFB6fsAp/cdeZLSNklJTTGzMj/PgU8qcS:28CNmdvmXSpwuGM7wS

    Score
    10/10
    adwindexecutionpersistencetrojan

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

      trojanadwind

    • Adwind family

      adwind

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks