Overview

overview

10

Static

static

3

JaffaCakes...95.exe

windows7-x64

10

JaffaCakes...95.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_fe5305ac9b45b6412c37261e98c800ba41f6aa81983857617a583d83cd1a4a95

  • Size

    675.6MB

  • Sample

    241229-m4gyfazmhs

  • MD5

    bfc978473146936f253327e81faee0fd

  • SHA1

    988e39e5e53ea29459fc8049cac4c2e51ab34090

  • SHA256

    fe5305ac9b45b6412c37261e98c800ba41f6aa81983857617a583d83cd1a4a95

  • SHA512

    96a6aa5d8dd9f130a19a81cd52844c63a743dd12637fff55e5af750509bba8a91cd51910c6aee6e37099be6f381b7cb92f79fe189b3fe8eb84af6aea47ff68fd

  • SSDEEP

    49152:aGzhmoSjcFNMcbm0dLovfFYvx7WA+0b7Gsr04TSfZeU69PX8hm50gpdnLosp:aG9mVSysLWFmLGR9fAUo0gpdnLosp

Score
10/10
netsupportdiscoveryrat

Malware Config

Targets

    • Target

      JaffaCakes118_fe5305ac9b45b6412c37261e98c800ba41f6aa81983857617a583d83cd1a4a95

    • Size

      675.6MB

    • MD5

      bfc978473146936f253327e81faee0fd

    • SHA1

      988e39e5e53ea29459fc8049cac4c2e51ab34090

    • SHA256

      fe5305ac9b45b6412c37261e98c800ba41f6aa81983857617a583d83cd1a4a95

    • SHA512

      96a6aa5d8dd9f130a19a81cd52844c63a743dd12637fff55e5af750509bba8a91cd51910c6aee6e37099be6f381b7cb92f79fe189b3fe8eb84af6aea47ff68fd

    • SSDEEP

      49152:aGzhmoSjcFNMcbm0dLovfFYvx7WA+0b7Gsr04TSfZeU69PX8hm50gpdnLosp:aG9mVSysLWFmLGR9fAUo0gpdnLosp

    Score
    10/10
    netsupportdiscoveryrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Netsupport family

      netsupport

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks