Extracted

• • Target

    JaffaCakes118_6f3a1bb3557ceeb742aa2eb9f2ff50cf

  • Size

    386KB

  • MD5

    6f3a1bb3557ceeb742aa2eb9f2ff50cf

  • SHA1

    a8364da56da9b5c6419328fec3f374d2bae90afd

  • SHA256

    a8d57ed8359931e4d1c3dc91dba2988ba5ad33003a53af5a115ef943495611f8

  • SHA512

    2f0b7d21f11ea1c17c743f151773ec08ebe14342e7ebedc03fb5eb4e2cc7f273478c6ca258eb11a0b87f7e78ee3b4a97ada3fef641e0be598db7459874154db1

  • SSDEEP

    6144:HqA+u7ZvtKT/9VRBVoSzHRkEMvJJqCh10G4ZKF+FFLsUdF+Nx46fz/LNPkARHM9:H/7Z29BuE2Tf4DAUdFwfz/R/M9

  Score

  8^/10

  defense_evasiondiscoverypersistencespywarestealerupx

  • Drops file in Drivers directory

  • Manipulates Digital Signatures

    Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

  • Boot or Logon Autostart Execution: Print Processors

    Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.

    persistence

  • Drops startup file

  • Executes dropped EXE

  • Indicator Removal: Clear Windows Event Logs

    Clear Windows Event Logs to hide the activity of an intrusion.

    defense_evasion

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Drops file in System32 directory

  • Modifies termsrv.dll

    Commonly used to allow simultaneous RDP sessions.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2