Overview

overview

8

Static

static

3

1ac7c69c45...18.exe

windows7-x64

8

1ac7c69c45...18.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1ac7c69c4526855b8b4ac9d5e5e14e3e_JaffaCakes118

  • Size

    11.6MB

  • Sample

    240701-lhtjnstfkd

  • MD5

    1ac7c69c4526855b8b4ac9d5e5e14e3e

  • SHA1

    bc981813c80369dddac97e8311e0f657c41a2ca0

  • SHA256

    40b0f65b74406cac32def525de3f98d5792126352ed3e1be201399144ff79f4e

  • SHA512

    59ed7534d0e7645774f89a2be66d2685e13748fdd88e661a42fcff971cc2e9847fb0e02995249866b08ea1360439b3abf4552b7363b9ad84f5ea6afb3931fe75

  • SSDEEP

    12288:MAfA5ysSObDkDfA5ysSObwW59Nb08XNr8jMe:3I7bDkDI7bH59Nb0sNro

Score
8/10
adwarepersistencestealer

Malware Config

Targets

    • Target

      1ac7c69c4526855b8b4ac9d5e5e14e3e_JaffaCakes118

    • Size

      11.6MB

    • MD5

      1ac7c69c4526855b8b4ac9d5e5e14e3e

    • SHA1

      bc981813c80369dddac97e8311e0f657c41a2ca0

    • SHA256

      40b0f65b74406cac32def525de3f98d5792126352ed3e1be201399144ff79f4e

    • SHA512

      59ed7534d0e7645774f89a2be66d2685e13748fdd88e661a42fcff971cc2e9847fb0e02995249866b08ea1360439b3abf4552b7363b9ad84f5ea6afb3931fe75

    • SSDEEP

      12288:MAfA5ysSObDkDfA5ysSObwW59Nb08XNr8jMe:3I7bDkDI7bH59Nb0sNro

    Score
    8/10
    adwarepersistencestealer

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1546

Image File Execution Options Injection

1
T1546.012

Browser Extensions

1
T1176

Privilege Escalation

Event Triggered Execution

1
T1546

Image File Execution Options Injection

1
T1546.012

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks