Overview

overview

7

Static

static

7

fce733d0ea...18.exe

windows7-x64

7

fce733d0ea...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fce733d0ea5ba8d159a6ead5c4452895_JaffaCakes118

  • Size

    1.7MB

  • Sample

    240420-q5b1csaf61

  • MD5

    fce733d0ea5ba8d159a6ead5c4452895

  • SHA1

    c9065d3bd07e132e897366faf23bbd9ffc1e3f55

  • SHA256

    1ca3019768703f044e3171e371df7efb5cd6546188e2963c1745c2697a0a6d4a

  • SHA512

    2da52d71169ba0cf5b5676535dbb313341efd0c92a3679491586a68017e39f6936e341fa4821ccb23b14e0ca902a9c5b4c0a36fec03dd7eefa8b7e97b030ec66

  • SSDEEP

    49152:KfiPVJx9NRmw0w4AnTqkj4Y2Y1jgL8HWP:KfiP1jRxP40Wks9ejgL8HI

Score
7/10
evasionpersistencethemida

Malware Config

Targets

    • Target

      fce733d0ea5ba8d159a6ead5c4452895_JaffaCakes118

    • Size

      1.7MB

    • MD5

      fce733d0ea5ba8d159a6ead5c4452895

    • SHA1

      c9065d3bd07e132e897366faf23bbd9ffc1e3f55

    • SHA256

      1ca3019768703f044e3171e371df7efb5cd6546188e2963c1745c2697a0a6d4a

    • SHA512

      2da52d71169ba0cf5b5676535dbb313341efd0c92a3679491586a68017e39f6936e341fa4821ccb23b14e0ca902a9c5b4c0a36fec03dd7eefa8b7e97b030ec66

    • SSDEEP

      49152:KfiPVJx9NRmw0w4AnTqkj4Y2Y1jgL8HWP:KfiP1jRxP40Wks9ejgL8HI

    Score
    7/10
    evasionpersistencethemida

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks