Overview

overview

10

Static

static

7

5x/1ff2743...d0.exe

windows7-x64

8

5x/1ff2743...d0.exe

windows10-2004-x64

8

5x/2f4b484...78.exe

windows7-x64

10

5x/2f4b484...78.exe

windows10-2004-x64

10

5x/41919a5...45.dll

windows7-x64

1

5x/41919a5...45.dll

windows10-2004-x64

1

5x/7de86f8...7a78ce

ubuntu-18.04-amd64

4

Sharing

Copy URL
Twitter E-mail

General

  • Target

    06117722a11f990e4fd709009e628469_JaffaCakes118

  • Size

    7.2MB

  • Sample

    240428-zxgejshe5w

  • MD5

    06117722a11f990e4fd709009e628469

  • SHA1

    880f48cf54b6fd1b61f85979e3c5a335d581f76c

  • SHA256

    d5921c53db3576bb6959b28aa641f5163c39de4d16dd53332268ba0a0e5e9f63

  • SHA512

    5d7093b69033eaabf1fede53abe2fcd3893ba5db5ce1f8be59885eeeb635a133d6300c58030ab64a3d2c2283f42f3420f659b0d570a88dbd9c793e4dcf8c298d

  • SSDEEP

    196608:ovgNrM1aPyntaDSrNfrNQZGezPGiaoiQDekJIKExC0SLT5U1aa5N:ovgBAaNkfrNQcmui9iBkLE006T58aON

Score
10/10
mimikatzlinuxupx

Malware Config

Targets

    • Target

      5x/1ff2743e1b20f9f98e4e02dd5eb9b293e72b6dab769272c194cef11adfbfd5d0

    • Size

      3.3MB

    • MD5

      858f22ea594a6a30a5b42dc6380d1e84

    • SHA1

      ad9f83e2698bd5a380afd300225002d7875e08d2

    • SHA256

      1ff2743e1b20f9f98e4e02dd5eb9b293e72b6dab769272c194cef11adfbfd5d0

    • SHA512

      33769894a2e63b0391f97bfcdf7d4df3207ac732434f1a4ee843eb3180cb7a788333d3fc5e0c445a98ed975287bb135dd5aa75ec0154da8876f13da749238182

    • SSDEEP

      98304:4ExH12lFKTMMV7l80gN47cxmhZGUIWnGDHlg/Nzir:LxH125fpixZgWnilSk

    Score
    8/10
    upx

    • Drops file in Drivers directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Deletes itself

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      5x/2f4b48457d8465347d1d40b040fa246f3b8b657531304238231c8b1e92100e78

    • Size

      3.1MB

    • MD5

      a22a1a868a83b1b185191a61d0fbde25

    • SHA1

      99d47c3bceedd0292d69187752f627a6f99d6405

    • SHA256

      2f4b48457d8465347d1d40b040fa246f3b8b657531304238231c8b1e92100e78

    • SHA512

      a04735c9c57aafcbc4ae5c094f8078294ed4b899377d8ba4d5115ae2edef37bd8fd0153078a02ed2318de1ea227a7b6d2ccd5239fb27b84019896865e5c0c105

    • SSDEEP

      49152:LI+WwQsDBCQ7koICLgHmLAYDiDkPCGoTxa8PRjqGchBTSuFrRqufLr8w6qg8Zgh:LTWw1BjnHQa4IzFUiLQwRg8ah

    Score
    10/10
    mimikatzupx

    • Mimikatz

      mimikatz is an open source tool to dump credentials on Windows.

      mimikatz

    • mimikatz is an open source tool to dump credentials on Windows

    • Drops file in Drivers directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Deletes itself

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

    • Target

      5x/41919a56cab4ed4433a4d7701791111bf3aa58720719530432365d9ddea16845

    • Size

      35KB

    • MD5

      01f9000bd760637b4da87c0ad5ec3dd9

    • SHA1

      f73831de21f7f0eed5311c13dc9465670e17a1e7

    • SHA256

      41919a56cab4ed4433a4d7701791111bf3aa58720719530432365d9ddea16845

    • SHA512

      38555fe4a47670c56e42e841e333a4c59f62d812e154f97a9c482e9cebe5b6574371520643ea8c3f25b6191c586134c16ec00ff34326514d277232a8ee4c5100

    • SSDEEP

      768:HJE27aTtnwc/rPbBYusjTDy182R7axGLbmC0Ld2H:HJIv6/jTDhWmxGLbmRd

    Score
    1/10
    behavioral5behavioral6

    • Target

      5x/7de86f83f18c6c8ded0d75ab2f84f34ab115dd84d36b7e490e2bd456f77a78ce

    • Size

      3.8MB

    • MD5

      a3cb211cb6b902d61aaa8bf10feb96da

    • SHA1

      e251f7810739eb7ee11fffbb8f51f930d8f5e729

    • SHA256

      7de86f83f18c6c8ded0d75ab2f84f34ab115dd84d36b7e490e2bd456f77a78ce

    • SHA512

      96857c9c2629d04ba22f37551f38c32044b5117062a038db48a799a4426bde3de8bb88c49aa10db7d971e16043e12b53c6fcb21709a9aee7ab842511382b6b27

    • SSDEEP

      98304:+PNDTCcQADVMvH5Py5YBZIHiWqrUTSZNXs:KkRy

    Score
    4/10
    behavioral7

MITRE ATT&CK Enterprise v15

Tasks