Overview

overview

8

Static

static

3

INSTALL.cmd

windows7-x64

8

INSTALL.cmd

windows10-2004-x64

8

PORTABLE.cmd

windows7-x64

8

PORTABLE.cmd

windows10-2004-x64

8

WinTools.n....0.exe

windows7-x64

8

WinTools.n....0.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    17629e22430be640419ab3203a9c2b69_JaffaCakes118

  • Size

    1.5MB

  • Sample

    240505-m7yqcsgb3t

  • MD5

    17629e22430be640419ab3203a9c2b69

  • SHA1

    e465217d4ef29962212b4eb01ecafded25ca7936

  • SHA256

    9de30699b8eba5e5dcfdc2a3abe4c07851bae91421d5f98ba33fd34a9d4812c5

  • SHA512

    f454290839188d9fb1ad977497f2fdd95b5f8aacbe9e815bd03e6c1f4f8355f01fd59fee8a76d64f21d4f3367df61d266f22ad682a492d755b5b976e73c20081

  • SSDEEP

    49152:IQiVKS5NEa/48eXIxAX5YJMfuR3WiId7ITyXKM:IQiUqCa2n86uRGinTyXKM

Score
8/10
evasionupx

Malware Config

Targets

    • Target

      INSTALL.cmd

    • Size

      744B

    • MD5

      9199bfdfc2e8c2897be25d41b9c8fe9d

    • SHA1

      a84aa14ac63f00b6c491fa2101e35d03f2a8152d

    • SHA256

      659f0bb1ae26b52897ab5424704d85eb5c65835f678fc27495ea0f1501b8cf99

    • SHA512

      d504221ab35bdc88a068786e99bc4fb610d79ec1ae9b8a132557a7a3ae0ea2e3547f2f03fc0ed7cd7db5f009b017ca807eeb399ee4ffb978a0c8b70ea3d952e4

    Score
    8/10
    evasion

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      PORTABLE.cmd

    • Size

      744B

    • MD5

      9bab4a7c92fc1b95c21a4dfbad2883a2

    • SHA1

      c83204e2a5630c946e9f9cf95373a92005a4a660

    • SHA256

      e4b5c2676d6bb07c6f595ff8ef44ed3d37890fc64307b1273269ce22a7efdbbd

    • SHA512

      9734c2ef84d9b1d7c30350724cbcaec93820bd8f73f37c9e0076756b414f5c5cd5c2ca07260b618e3fad276e705bb0416dbe5ea00fee3322cbf8f9ce9a81de5d

    Score
    8/10
    evasion

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    behavioral3behavioral4

    • Target

      WinTools.net.Premium.v20.3.0.exe

    • Size

      1.5MB

    • MD5

      0fc36a1798a22e19b271ba356403fa6f

    • SHA1

      4c1ac81f02cbe8c3cf19bf46f2344acd5728bc9e

    • SHA256

      1143b1602a2297e61796898d611a8aa7b1ebf810eb4a351c1a978ae83cc2894b

    • SHA512

      3e50cc48729d11b992bfef2b6d94b25d9a648dd7cb6fad367dfa71c0bcaa36a8ba154489b28528048c42e2c2f0246b4fbdafb80f1a6619fc2c9b682c07f21609

    • SSDEEP

      49152:3QiVKS5NEa/48eXIxAX5YJMfuR3WiId7ITyXK0:3QiUqCa2n86uRGinTyXK0

    Score
    8/10
    evasionupx

    • Modifies Windows Firewall

      evasion

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks