General

  • Target

    735f19c7920712f76e9a09e66fd06872_JaffaCakes118

  • Size

    1.9MB

  • Sample

    240525-1sm7zacd36

  • MD5

    735f19c7920712f76e9a09e66fd06872

  • SHA1

    cb2099f34723a4f80b0f211ca2d88ec5e979c3b7

  • SHA256

    de943f1ae3b538185bb656872de21ae04d7b6d5e36cec8fce6b91777e1b69a3a

  • SHA512

    e724e3b2786d3188e37a0ab4878bc42f55902011d501b7f6543f9385b2a1ec40715abc076bcb8942578358afb29cb0ecc53b85414860003d8c8aca356e5cbeb3

  • SSDEEP

    24576:gtV3TakLeN0WNAoABrioUSRWke4V2YhWZ52gBbQFgWIhyvJWj19Xk/XownUa1oC2:gtVDrc0NoAJiHSRBveWf/APXkPzUa6l3

Score
8/10

Malware Config

Targets

    • Target

      735f19c7920712f76e9a09e66fd06872_JaffaCakes118

    • Size

      1.9MB

    • MD5

      735f19c7920712f76e9a09e66fd06872

    • SHA1

      cb2099f34723a4f80b0f211ca2d88ec5e979c3b7

    • SHA256

      de943f1ae3b538185bb656872de21ae04d7b6d5e36cec8fce6b91777e1b69a3a

    • SHA512

      e724e3b2786d3188e37a0ab4878bc42f55902011d501b7f6543f9385b2a1ec40715abc076bcb8942578358afb29cb0ecc53b85414860003d8c8aca356e5cbeb3

    • SSDEEP

      24576:gtV3TakLeN0WNAoABrioUSRWke4V2YhWZ52gBbQFgWIhyvJWj19Xk/XownUa1oC2:gtVDrc0NoAJiHSRBveWf/APXkPzUa6l3

    Score
    8/10
    • Blocklisted process makes network request

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks