119822350430472a5a9670550f81bb113d4232dd59c36e8198bfda5323730b1b | Triage

Submit
Reports

Overview

overview

8

Static

static

7

7c18b2ec50...18.exe

windows7-x64

8

7c18b2ec50...18.exe

windows10-2004-x64

7

Sharing

General

Target

7c18b2ec501d020bef64c6c2c98a16bd_JaffaCakes118
Size

1.9MB
Sample

240528-hsy1csab6x
MD5

7c18b2ec501d020bef64c6c2c98a16bd
SHA1

6ebd68da2968af53f30031d50643447a5a61df01
SHA256

119822350430472a5a9670550f81bb113d4232dd59c36e8198bfda5323730b1b
SHA512

10de9af7c73bcba80f3e42c5c93d8f700e1dda6429d2d5b5d3f37479008cd41e3df5fb756477567fe2b383dc9ad612af381baf09763a5a854b95a9d359628c84
SSDEEP

49152:mjLE/lJNMEiv8/ihbImTYIkgJHlVW+FK9JVSrRF:sLk2n8/wbvXkgxlVbFUJVyRF

Score

8^/10

evasion execution upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7c18b2ec501d020bef64c6c2c98a16bd_JaffaCakes118.exe

Resource

win7-20240221-en

evasion execution upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

7c18b2ec501d020bef64c6c2c98a16bd_JaffaCakes118.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  7c18b2ec501d020bef64c6c2c98a16bd_JaffaCakes118
- Size
  
  1.9MB
- MD5
  
  7c18b2ec501d020bef64c6c2c98a16bd
- SHA1
  
  6ebd68da2968af53f30031d50643447a5a61df01
- SHA256
  
  119822350430472a5a9670550f81bb113d4232dd59c36e8198bfda5323730b1b
- SHA512
  
  10de9af7c73bcba80f3e42c5c93d8f700e1dda6429d2d5b5d3f37479008cd41e3df5fb756477567fe2b383dc9ad612af381baf09763a5a854b95a9d359628c84
- SSDEEP
  
  49152:mjLE/lJNMEiv8/ihbImTYIkgJHlVW+FK9JVSrRF:sLk2n8/wbvXkgxlVbFUJVyRF
Score

8^/10

evasion execution upx
- Blocklisted process makes network request
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionexecutionupx

behavioral2

© 2018-2025

Terms | Privacy