Overview

overview

7

Static

static

7

K1_140317.exe

windows7-x64

7

K1_140317.exe

windows10-2004-x64

7

plug/EyLogin.dll

windows7-x64

5

plug/EyLogin.dll

windows10-2004-x64

5

plug/dm.dll

windows7-x64

7

plug/dm.dll

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8f91abc6cc7547e369ffe898edd0c24d_JaffaCakes118

  • Size

    2.8MB

  • Sample

    240602-1t47wahe38

  • MD5

    8f91abc6cc7547e369ffe898edd0c24d

  • SHA1

    fe5e4e1da66d06eca8a5fedbebdeeab3851b5fdb

  • SHA256

    ae6ef57fe5fb45c2b7fd541240e90dc8957786c18f1394d68fe7eb6736db24ba

  • SHA512

    0980f40f6af0ee2148949defacf837bf8b7a56ab099bb14cf688a63775ba140184946f31d47472573e8c866b6e920ca0f1dd63a69ccb501aae9e85754ccfdc32

  • SSDEEP

    49152:PUBpdHIv8RkiJpxcJtXBB5Xwg+9gM48atb+lGkQRy2fnQMCVAF8ohxTfcmBzZ:UpdXKiJHGZb+2c1kRhnQMCuF8MxQmr

Score
7/10
upx

Malware Config

Targets

    • Target

      K1_140317.exe

    • Size

      798KB

    • MD5

      ff82b09723f3ffe69bc07999a95056e9

    • SHA1

      436bcfa8ab49a319b52ec86ccc03019bf52c9627

    • SHA256

      8f8aec2009fcecf8e568a7d07847bd9d5edd90005aaada5008a7b9de9cf6e8c5

    • SHA512

      04bccf2a88596e12108d1f669ce1372db6c3124be376ef17db86a340683d4fbcae554d0dab3e44aefe315b86af3064152656177e8811af4c503265f890c564e1

    • SSDEEP

      12288:aT37r/5haD5cVKaG0+JBIhPQWAJKVOS8K0LeYaln0SMio3MdMbigSFDo9v/lu:G/7aNEKLYht58XtknkA+biNoF

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      plug/EyLogin.dll

    • Size

      660KB

    • MD5

      564903d760cacb39ef14df0419f03d18

    • SHA1

      1bca18834c6b9405944747c0e4a47d4680fa4f40

    • SHA256

      1e8134a9b97b08ab8200450c75a2aeb0f316dc93b95a4a389dfb7b9233cb3b32

    • SHA512

      449edfecccd8da026bb072890cdf5ca9587e8e1011a653ec105f8716d4e08c6a0e9da34101544673b0c95b29eb2b6ad5630b684baca67d5d843a2d2eee2c5d77

    • SSDEEP

      12288:1+L8oRCosSxyqnONoC0nc7JHuKLgMZLGzeFp+1h9CoC+2uN0E:PoRCfU3ONp0c7JHVFLZFp+1zNyU

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

    • Target

      plug/dm.dll

    • Size

      804KB

    • MD5

      c578b6820bda5689940560147c6e5ffc

    • SHA1

      922e50d89c9c44bdc205ef17aa57212b64e58852

    • SHA256

      3b6ddc32b800a18b21a819e842cbfdd57cb065fd92cc69545e0ef29b97cfd389

    • SHA512

      9f2a1bb5788ad245242d12968bbf198af2694a87c6e2342f14672e8c14e8489dd3319434592fc9b20f620557d0fa58482903d19c7f5ba32456a1e4076dc1bb85

    • SSDEEP

      24576:3rhlxaCsVb6KoTpZCFg6DTk1F2RjkjCQG:VWCsVb6KUpZ+hDg1F2d6

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral5behavioral6

MITRE ATT&CK Matrix

Tasks