0c8cc638ce2a3abe01f2af2c70f8669f3acbcb8395ff4dfd1bf5c6d5dcfc2b3c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0a1158d17721820667502f7e2cd00f15_JaffaCakes118
Size

60KB
Sample

240624-wvp25ayglp
MD5

0a1158d17721820667502f7e2cd00f15
SHA1

729cfb75d79b29673fab521e1b071ac7f87e4517
SHA256

0c8cc638ce2a3abe01f2af2c70f8669f3acbcb8395ff4dfd1bf5c6d5dcfc2b3c
SHA512

73e5cd74202b3b33f8c1558bd10b971eebfcf62501036a7c974f81d088bee0cb034097440f7896ca7b022c82695e10bcc88d192416bde15333f817c16b7947f4
SSDEEP

768:3GXTc2MQN97d0K4pETCjNCln3Ya68jok5Hqewo1O6Arquos3PAjKR+HANvW5UPuN:I739KTETCpaPHjdHq2O6Ar8x08GiUpK

Score

7^/10

upx

Malware Config

Targets

- Target
  
  0a1158d17721820667502f7e2cd00f15_JaffaCakes118
- Size
  
  60KB
- MD5
  
  0a1158d17721820667502f7e2cd00f15
- SHA1
  
  729cfb75d79b29673fab521e1b071ac7f87e4517
- SHA256
  
  0c8cc638ce2a3abe01f2af2c70f8669f3acbcb8395ff4dfd1bf5c6d5dcfc2b3c
- SHA512
  
  73e5cd74202b3b33f8c1558bd10b971eebfcf62501036a7c974f81d088bee0cb034097440f7896ca7b022c82695e10bcc88d192416bde15333f817c16b7947f4
- SSDEEP
  
  768:3GXTc2MQN97d0K4pETCjNCln3Ya68jok5Hqewo1O6Arquos3PAjKR+HANvW5UPuN:I739KTETCpaPHjdHq2O6Ar8x08GiUpK
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  99bc22826a0568dce241be3a4ffd0c0d
- SHA1
  
  62e4662250abdf10d23a61076fd7cbd00a5c5b6f
- SHA256
  
  120e4fac0538b7e7b75934706668063a4e7785d0405dca43fde36d55f6d968de
- SHA512
  
  35b016b6e2dc850e5432becd57f35faf73b180c0a6f822a406cf9d5439a87126c41c49aac025cdeecd38bbd01705ddbd8c217cb33134e978ecc9624053b52be9
- SSDEEP
  
  384:sKlm7i+c3QW6ckPhyDEaLnr2bbBBIXwZ:5qi8BcyhEhLCbbTI
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/Loader.dll
- Size
  
  6KB
- MD5
  
  f0504b1214257bf1322273fd9dd153a0
- SHA1
  
  8ccc49c334e8efb7d42eae243d0dd2f961fbce9f
- SHA256
  
  5484a24e1ad47bd2fb332277bea3b462bc609d9de9ff9b64e95ae82685006324
- SHA512
  
  7d5d9688d24f3084708eec603d7e62bbccda375150e084e1ac436688b77b49b6d7f147e752b44d4a0a5182ae6c4dba89f8e7d0d0f67b7c4b5bc355789bc2ac2d
- SSDEEP
  
  96:AEvyyyyyyyyyyyyWyyyyyyyyyyyyAwnVRyyyyyyyyyyyycMyyyyyyyyyyyyNKWme:AEmVKWziF1dV06OKKFtLdKFZ+
Score

3^/10
behavioral5 behavioral6
- Target
  
  ecodec.exe
- Size
  
  46KB
- MD5
  
  e59aa16de3af3ebd8f90871bb58079e9
- SHA1
  
  c7d956f8c9e0fd6e9dc9263ff174513c36acbb91
- SHA256
  
  fc8e074548037a70c48b79d5e2f178b8ee3ea11b72bf40b05de238d23baad229
- SHA512
  
  e3ed52ab8eb7fdf189c53046a474cd46126f8642ac79e8eadb80ddde814d4cf1c3b798ba8a5b10fb7c48482c46c63d0e2b8fd2c3b77943ed09235e8935efe62e
- SSDEEP
  
  768:TTtKoZywDiVauDWAY6B3vhK7GcarERuAYCLDyXMNPlbfUeRQtQ7P:PtKoZQWKhKASYTMNPRUeR
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral7 behavioral8
- Target
  
  uninst.exe
- Size
  
  25KB
- MD5
  
  c53fc8d1c0766678dbada1efa136f140
- SHA1
  
  b663349142b3f1c406041fa85738c84bda738296
- SHA256
  
  5ef058bfe64781befa863f0f9e2469ab27bf542650069d6907fece683fa89ce6
- SHA512
  
  d29e0f7fc76bd617486a085de193cc9db6c6b4305f9b9411966effadf463395a5f369f9e3b9be51a746dd03d24e02d729176b8459ee26c84e5344c4ee47da5d5
- SSDEEP
  
  384:3GXTc8s95UMnQwzQbDOCpW27U6d0V4vkQQeC+8y7HvCQY9bftgbs:3GXTc2MQN97d0K4pETCh9bftgo
Score

7^/10

upx
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10