Overview

overview

7

Static

static

7

0a335b0df5...18.exe

windows7-x64

7

0a335b0df5...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0a335b0df5470e8383d3119f3538631f_JaffaCakes118

  • Size

    838KB

  • Sample

    240624-xcx6fszfpp

  • MD5

    0a335b0df5470e8383d3119f3538631f

  • SHA1

    1482dc4726aaa9ba678ce9b003639a1bbf05679b

  • SHA256

    6406f4a21fef949ee901196b5ec1839cc678c4f7890b3310be79d687c2a40f89

  • SHA512

    83dfafafc5e247990f3c74ba6ec08ba8439a50f49896e5d0f3ffcca389aef51abbea65579f28bbbb86d2128a72a035d25cade110714134736bfa1c44a74a6e8a

  • SSDEEP

    24576:gl1D3j/nUyyY/PziFzVCxmFemSfmAxc8fYBD:gll3j/nPP2FzmdfmAmQYB

Score
7/10
vmprotect

Malware Config

Targets

    • Target

      0a335b0df5470e8383d3119f3538631f_JaffaCakes118

    • Size

      838KB

    • MD5

      0a335b0df5470e8383d3119f3538631f

    • SHA1

      1482dc4726aaa9ba678ce9b003639a1bbf05679b

    • SHA256

      6406f4a21fef949ee901196b5ec1839cc678c4f7890b3310be79d687c2a40f89

    • SHA512

      83dfafafc5e247990f3c74ba6ec08ba8439a50f49896e5d0f3ffcca389aef51abbea65579f28bbbb86d2128a72a035d25cade110714134736bfa1c44a74a6e8a

    • SSDEEP

      24576:gl1D3j/nUyyY/PziFzVCxmFemSfmAxc8fYBD:gll3j/nPP2FzmdfmAmQYB

    Score
    7/10
    vmprotect

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks