Overview

overview

7

Static

static

7

27f660c84d...18.exe

windows7-x64

7

27f660c84d...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    27f660c84dd57816aedde65f019c7797_JaffaCakes118

  • Size

    154KB

  • Sample

    240706-ktf72sshrk

  • MD5

    27f660c84dd57816aedde65f019c7797

  • SHA1

    716492e2bbc36f02f8fa57b62d3476470cabcde0

  • SHA256

    1829e4d0c4a603efa03ba1db4dc315b19f6f6350df28a860738da7df85e084ee

  • SHA512

    12d4e3c17c650f2a47c8076b6b9b5896925aedb93919573f0951401be48fe61ebfe9424da2e2070af7d98f67c8d06ae79c01e08a68b41adf19c8a632d017f969

  • SSDEEP

    3072:fmAu7gTc4c4APm7Wa4yFTOiMPZY+ZSsrhWezvvIxouv2:fmh7n4cL+F4yT2ZY+IIhhIxoE2

Score
7/10
persistencespywarestealerupx

Malware Config

Targets

    • Target

      27f660c84dd57816aedde65f019c7797_JaffaCakes118

    • Size

      154KB

    • MD5

      27f660c84dd57816aedde65f019c7797

    • SHA1

      716492e2bbc36f02f8fa57b62d3476470cabcde0

    • SHA256

      1829e4d0c4a603efa03ba1db4dc315b19f6f6350df28a860738da7df85e084ee

    • SHA512

      12d4e3c17c650f2a47c8076b6b9b5896925aedb93919573f0951401be48fe61ebfe9424da2e2070af7d98f67c8d06ae79c01e08a68b41adf19c8a632d017f969

    • SSDEEP

      3072:fmAu7gTc4c4APm7Wa4yFTOiMPZY+ZSsrhWezvvIxouv2:fmh7n4cL+F4yT2ZY+IIhhIxoE2

    Score
    7/10
    persistencespywarestealerupx

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks