Overview

overview

10

Static

static

3

30d629cdfe...18.exe

windows7-x64

10

30d629cdfe...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    30d629cdfeb98e890486331ec91ad634_JaffaCakes118

  • Size

    501KB

  • Sample

    240709-sazt2sygqm

  • MD5

    30d629cdfeb98e890486331ec91ad634

  • SHA1

    429fb027fdb908ac37c0ea6cf486c99b88448125

  • SHA256

    3601ec13010eacc71a344284465bff6ccb46662786516820ee9f99ae4abe552c

  • SHA512

    82b99be6153fb2bb67149957f9f4b03fcb96c0c1e341dae04ddd566f04a1ebb2ae25477dbb2a31cc4bdff6ec2ea2d269b5d9eae0f676ee603fed8d9d2dfd5da3

  • SSDEEP

    12288:tLwprcyawTYtlbjBJx2rYcaPxbTVzjdvmJrmQsvB:tUprHxylb1JY8zFzJuAp

Score
10/10
aspackv2persistence

Malware Config

Targets

    • Target

      30d629cdfeb98e890486331ec91ad634_JaffaCakes118

    • Size

      501KB

    • MD5

      30d629cdfeb98e890486331ec91ad634

    • SHA1

      429fb027fdb908ac37c0ea6cf486c99b88448125

    • SHA256

      3601ec13010eacc71a344284465bff6ccb46662786516820ee9f99ae4abe552c

    • SHA512

      82b99be6153fb2bb67149957f9f4b03fcb96c0c1e341dae04ddd566f04a1ebb2ae25477dbb2a31cc4bdff6ec2ea2d269b5d9eae0f676ee603fed8d9d2dfd5da3

    • SSDEEP

      12288:tLwprcyawTYtlbjBJx2rYcaPxbTVzjdvmJrmQsvB:tUprHxylb1JY8zFzJuAp

    Score
    10/10
    aspackv2persistence

    • Modifies WinLogon for persistence

      persistence

    • Adds policy Run key to start application

      persistence

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies WinLogon

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks