Overview

overview

8

Static

static

3

3153884cd3...18.exe

windows7-x64

8

3153884cd3...18.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3153884cd334230ae7f903658f3c53a8_JaffaCakes118

  • Size

    209KB

  • Sample

    240709-v6ly6swbjq

  • MD5

    3153884cd334230ae7f903658f3c53a8

  • SHA1

    30a81d50e92c5d668a3745eddfa8670f0b50dd00

  • SHA256

    ebd613a73935411e5e313bc0759192b4b803c1cdc83a82640c0549cd4da94ea4

  • SHA512

    0068e53e354ffd0f982cf17fed768cd254907feb58da1e4841d38584f2a2b2f76c55a717382c06d78f8f9a0f8699fd16187edcbed922d8935940d55fd947250b

  • SSDEEP

    3072:PGbQlkUxuTQRmHhJtG+ETFmGvbq+pCja4KQGvZYAiXu8yDKTaxl2mnMLTYAQpC3c:ePKF1vbq+cWvZ+XuZ+WsCS5ojbam

Score
8/10
persistenceupx

Malware Config

Targets

    • Target

      3153884cd334230ae7f903658f3c53a8_JaffaCakes118

    • Size

      209KB

    • MD5

      3153884cd334230ae7f903658f3c53a8

    • SHA1

      30a81d50e92c5d668a3745eddfa8670f0b50dd00

    • SHA256

      ebd613a73935411e5e313bc0759192b4b803c1cdc83a82640c0549cd4da94ea4

    • SHA512

      0068e53e354ffd0f982cf17fed768cd254907feb58da1e4841d38584f2a2b2f76c55a717382c06d78f8f9a0f8699fd16187edcbed922d8935940d55fd947250b

    • SSDEEP

      3072:PGbQlkUxuTQRmHhJtG+ETFmGvbq+pCja4KQGvZYAiXu8yDKTaxl2mnMLTYAQpC3c:ePKF1vbq+cWvZ+XuZ+WsCS5ojbam

    Score
    8/10
    persistenceupx

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks