Overview

overview

10

Static

static

3

Exe4J wind...t].exe

windows7-x64

10

Exe4J wind...t].exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3353a2f5033cbffac484f7311491106a_JaffaCakes118

  • Size

    5.1MB

  • Sample

    240710-fafpysxbpj

  • MD5

    3353a2f5033cbffac484f7311491106a

  • SHA1

    9dff8ba9d7982d214e53a2850a1bed8a5f6eeef8

  • SHA256

    9f8e26376c8d109e1e97d64f976b4f369f0977679607edcc86b4c31e5915cb30

  • SHA512

    d4f4043c26a053de63f4e635758674ed99d24e49c0914d3a3d5a4d2003162d8b7fd3fc881b70345e8a35116118047edeede19f55b24cd36a4b55763901aa056a

  • SSDEEP

    3072:o+0rrRzp7kgkORECfPo9L5iD3PaJbn7mQkggqeKSSbWXIs:opRzNkgrRJD3PaJnmQkkh4

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      Exe4J windows 4.0 [h33t][SweetHeart].exe

    • Size

      5.1MB

    • MD5

      1b9eb0ae845e6315fe9eb8a4a961df22

    • SHA1

      189c27ea2ae00a02c46d0244761ee35934d6c0c8

    • SHA256

      bc2c5bd5404e578fa53280995efd9ae1f51c31250f871b5185f094c2701f9cc1

    • SHA512

      dc02a002a010de274356e98dc92beafd87e0998f4e43c5e9ce29bbef73894584468fcef975735946de9c99ed5c5c09afee137a78e962486de6190d8d130cff6c

    • SSDEEP

      3072:3+0rrRzp7kgkORECfPo9L5iD3PaJbn7mQkggqeKSSbWXI:3pRzNkgrRJD3PaJnmQkkh

    Score
    10/10
    evasionpersistenceupx

    • Modifies firewall policy service

      evasion

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks