Overview

overview

7

Static

static

7

3a513764c5...18.exe

windows7-x64

7

3a513764c5...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    3a513764c5cdf256f2eadc37c60ab24d_JaffaCakes118

  • Size

    186KB

  • Sample

    240711-xdeeqs1hpe

  • MD5

    3a513764c5cdf256f2eadc37c60ab24d

  • SHA1

    c442c22e432927bca76af29b55e7fa506b50bba5

  • SHA256

    7ea0e7398a2000effa54fbae205cd74292747fbdec7702dd45afeddf0553c693

  • SHA512

    a28fa5f0d9b078bb85717823f13b4e1c3604df677b25937c3f6b9bce4c0ae1742cc2551b965994330b2c36ad5db34e2c29874e98499bd2e7b353afc468b1ddbc

  • SSDEEP

    3072:ZoooHi6V+Eb1Zdmt97hhSOclCuxuIdeoiJXcYbA5i8g5QqvTao3u2tI4JoJAIyfR:OVxbfdm7/STAux9dJiJ7bAvg5QqvTjuT

Score
7/10
persistencespywarestealerupx

Malware Config

Targets

    • Target

      3a513764c5cdf256f2eadc37c60ab24d_JaffaCakes118

    • Size

      186KB

    • MD5

      3a513764c5cdf256f2eadc37c60ab24d

    • SHA1

      c442c22e432927bca76af29b55e7fa506b50bba5

    • SHA256

      7ea0e7398a2000effa54fbae205cd74292747fbdec7702dd45afeddf0553c693

    • SHA512

      a28fa5f0d9b078bb85717823f13b4e1c3604df677b25937c3f6b9bce4c0ae1742cc2551b965994330b2c36ad5db34e2c29874e98499bd2e7b353afc468b1ddbc

    • SSDEEP

      3072:ZoooHi6V+Eb1Zdmt97hhSOclCuxuIdeoiJXcYbA5i8g5QqvTao3u2tI4JoJAIyfR:OVxbfdm7/STAux9dJiJ7bAvg5QqvTjuT

    Score
    7/10
    persistencespywarestealerupx

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks