Overview

overview

7

Static

static

7

CabalMain.exe

windows7-x64

7

CabalMain.exe

windows10-2004-x64

7

blitzhub.dll

windows7-x64

5

blitzhub.dll

windows10-2004-x64

5

d3dx9_30.dll

windows7-x64

5

d3dx9_30.dll

windows10-2004-x64

5

Sharing

Copy URL Twitter E-mail

General

  • Target

    3feda620ad7847694e9638fd5f08b117_JaffaCakes118

  • Size

    3.6MB

  • Sample

    240713-dhfntavgjc

  • MD5

    3feda620ad7847694e9638fd5f08b117

  • SHA1

    9bddbca83675d7467e30d11c2b6e88cc5965cfb3

  • SHA256

    d3ab2fd2c5734f1765082547095fbc23f6df2c38a2beb8694b19dac8ccc9008a

  • SHA512

    b6b7bbfd0875ffb787aff13302343cf4f490ab91e2ff1bcc85c90e3348a19abad1230747771ad2cb6879e224472282291b443e35148517332d3db7f92fd9d133

  • SSDEEP

    98304:U+NK/WezojefAx35va+iwdlfXr8ZnwfVepypai0q:UDGd5qwdlfXJf8g0q

Score
7/10
upx

Malware Config

Targets

    • Target

      CabalMain.exe

    • Size

      1.4MB

    • MD5

      fe37f284abd295e1d29f0b6d2f54d1a6

    • SHA1

      c7221d69ac3a4ca5e7eb70b8fba4e5cdfc2ddd00

    • SHA256

      a6fe5047d359084b8f92c5a36c2c5a36712afc36bbb4fa12e6b233441f01438a

    • SHA512

      5d372e6a5c5f16b48d4220412fc7c6e398dd689772aa99fc868a2a5d9af559248826c5fd2dec0c4d70d5267ffb7e9647ae5996ee1dcc1a0f11d22d08c10f12de

    • SSDEEP

      24576:+9U+6u/wYvuRq7eNED4s0BxpzcabH0qw48Qt0OEi7DcMUI9M6l3A5XFOf2TTArbN:+XIVo7r4s0Xaatw4xd9leMkTMj/4A

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      blitzhub.dll

    • Size

      658KB

    • MD5

      994ac1f5637594c73969e2ddd8f4c702

    • SHA1

      659a002195c6248468911478a14ac169b5cb5228

    • SHA256

      fe5b99a8c7e2974c7f13fc2c926827a77664e15465bd7b2b98b8ae92c762aaf1

    • SHA512

      cb86d61caca7b60891a2f3a66e3e6832e11fdb6100ce8e6769c5fb141f3307bac6f5977d68f9dd2218e2dd22db7b1885b79f7fe413cc85aec895ad7b2ba7020a

    • SSDEEP

      12288:QShmW5wwyPImzQ/+afpnRyY9jjU8TUDvRvrlPLCZ1Bh+qlTGqIZ/:QShm0wwuFQZfpcYRzINv5ohRTGqU

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

    • Target

      d3dx9_30.dll

    • Size

      1.6MB

    • MD5

      51d39765872b0e59a45ad50439d379c8

    • SHA1

      4adf09fc5af78a2f8442a5f5a022c52a0cc3cfcf

    • SHA256

      0c0135d5aca281165bc8b1429272af838539cc693095ad8f35fcbc3a82fc6fe8

    • SHA512

      b9230f6313151e34570e8a211c3c67a1ff33b513d505b51448bedf1ff3e3abd71f820673713145b7d8da756a7097d399dd06ef243d3cd893b8e048a6d406b6d6

    • SSDEEP

      49152:MJhV8fvM03+sCVWNnywRktqiPlLVwwiOBaUYX8R:u20MW2yWmPlLVwwiOBme

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral5behavioral6

MITRE ATT&CK Matrix

Tasks