Overview

overview

10

Static

static

3

41eb30d817...18.exe

windows7-x64

10

41eb30d817...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    41eb30d817e52628e96a48dcba20789b_JaffaCakes118

  • Size

    456KB

  • Sample

    240713-q11g6ashrm

  • MD5

    41eb30d817e52628e96a48dcba20789b

  • SHA1

    72d45577071c0712fe808a9124f8c6efe443bf7e

  • SHA256

    7a8416b9850330e8274de5c7cd47c9955a4df2c354513a86894e24bdae44ee94

  • SHA512

    9e957aca540f780119f8b02ad224ccda1eb3f284ea219d7a4305b17281a26d69bd85b39ca4fd6b93f28a1a8882bb67ca70a594e2ccac89e8719f3a4f4da8a5d6

  • SSDEEP

    12288:y4ik34n1GxipPy4ZNj2mOb/DNlq41TzXe9Yv:y4ik34n15iN/5lq41Tzuq

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      41eb30d817e52628e96a48dcba20789b_JaffaCakes118

    • Size

      456KB

    • MD5

      41eb30d817e52628e96a48dcba20789b

    • SHA1

      72d45577071c0712fe808a9124f8c6efe443bf7e

    • SHA256

      7a8416b9850330e8274de5c7cd47c9955a4df2c354513a86894e24bdae44ee94

    • SHA512

      9e957aca540f780119f8b02ad224ccda1eb3f284ea219d7a4305b17281a26d69bd85b39ca4fd6b93f28a1a8882bb67ca70a594e2ccac89e8719f3a4f4da8a5d6

    • SSDEEP

      12288:y4ik34n1GxipPy4ZNj2mOb/DNlq41TzXe9Yv:y4ik34n15iN/5lq41Tzuq

    Score
    10/10
    evasionpersistenceupx

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks