Overview

overview

7

Static

static

7

Info.Pdf__...__.exe

windows7-x64

7

Info.Pdf__...__.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    60d93d2a128879e79488ff9bad7f65e7_JaffaCakes118

  • Size

    197KB

  • Sample

    240721-wjz3yszfjp

  • MD5

    60d93d2a128879e79488ff9bad7f65e7

  • SHA1

    301beb277ae034c276a829ba6b1da1acb8128a9a

  • SHA256

    96ae2cb9018ac1f437f0db47d02f634ec622c2d8af7e2e61debfbcaeb77d4561

  • SHA512

    ead5873407ad15e568da71eb5913942e74096a23375425552174392ef0d65f15409bc5bea12f6863d83329e4391fb8c7f12055d41999cb1d15a47cd05e54e18f

  • SSDEEP

    6144:Sim+DjDOdVeCAo0oQkiAlbNBGKU+jya9mPJRC1pNEdP0v:Sim+DHOuHo0avz9jnmPriyPk

Score
7/10
persistencespywarestealerupx

Malware Config

Targets

    • Target

      Info.Pdf______________________________________________________________.exe

    • Size

      200KB

    • MD5

      3f7af6433aaeb4f5b2bcda80d2fc562a

    • SHA1

      e57e81f201475dfe366df682a4ffa40a4ff78766

    • SHA256

      b55ceb179a583bdfd46cb684e032a9b431cc8189fb5fba4b93be994583779ef0

    • SHA512

      9e8ff124244439ff027d7bf9929a19abc055a4b8d7dc3e25e9b1617fb2fdbd9161f852b9edd6cb5ec4a8cf45eda87cfc07fee1cf65a92ba3b97ee4a341abe107

    • SSDEEP

      6144:nzWS6rxJdVeCMo0oQkiAlnNBGKU+jyg9mPJVC1pNEdP0PoSS:nzR6lJulo04vz9jfmPLiyPkoSS

    Score
    7/10
    persistencespywarestealerupx

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks