Overview

overview

8

Static

static

3

convite_face.html.exe

windows7-x64

8

convite_face.html.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    687ac539e20dfec6f98ca109a63857e4_JaffaCakes118

  • Size

    140KB

  • Sample

    240723-vrddgstbpf

  • MD5

    687ac539e20dfec6f98ca109a63857e4

  • SHA1

    14fd1b6309835a24bfac2c606dc45b3aeee0ca32

  • SHA256

    4d726fce85f8984bdfd4e7fed41cd37cc08b2af115b07b298ccdd2938a281c2c

  • SHA512

    5c3a58a502f7d9532a920da970ce87c50361747078b9f80bf1c69a935371bc43e4c03542acc43843b7363f7c33c014aa75843e756283859d0faa4e6038108136

  • SSDEEP

    3072:I+0iFroXCskhf75j65BL5M9YQ25t3jZCLsBPE:I+3rIZkF75GzgYQ2z3VCmPE

Score
8/10
discoveryevasiontrojanupx

Malware Config

Targets

    • Target

      convite_face.html.exe

    • Size

      243KB

    • MD5

      10a04a9f6706f1a4470d5694f4c9064e

    • SHA1

      4021df252f285ae126462fe4932b4f3a0b8d3d28

    • SHA256

      ca623468265ca14a3ad48565f2a11a0d2ccc021bb7d1dc1ab15caa21eaa938e2

    • SHA512

      192ddc232605ded7ee42d79e19482f92e98a72b38c886efc2d7c54e9979cacc4d66d77659679075cbb896126d5f8e0d9da66b6e576925b5b9a8f76d7b0adbc34

    • SSDEEP

      3072:y2mwiw45rovyUTeqWUMXic55qKTcdayJ8RhK3LaszIjfFEjv0Rt8n2QMFSSnIZ:y2mk4p7UI0UyGY2szafPC9MFe

    Score
    8/10
    discoveryevasiontrojanupx

    • Blocklisted process makes network request

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks