Overview

overview

10

Static

static

3

76c9bd64c0...18.exe

windows7-x64

10

76c9bd64c0...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    76c9bd64c08fcaad792aa0d20e5ea1d5_JaffaCakes118

  • Size

    216KB

  • Sample

    240727-dcp1assflj

  • MD5

    76c9bd64c08fcaad792aa0d20e5ea1d5

  • SHA1

    9a286424c104e29425069dbe0f1dfbff2f76d7f7

  • SHA256

    985dcbc96d8b2d1da27b3dbc71bf6d5437fddee5b504171c4eeb00c1630f89a6

  • SHA512

    b14f5223c087db9c8d73c143c47012eb6a9f3829e7138e8c2bf3496d1e7f85752d72b3445d91c034e15b530facb9fbe7b8d59f29a38e202d9b017d72bfae9312

  • SSDEEP

    3072:ERVsFDhU5o1hKcXZUEplNGh3D7t7Ggg3ASFBuNA7DuWP3c5AoPVm:YsFVpD2Ep/IDA3fFcNAnu75AoPY

Score
10/10
discoveryevasionpersistenceupx

Malware Config

Targets

    • Target

      76c9bd64c08fcaad792aa0d20e5ea1d5_JaffaCakes118

    • Size

      216KB

    • MD5

      76c9bd64c08fcaad792aa0d20e5ea1d5

    • SHA1

      9a286424c104e29425069dbe0f1dfbff2f76d7f7

    • SHA256

      985dcbc96d8b2d1da27b3dbc71bf6d5437fddee5b504171c4eeb00c1630f89a6

    • SHA512

      b14f5223c087db9c8d73c143c47012eb6a9f3829e7138e8c2bf3496d1e7f85752d72b3445d91c034e15b530facb9fbe7b8d59f29a38e202d9b017d72bfae9312

    • SSDEEP

      3072:ERVsFDhU5o1hKcXZUEplNGh3D7t7Ggg3ASFBuNA7DuWP3c5AoPVm:YsFVpD2Ep/IDA3fFcNAnu75AoPY

    Score
    10/10
    discoveryevasionpersistenceupx

    • Modifies firewall policy service

      evasion

    • Adds policy Run key to start application

      persistence

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks