23ed340ff7fe011be54a61b632e3219083b65dbbb101ab2e77e293e5e25c999d | Triage

Submit
Reports

Overview

overview

Static

static

7

83be26d514...18.exe

windows7-x64

83be26d514...18.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

83be26d514c0a84cf8c1b66714f41aad_JaffaCakes118
Size

650KB
Sample

240809-13v1ka1hkl
MD5

83be26d514c0a84cf8c1b66714f41aad
SHA1

e9d3d9dd7e3517e981bf30253ce74fe71509ba79
SHA256

23ed340ff7fe011be54a61b632e3219083b65dbbb101ab2e77e293e5e25c999d
SHA512

4e83677096673c06e42e2550b08d730c4017f976f58d699858208710d3212a430a6b8e4890bedb94c810d58ce750f6c816a24d1a83d9416c874600f4e92a70bc
SSDEEP

12288:QjkArEN249AyE/rbaMct4bO2/VBg3XUyXFpywR/cXhC5RABO:LFE//Tct4bOsDgJXHyPRCkBO

Score

10^/10

discovery evasion persistence trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

83be26d514c0a84cf8c1b66714f41aad_JaffaCakes118.exe

Resource

win7-20240704-en

discovery evasion persistence trojan upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

83be26d514c0a84cf8c1b66714f41aad_JaffaCakes118.exe

Resource

win10v2004-20240802-en

discovery evasion persistence trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  83be26d514c0a84cf8c1b66714f41aad_JaffaCakes118
- Size
  
  650KB
- MD5
  
  83be26d514c0a84cf8c1b66714f41aad
- SHA1
  
  e9d3d9dd7e3517e981bf30253ce74fe71509ba79
- SHA256
  
  23ed340ff7fe011be54a61b632e3219083b65dbbb101ab2e77e293e5e25c999d
- SHA512
  
  4e83677096673c06e42e2550b08d730c4017f976f58d699858208710d3212a430a6b8e4890bedb94c810d58ce750f6c816a24d1a83d9416c874600f4e92a70bc
- SSDEEP
  
  12288:QjkArEN249AyE/rbaMct4bO2/VBg3XUyXFpywR/cXhC5RABO:LFE//Tct4bOsDgJXHyPRCkBO
Score

10^/10

discovery evasion persistence trojan upx
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Adds policy Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojanupx

behavioral2

discoveryevasionpersistencetrojanupx

© 2018-2025

Terms | Privacy