Overview

overview

8

Static

static

3

8bc985ee73...18.exe

windows7-x64

8

8bc985ee73...18.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    8bc985ee73b7f3cfb1fd794023f39386_JaffaCakes118

  • Size

    413KB

  • Sample

    240811-ywr9zszela

  • MD5

    8bc985ee73b7f3cfb1fd794023f39386

  • SHA1

    d288a6fb62aae6157d805d94ef533380607dabb4

  • SHA256

    1eb74d9337035412f006a08816d41617562a179ab96bd11ecd5859b39694fa44

  • SHA512

    6eb9dbeda55498225ff0485ef5521ad067d62daec05fe155097eace6f78a9d4cd0f02cca474346c7f21f4166cb35edb9eac3ed157b971b3fe259912952d2c037

  • SSDEEP

    6144:J58zuPSCkbXUIANOcS6BpACoXlVF5D+dmy/7WOLKtwDzZkouq9DtxY:JFV5PZ6lVF5SsYyfwD9kouqlt

Score
8/10
discoveryevasionpersistenceupx

Malware Config

Targets

    • Target

      8bc985ee73b7f3cfb1fd794023f39386_JaffaCakes118

    • Size

      413KB

    • MD5

      8bc985ee73b7f3cfb1fd794023f39386

    • SHA1

      d288a6fb62aae6157d805d94ef533380607dabb4

    • SHA256

      1eb74d9337035412f006a08816d41617562a179ab96bd11ecd5859b39694fa44

    • SHA512

      6eb9dbeda55498225ff0485ef5521ad067d62daec05fe155097eace6f78a9d4cd0f02cca474346c7f21f4166cb35edb9eac3ed157b971b3fe259912952d2c037

    • SSDEEP

      6144:J58zuPSCkbXUIANOcS6BpACoXlVF5D+dmy/7WOLKtwDzZkouq9DtxY:JFV5PZ6lVF5SsYyfwD9kouqlt

    Score
    8/10
    discoveryevasionpersistenceupx

    • Disables Task Manager via registry modification

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks