Overview

overview

7

Static

static

7

8bfe9e63b2...18.exe

windows7-x64

7

8bfe9e63b2...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8bfe9e63b28ea0ec1ef609df44a00788_JaffaCakes118

  • Size

    191KB

  • Sample

    240811-z3dkvasfqc

  • MD5

    8bfe9e63b28ea0ec1ef609df44a00788

  • SHA1

    eb9b5da55fc2f82d2c9ee770b45d6cf13bcab98a

  • SHA256

    6486d7678e6bfef44c78b6be624f2c08131f2be3a752901588ddf06eee474ca0

  • SHA512

    89c8cd1e3325bf94ae074ee42aaad78903d7476c9340bf7e8b3470d28a9c99aa5862134f443840d074295238f63456da9bb9430cae32b42423365ac6cfd0c9f4

  • SSDEEP

    3072:oLboH72D2M/gd74950lR/3vvPLrk1EKGjFZ8+FTYEnSaBSg93TEk7B:InSM/G74n+R/vTKIhFTYE5BSg9DEkF

Score
7/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      8bfe9e63b28ea0ec1ef609df44a00788_JaffaCakes118

    • Size

      191KB

    • MD5

      8bfe9e63b28ea0ec1ef609df44a00788

    • SHA1

      eb9b5da55fc2f82d2c9ee770b45d6cf13bcab98a

    • SHA256

      6486d7678e6bfef44c78b6be624f2c08131f2be3a752901588ddf06eee474ca0

    • SHA512

      89c8cd1e3325bf94ae074ee42aaad78903d7476c9340bf7e8b3470d28a9c99aa5862134f443840d074295238f63456da9bb9430cae32b42423365ac6cfd0c9f4

    • SSDEEP

      3072:oLboH72D2M/gd74950lR/3vvPLrk1EKGjFZ8+FTYEnSaBSg93TEk7B:InSM/G74n+R/vTKIhFTYE5BSg9DEkF

    Score
    7/10
    discoverypersistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks