Overview

overview

7

Static

static

7

93fe5f8a44...18.exe

windows7-x64

7

93fe5f8a44...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    93fe5f8a4450a7e00a6b0cd3d2f91103_JaffaCakes118

  • Size

    3.1MB

  • Sample

    240813-vqzkbs1bqq

  • MD5

    93fe5f8a4450a7e00a6b0cd3d2f91103

  • SHA1

    05f6ada491e7cd3769536ce203d15a3b04751b88

  • SHA256

    c5267912243de71776eb562ebdf8ccc9e4e102f90e033a343e0aa5816ba75d6a

  • SHA512

    0ddd1dca769c3604a078e84eefc1cce076252398ca1f5258c07638156b7c3fd42e7d14326879aeeec6025ec2f8ba51e427ed4b6f5bef5431d3c8ecc661773e2a

  • SSDEEP

    98304:3z6eo4lS/6LD2WWlhyOlYX6+no/uS91OiDbzacfWH3drfZ:3z6eo4lSC/9Wy2Ydo/fFDbzaoKx

Score
7/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      93fe5f8a4450a7e00a6b0cd3d2f91103_JaffaCakes118

    • Size

      3.1MB

    • MD5

      93fe5f8a4450a7e00a6b0cd3d2f91103

    • SHA1

      05f6ada491e7cd3769536ce203d15a3b04751b88

    • SHA256

      c5267912243de71776eb562ebdf8ccc9e4e102f90e033a343e0aa5816ba75d6a

    • SHA512

      0ddd1dca769c3604a078e84eefc1cce076252398ca1f5258c07638156b7c3fd42e7d14326879aeeec6025ec2f8ba51e427ed4b6f5bef5431d3c8ecc661773e2a

    • SSDEEP

      98304:3z6eo4lS/6LD2WWlhyOlYX6+no/uS91OiDbzacfWH3drfZ:3z6eo4lSC/9Wy2Ydo/fFDbzaoKx

    Score
    7/10
    discoverypersistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks