General
-
Target
971f5bf683b12b80807a7a71c3bb114e_JaffaCakes118
-
Size
23KB
-
Sample
240814-wrn1nawcpe
-
MD5
971f5bf683b12b80807a7a71c3bb114e
-
SHA1
58182102e5ed6d89f4132328a690b91375b3f2ed
-
SHA256
f39144662059b6b69fe0ca8ced13c542729dbf8f3bf0f728f27d7682fbab997d
-
SHA512
c6a44d970a1fb17d377be91af6d5651330e506344706805ca32a0d20ca7ce0db417698ad63614173a9d143fc01403428c9be14d40f874cfc4cc086da71e9b6ca
-
SSDEEP
384:MqpeYXzFCemo+G6unM+gH36Lh9BUlcDnwNAKfICBCNpwcAk3Ax3B/Qs075v0:MOemkpB6gXa/BoIMAcCjzAx3qsA5v0
Static task
static1
Behavioral task
behavioral1
Sample
pdf_ups_shipping_invoice.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
pdf_ups_shipping_invoice.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
pdf_ups_shipping_invoice.pif
-
Size
48KB
-
MD5
6ffeb6c9937e13d97472cb1cd1a78be2
-
SHA1
4028524f2634015573a4d08ed834f4db8947f686
-
SHA256
bcd0dcf7e268cbc6de8f43980198bccd372aa24e122b40fb1bf180e846409cdd
-
SHA512
2f9ffdcb10aaccf7813e84d3db868300eaa14177acbe16872085f5864d2eebd1a046e09f2ac7cfe7949c6a678c2985972eec23e04692766df5d52bbd2ff71e13
-
SSDEEP
768:dBS+cG0NkkYkXkkkkkkkkkkkkkkKkkkkkkkkkkMGyKNscfGLkkkkkkkkkkkkkkkS:DSY0N2yg1GWLa
Score10/10-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1