Overview

overview

7

Static

static

3

PgExtract2.exe

windows7-x64

7

PgExtract2.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a5024ff323ea80ea48f148a7254f26aa_JaffaCakes118

  • Size

    3.3MB

  • Sample

    240818-crm9ksshqn

  • MD5

    a5024ff323ea80ea48f148a7254f26aa

  • SHA1

    c17eef2fef62d68a328ab8f4e47dbd51a172272c

  • SHA256

    6cb8d1de96dbb02f7499d7608affc758c4194738185477193946efb877ad0148

  • SHA512

    5e5aa14a4e022332a2bb7056035cb97c71c6109fa88ff5d5de41547b73ee01afe2b934136803f1e2ac02be1e0537ffdfdec77d0c91fbcaffdf2ab694dc5e699e

  • SSDEEP

    98304:aiL9TqO2Vxs87IukzVCNlOKxT2YpVRa3XG:aM9T3us8bKVqlOKxK+RV

Score
7/10
discovery

Malware Config

Targets

    • Target

      PgExtract2.exe

    • Size

      3.5MB

    • MD5

      c7c52f54fe5dc650addd93c675d5d7e1

    • SHA1

      a53e99628dcee5a5295cb8dcbd30e40e6b43f054

    • SHA256

      6a15440e13e34a98eb8a295629c13f32c28c1c93518b5b91382fab9a2341d4d0

    • SHA512

      5786899c8c8101e1c22e2ecb4320e46d6da00df66eeda538a3bc483a22c3212c95ace181d44a0a7d25d5e61d8d3f1271f82a3f72894a2e03f49d69929d40190b

    • SSDEEP

      98304:ThOMBcCPbgEHkXerlU2Y86MrgprKu7YIjPJgbGgI9V:TJBckkEHkX8U2qMUZKvbGd9V

    Score
    7/10
    discovery

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks