Overview

overview

10

Static

static

3

a7db85b87d...18.exe

windows7-x64

10

a7db85b87d...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a7db85b87d77ef7b8a08d1498cc0184e_JaffaCakes118

  • Size

    184KB

  • Sample

    240818-xsghmssepk

  • MD5

    a7db85b87d77ef7b8a08d1498cc0184e

  • SHA1

    c8890496a6506dd1aa9d80e1f01a2526707bcb4d

  • SHA256

    efde3e426cab9404af4c3856040c33596ceb47a8a91cabc52f4c8fa3571b839c

  • SHA512

    923863a2886441c2aa2dda0726fe63b3dc81c0dde775057e30f47ad0fed795a7f55f3629e689e519ff5d54646fade4d48ca624d78dadf48c67bc3e45221cfd33

  • SSDEEP

    3072:NXCkF+Zp9uDlt6fchd16dD8PCZZ72kikVxPaIFd:hSWIn7VxPaI

Score
10/10
vobfusdiscoverypersistenceupxworm

Malware Config

Targets

    • Target

      a7db85b87d77ef7b8a08d1498cc0184e_JaffaCakes118

    • Size

      184KB

    • MD5

      a7db85b87d77ef7b8a08d1498cc0184e

    • SHA1

      c8890496a6506dd1aa9d80e1f01a2526707bcb4d

    • SHA256

      efde3e426cab9404af4c3856040c33596ceb47a8a91cabc52f4c8fa3571b839c

    • SHA512

      923863a2886441c2aa2dda0726fe63b3dc81c0dde775057e30f47ad0fed795a7f55f3629e689e519ff5d54646fade4d48ca624d78dadf48c67bc3e45221cfd33

    • SSDEEP

      3072:NXCkF+Zp9uDlt6fchd16dD8PCZZ72kikVxPaIFd:hSWIn7VxPaI

    Score
    10/10
    vobfusdiscoverypersistenceupxworm

    • Vobfus

      A widespread worm which spreads via network drives and removable media.

      wormvobfus

    • Adds policy Run key to start application

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks