Overview

overview

7

Static

static

3

b57b739820...18.exe

windows7-x64

7

b57b739820...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    b57b7398208be4c587c21c6783897ca0_JaffaCakes118

  • Size

    1.8MB

  • Sample

    240821-3h7jzazgpm

  • MD5

    b57b7398208be4c587c21c6783897ca0

  • SHA1

    715a54be46ec409e7a03c5bbd462026db630ad68

  • SHA256

    1b8818665404d44fe006aca34d1e888796a41973c9035d30e5a75e89514534ca

  • SHA512

    27646268e93335b7b3066f9b4e0f742e248b84ec0cdb5e11ead2abc79ca2d67d3b169094673d9f3c791c70aaa925f5580c6c1e00634f8e63efb380713289eef2

  • SSDEEP

    49152:0lG4fSduNym1JDZOyF6TdmZFJAjfSj7FfZD0ElqrbxFn:0lG4fgPm1vwTdmZvwKPzDPCbb

Score
7/10
discoveryupxvmprotect

Malware Config

Targets

    • Target

      b57b7398208be4c587c21c6783897ca0_JaffaCakes118

    • Size

      1.8MB

    • MD5

      b57b7398208be4c587c21c6783897ca0

    • SHA1

      715a54be46ec409e7a03c5bbd462026db630ad68

    • SHA256

      1b8818665404d44fe006aca34d1e888796a41973c9035d30e5a75e89514534ca

    • SHA512

      27646268e93335b7b3066f9b4e0f742e248b84ec0cdb5e11ead2abc79ca2d67d3b169094673d9f3c791c70aaa925f5580c6c1e00634f8e63efb380713289eef2

    • SSDEEP

      49152:0lG4fSduNym1JDZOyF6TdmZFJAjfSj7FfZD0ElqrbxFn:0lG4fgPm1vwTdmZvwKPzDPCbb

    Score
    7/10
    discoveryupxvmprotect

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks