Overview

overview

10

Static

static

3

b357bd672e...18.exe

windows7-x64

10

b357bd672e...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b357bd672ecfa93096dd526aafd07008_JaffaCakes118

  • Size

    867KB

  • Sample

    240821-nyxblswhme

  • MD5

    b357bd672ecfa93096dd526aafd07008

  • SHA1

    3e09bd6a9a23a853cbcdb52935efef5120b79963

  • SHA256

    2734cdb15eccf1ab192c29fd1196c677852ac61fa1c3487159bf6e852b8c2f86

  • SHA512

    fec6f91c9c84e92f0769f63ed82b785830f103a81f2d49393273c1cc5e90f9184ee3fe7293a9f093579de898dce7deb87265a790a65b97e994b26febed33a650

  • SSDEEP

    6144:X4vmuE/sq5mSbFHA4B+9mTnl6uLpetDcCpGC7iycA4TlcDHLPlEY5WpqGcDRady4:XDuAsq5/BHz+xucBNN1ck3lhIgGyd

Score
10/10
discoveryevasionpersistence

Malware Config

Targets

    • Target

      b357bd672ecfa93096dd526aafd07008_JaffaCakes118

    • Size

      867KB

    • MD5

      b357bd672ecfa93096dd526aafd07008

    • SHA1

      3e09bd6a9a23a853cbcdb52935efef5120b79963

    • SHA256

      2734cdb15eccf1ab192c29fd1196c677852ac61fa1c3487159bf6e852b8c2f86

    • SHA512

      fec6f91c9c84e92f0769f63ed82b785830f103a81f2d49393273c1cc5e90f9184ee3fe7293a9f093579de898dce7deb87265a790a65b97e994b26febed33a650

    • SSDEEP

      6144:X4vmuE/sq5mSbFHA4B+9mTnl6uLpetDcCpGC7iycA4TlcDHLPlEY5WpqGcDRady4:XDuAsq5/BHz+xucBNN1ck3lhIgGyd

    Score
    10/10
    discoveryevasionpersistence

    • Modifies firewall policy service

      evasion

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks