Overview

overview

10

Static

static

3

DeskBabes_Install.exe

windows7-x64

10

DeskBabes_Install.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    b46e1c3fdaa2ba79bb248205e5f7c658_JaffaCakes118

  • Size

    150KB

  • Sample

    240821-weeapasclh

  • MD5

    b46e1c3fdaa2ba79bb248205e5f7c658

  • SHA1

    891fc51d20d15c4f379f898a6546762778ab40e3

  • SHA256

    c58396e80ec08683696ae65ff3c146fd7a9773e2904e305a4c26cfe5438b33e8

  • SHA512

    1b50224c4604489edfc418e2cd9b70e35cc55f6752e74c1bc67bb1479e4db40a76e114c4bf78eeaa0696422b2455067765943da34b601494047f0f75f912c925

  • SSDEEP

    3072:HY5YTZlBa+Iiu6tL6lFkVfIyG+3yY/pHr1hWE2Gm7SfenTUBB7i9i38rAr7kbU:HY5Y97dnbVflbjR47SuUBp6i380r77

Score
10/10
discoveryevasion

Malware Config

Targets

    • Target

      DeskBabes_Install.exe

    • Size

      177KB

    • MD5

      d77d82ca7ece5b5af595f527b9a98aeb

    • SHA1

      606d86e2add4ba9ab003188dd794576ff2133b05

    • SHA256

      3a1455b40174825b70dbb6e63209a99a05cc222e0aae1a19fa86a4cb1638c0c4

    • SHA512

      d91fbc1a7b6fe5e1f0949c76a8f90ca4206917f19fed38a00634eaf6c121fd736a862de64365e4d69e81d8dd2ce7017a91b0183b38ccabf479225b6d061de00d

    • SSDEEP

      3072:CJt3L86wEypNaGaxbzVEetW9kQnt2ejHrvsiXxP10SxiCDDioJnd3IIJHg+MgITJ:CJt33IaGaxJ9Qnt5jHrvsiXx6LCDDntC

    Score
    10/10
    discoveryevasion

    • Modifies firewall policy service

      evasion

    • Modifies security service

      evasion

    • Deletes itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks