Overview

overview

7

Static

static

3

b8a220f140...18.exe

windows7-x64

7

b8a220f140...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b8a220f1408b1b09c2e61c00a7e3ca0f_JaffaCakes118

  • Size

    2.6MB

  • Sample

    240822-ww9g6a1bnf

  • MD5

    b8a220f1408b1b09c2e61c00a7e3ca0f

  • SHA1

    aac3a48c6cc16cf12a7258896d3ab46425f09c34

  • SHA256

    e7c54281bb5b8a75314bcb5d1fbeb9a3c0fc9d8a766978c56427b227ce80791b

  • SHA512

    87536d0299d2ce5985cc227bd64736dcbb7eee14ee603cd9f4e3b3e0b5a0d247a92e7ea19c50bc23bdf1fbe6e9e9714f3f9faf91386fb2f43a597f50777ec7a5

  • SSDEEP

    49152:BG0PJJb4mc062G1fSKYUIIK5lFOJ3i63G5m8J5IRKZozy5PzI98+aDXqCpfVDVgD:zJH7tG1fSKYlIK5lFc73wJ50KZz5PzaL

Score
7/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      b8a220f1408b1b09c2e61c00a7e3ca0f_JaffaCakes118

    • Size

      2.6MB

    • MD5

      b8a220f1408b1b09c2e61c00a7e3ca0f

    • SHA1

      aac3a48c6cc16cf12a7258896d3ab46425f09c34

    • SHA256

      e7c54281bb5b8a75314bcb5d1fbeb9a3c0fc9d8a766978c56427b227ce80791b

    • SHA512

      87536d0299d2ce5985cc227bd64736dcbb7eee14ee603cd9f4e3b3e0b5a0d247a92e7ea19c50bc23bdf1fbe6e9e9714f3f9faf91386fb2f43a597f50777ec7a5

    • SSDEEP

      49152:BG0PJJb4mc062G1fSKYUIIK5lFOJ3i63G5m8J5IRKZozy5PzI98+aDXqCpfVDVgD:zJH7tG1fSKYlIK5lFc73wJ50KZz5PzaL

    Score
    7/10
    discoverypersistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks