Overview

overview

7

Static

static

7

PHILka.RU_...RU.url

windows7-x64

1

PHILka.RU_...RU.url

windows10-2004-x64

1

PHILka.RU_...07.exe

windows7-x64

7

PHILka.RU_...07.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    bd05e1a7ec7e1707fa33266cc7099af1_JaffaCakes118

  • Size

    598KB

  • Sample

    240823-y5cwnathqa

  • MD5

    bd05e1a7ec7e1707fa33266cc7099af1

  • SHA1

    6200785ac7015433024a3772b620ab05f9727fd2

  • SHA256

    735906cfd7a350a11dac47478b1be1d7a3bdd04a2b0d73ba609ca22ac2af1c6d

  • SHA512

    3c7e597bd90849c8418b8398f9d2dee04fd5247ca7e1b488e1b5ae76beecd4e7126515df295a7b49425001e0f58ee626059e06544da338313d1f9541eb669f25

  • SSDEEP

    12288:CrxfcqXti4NV+eizHBkWMGQTMdPFu0GyIh4JPWheJ3hnSoPotbJSoT7jOo:wxfcqXtPNYQYdNu0MOFn3hSoPotbJdTZ

Score
7/10
discoveryupx

Malware Config

Targets

    • Target

      PHILka.RU_Perfect Keylogger 1.68/PHILka.RU.url

    • Size

      94B

    • MD5

      2f8f574bde2733c853eae6b7f203381b

    • SHA1

      617d9b52d6c07523dc9cf9f2caad1b8cbed5af9b

    • SHA256

      608927377863487fd0fdca73cfe7a29d6dc1a697c8720d2e699503c270c8d809

    • SHA512

      6c4447311061921d85d72fea69ab26c8ce905907aaa7f4c4bb703a8224785282335b12904a118d06e31b90542844f0e2029356341ac4024b4e667543b4d6e7b3

    Score
    1/10
    behavioral1behavioral2

    • Target

      PHILka.RU_Perfect Keylogger 1.68/i_bpk2007.exe

    • Size

      578KB

    • MD5

      4232344e1dd42b9b74fbe7e6d142cc1d

    • SHA1

      5e0fa55be32a75202dc8c3e8f5fefface87c0570

    • SHA256

      2967c48169969bdfe5b4ce0fb7491f2e17ad9ee65be6d0de0368294f7c52ff78

    • SHA512

      635915caa09d71ed79b5606014485fbc51efcabc4f979546cad9a1469d96644e379e9140f2e9bc282eebf8813bf54e6e72c700b44b30f1ca16ac4a8832493765

    • SSDEEP

      12288:PdlLu3WJ+A4/cJX5jK2BQPaTCk8HufxTEH2Jk9A4Emf9wWLBb4:V1uGJ+LcTHmk9Jk0WlBb4

    Score
    7/10
    discoveryupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks