Overview

overview

7

Static

static

7

c10ea06b46...18.exe

windows7-x64

7

c10ea06b46...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    c10ea06b46b21d472cfd1f75d55a4c3b_JaffaCakes118

  • Size

    79KB

  • Sample

    240825-s5pmka1hkc

  • MD5

    c10ea06b46b21d472cfd1f75d55a4c3b

  • SHA1

    a62fb68f40a6395a7dac61b519582202b1c10503

  • SHA256

    194aa23834a3cc3828e4e73e78e6f6bd2d4c0810d1d66dd595704f953b36286f

  • SHA512

    886915457294d9a908df4d1e7eed12bb8f46c2e9d2a63e083695f849c6a57c17f924fb582b71d8d05336acdea2e1c69ee573c5d7e26c50d1a1adaf2ff0eaf818

  • SSDEEP

    1536:EmwPvfvjM4bbWQ1zTvJab5bYWIHHV/9TEp9Q/at8QeUWRZmLBPQucDULnvcz:A3njJz1HAsV14+it35WRMvLvcz

Score
7/10
defense_evasiondiscoveryupx

Malware Config

Targets

    • Target

      c10ea06b46b21d472cfd1f75d55a4c3b_JaffaCakes118

    • Size

      79KB

    • MD5

      c10ea06b46b21d472cfd1f75d55a4c3b

    • SHA1

      a62fb68f40a6395a7dac61b519582202b1c10503

    • SHA256

      194aa23834a3cc3828e4e73e78e6f6bd2d4c0810d1d66dd595704f953b36286f

    • SHA512

      886915457294d9a908df4d1e7eed12bb8f46c2e9d2a63e083695f849c6a57c17f924fb582b71d8d05336acdea2e1c69ee573c5d7e26c50d1a1adaf2ff0eaf818

    • SSDEEP

      1536:EmwPvfvjM4bbWQ1zTvJab5bYWIHHV/9TEp9Q/at8QeUWRZmLBPQucDULnvcz:A3njJz1HAsV14+it35WRMvLvcz

    Score
    7/10
    defense_evasiondiscoveryupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks