Overview

overview

10

Static

static

3

c17ca653f7...18.exe

windows7-x64

7

c17ca653f7...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c17ca653f7cbc0de9d5d1bf6d643e151_JaffaCakes118

  • Size

    79KB

  • Sample

    240825-yzvvaathlr

  • MD5

    c17ca653f7cbc0de9d5d1bf6d643e151

  • SHA1

    97e6fdc64dd8f3cc246429fafb382da9c00287b6

  • SHA256

    d835a2a6a1c7a3a758e3d4f798440b3e439a2e5695d883683456105e392d0ef2

  • SHA512

    aa404186dbb86259aa80163a6cc0fa4c7b580e2334f0587db478ef4e23fcf2a6f281d2adc93cdc74ed571e52f7c31e240c0343c49e44fa2418813f1284f7089e

  • SSDEEP

    1536:nQxqcQu0iQ0KsgFWq/fpZl9c4QFABNitT2xLoxqxSn1c:Q/030KtFpBZnc4IABNhxLVUnC

Score
10/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      c17ca653f7cbc0de9d5d1bf6d643e151_JaffaCakes118

    • Size

      79KB

    • MD5

      c17ca653f7cbc0de9d5d1bf6d643e151

    • SHA1

      97e6fdc64dd8f3cc246429fafb382da9c00287b6

    • SHA256

      d835a2a6a1c7a3a758e3d4f798440b3e439a2e5695d883683456105e392d0ef2

    • SHA512

      aa404186dbb86259aa80163a6cc0fa4c7b580e2334f0587db478ef4e23fcf2a6f281d2adc93cdc74ed571e52f7c31e240c0343c49e44fa2418813f1284f7089e

    • SSDEEP

      1536:nQxqcQu0iQ0KsgFWq/fpZl9c4QFABNitT2xLoxqxSn1c:Q/030KtFpBZnc4IABNhxLVUnC

    Score
    10/10
    discoveryupxpersistence

    • Modifies WinLogon for persistence

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks