Overview

overview

7

Static

static

3

c203053d38...18.exe

windows7-x64

7

c203053d38...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    c203053d382faa0c7197850b8502929c_JaffaCakes118

  • Size

    216KB

  • Sample

    240826-bwe84ayfrm

  • MD5

    c203053d382faa0c7197850b8502929c

  • SHA1

    3b260a0253bcfe530c622dc31eb20fb0859f51fb

  • SHA256

    7f5a5bb95531c332bf2bf123a14bef547a11172aed9a169c670f96a35ee8813c

  • SHA512

    6ff25cb6caffbcc1f547b70017cb28b12d0923230355d5e862dadef45fc282aa07888d1f8223d15255097f24f70259c3a3fcde5f07ebcf8302ea2fb7b79b251f

  • SSDEEP

    3072:+SGSAcPqnQ10dR35Q93jAOS9lHhD750uLA1jlbeHUTyBFxDGTyYOfcKS1ufeW:+LcPqn5REDilFlhBPDqyYOfcKS1

Score
7/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      c203053d382faa0c7197850b8502929c_JaffaCakes118

    • Size

      216KB

    • MD5

      c203053d382faa0c7197850b8502929c

    • SHA1

      3b260a0253bcfe530c622dc31eb20fb0859f51fb

    • SHA256

      7f5a5bb95531c332bf2bf123a14bef547a11172aed9a169c670f96a35ee8813c

    • SHA512

      6ff25cb6caffbcc1f547b70017cb28b12d0923230355d5e862dadef45fc282aa07888d1f8223d15255097f24f70259c3a3fcde5f07ebcf8302ea2fb7b79b251f

    • SSDEEP

      3072:+SGSAcPqnQ10dR35Q93jAOS9lHhD750uLA1jlbeHUTyBFxDGTyYOfcKS1ufeW:+LcPqn5REDilFlhBPDqyYOfcKS1

    Score
    7/10
    discoverypersistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks