Overview

overview

10

Static

static

7

c24a94fc9f...18.exe

windows7-x64

c24a94fc9f...18.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c24a94fc9f372a5e6b490ad971aaf81b_JaffaCakes118

  • Size

    695KB

  • Sample

    240826-e7gsvaxakl

  • MD5

    c24a94fc9f372a5e6b490ad971aaf81b

  • SHA1

    3d04b58f45c4818b73e689b42bcf4b561e8c575f

  • SHA256

    594ed688f479bc7c74a755ebd6555f65a55d63c5d82342d0df32cfac9560d0f6

  • SHA512

    204bcdcff335f894d20ae70ad917c54e862f28ca9166e6d0d9f3f1e1c75dbaf3b0dd573aa6dbcb3d68eb1693deb5bdb4e508e94ba41d2c70bbe39b74fd042eee

  • SSDEEP

    12288:mzCXl6eEblXIh6Yo8Gvp9gw5PlsOnmVNuWq1iVd7LvXEguiU731bBdT:516eEbRIhPC9bvmOyv0JT

Score
10/10
discoverypersistenceupx

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://lastreporteriche.com/inst.php?id=02956

Targets

    • Target

      c24a94fc9f372a5e6b490ad971aaf81b_JaffaCakes118

    • Size

      695KB

    • MD5

      c24a94fc9f372a5e6b490ad971aaf81b

    • SHA1

      3d04b58f45c4818b73e689b42bcf4b561e8c575f

    • SHA256

      594ed688f479bc7c74a755ebd6555f65a55d63c5d82342d0df32cfac9560d0f6

    • SHA512

      204bcdcff335f894d20ae70ad917c54e862f28ca9166e6d0d9f3f1e1c75dbaf3b0dd573aa6dbcb3d68eb1693deb5bdb4e508e94ba41d2c70bbe39b74fd042eee

    • SSDEEP

      12288:mzCXl6eEblXIh6Yo8Gvp9gw5PlsOnmVNuWq1iVd7LvXEguiU731bBdT:516eEbRIhPC9bvmOyv0JT

    Score
    10/10
    discoverypersistenceupx

    • Modifies WinLogon for persistence

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks