Overview

overview

7

Static

static

1

c8664d503e...18.exe

windows7-x64

7

c8664d503e...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    c8664d503e80ac44911400a237155c2d_JaffaCakes118

  • Size

    238KB

  • Sample

    240829-htkjcsydrc

  • MD5

    c8664d503e80ac44911400a237155c2d

  • SHA1

    8d57caa7a3378de83e126cdef961222942ca19ed

  • SHA256

    d917845ff0aafcc819bc28e17216702b2214fd5c826b761fa4e4fe1a7095ec93

  • SHA512

    959dbeb3200b7b94d0924a47f2a8d093e5e69272389bcbf078f3ae9f9c569a65bddf1e0bade1648929d9d7420f364b7df6bb413c7019a6ee276dadd74d8b0d9b

  • SSDEEP

    3072:rQW4shk+BiuxqpZTekVj5D30CCfDGgmSW2AVkVsgaqCyXL9veJxL:9hkKMbHL9VmQrqH92LL

Score
7/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      c8664d503e80ac44911400a237155c2d_JaffaCakes118

    • Size

      238KB

    • MD5

      c8664d503e80ac44911400a237155c2d

    • SHA1

      8d57caa7a3378de83e126cdef961222942ca19ed

    • SHA256

      d917845ff0aafcc819bc28e17216702b2214fd5c826b761fa4e4fe1a7095ec93

    • SHA512

      959dbeb3200b7b94d0924a47f2a8d093e5e69272389bcbf078f3ae9f9c569a65bddf1e0bade1648929d9d7420f364b7df6bb413c7019a6ee276dadd74d8b0d9b

    • SSDEEP

      3072:rQW4shk+BiuxqpZTekVj5D30CCfDGgmSW2AVkVsgaqCyXL9veJxL:9hkKMbHL9VmQrqH92LL

    Score
    7/10
    discoverypersistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks