Overview

overview

8

Static

static

3

cfac9f384e...18.exe

windows7-x64

8

cfac9f384e...18.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cfac9f384e4e7fb5024052eff2c122d9_JaffaCakes118

  • Size

    1.4MB

  • Sample

    240906-q4wy5szaqp

  • MD5

    cfac9f384e4e7fb5024052eff2c122d9

  • SHA1

    5604fcac23c0957fab4f2113b61823e5a987af34

  • SHA256

    cccd87cc1c872ef4b0aec186ea1fdc7f1bfe9b898626f836d4996e15f27aeb20

  • SHA512

    8d61d66ac4dd68406102e682c5b0ac9dd309beedcfabd50e5bb78d33bb5d89e52a44958d8ddfa9ed27d6b7a9cb680e6e829f6514a3bd535bb96969dbdfae4c69

  • SSDEEP

    24576:8SLuwVOQWO5eQhS4zqNxPE7xgvvAUrQLndwtHTiSrgRCAH2l2UND3BJa8Fr:HwQWO5eQo4zqN+xQFQdGb0YAH2g2Dvrr

Score
8/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      cfac9f384e4e7fb5024052eff2c122d9_JaffaCakes118

    • Size

      1.4MB

    • MD5

      cfac9f384e4e7fb5024052eff2c122d9

    • SHA1

      5604fcac23c0957fab4f2113b61823e5a987af34

    • SHA256

      cccd87cc1c872ef4b0aec186ea1fdc7f1bfe9b898626f836d4996e15f27aeb20

    • SHA512

      8d61d66ac4dd68406102e682c5b0ac9dd309beedcfabd50e5bb78d33bb5d89e52a44958d8ddfa9ed27d6b7a9cb680e6e829f6514a3bd535bb96969dbdfae4c69

    • SSDEEP

      24576:8SLuwVOQWO5eQhS4zqNxPE7xgvvAUrQLndwtHTiSrgRCAH2l2UND3BJa8Fr:HwQWO5eQo4zqN+xQFQdGb0YAH2g2Dvrr

    Score
    8/10
    discoverypersistenceupx

    • Sets service image path in registry

      persistence

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks