Overview

overview

7

Static

static

3

d13b1594bf...18.exe

windows7-x64

7

d13b1594bf...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d13b1594bf3131439960679847deafd5_JaffaCakes118

  • Size

    695KB

  • Sample

    240907-gpp3lsyaql

  • MD5

    d13b1594bf3131439960679847deafd5

  • SHA1

    ade9dfd09c222d4c44c7a1580a2e6fa8ff7f4752

  • SHA256

    fbdf8d3c34804ee8b85c721e9ab297d7a4f83a7c24c16d602820d40b6f7896e3

  • SHA512

    00541f6ff42ea82edad8da937ce58b169556fdbf3c0dce23fff8902ab0aaca8654106f9b22f3ee9af0884aeb90f249cc82650f546382c2f2e966869622832f63

  • SSDEEP

    12288:vYQzgc7nLXYQzgc7sjjkArEN249AyE/rbaMct4bO2/VMvfUwe7ctr:vfgc7nLXfgc7soFE//Tct4bOsCfk7cN

Score
7/10
discoveryupx

Malware Config

Targets

    • Target

      d13b1594bf3131439960679847deafd5_JaffaCakes118

    • Size

      695KB

    • MD5

      d13b1594bf3131439960679847deafd5

    • SHA1

      ade9dfd09c222d4c44c7a1580a2e6fa8ff7f4752

    • SHA256

      fbdf8d3c34804ee8b85c721e9ab297d7a4f83a7c24c16d602820d40b6f7896e3

    • SHA512

      00541f6ff42ea82edad8da937ce58b169556fdbf3c0dce23fff8902ab0aaca8654106f9b22f3ee9af0884aeb90f249cc82650f546382c2f2e966869622832f63

    • SSDEEP

      12288:vYQzgc7nLXYQzgc7sjjkArEN249AyE/rbaMct4bO2/VMvfUwe7ctr:vfgc7nLXfgc7soFE//Tct4bOsCfk7cN

    Score
    7/10
    discoveryupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks