Overview

overview

10

Static

static

7

d46d6fe5f1...18.exe

windows7-x64

7

d46d6fe5f1...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    d46d6fe5f1618c8de8308aba31ea7812_JaffaCakes118

  • Size

    249KB

  • Sample

    240908-qbr5gsxelk

  • MD5

    d46d6fe5f1618c8de8308aba31ea7812

  • SHA1

    a2188dc24a1f0fbcc130a9babdf9d53abbec5ca5

  • SHA256

    993bb6157d9199e8d6786f9359100738653c8e0c93bcdd69de8d4cf349f184e7

  • SHA512

    e824ba9e827654b57357874ce3cf6be47f6d38c8c5c95a30c30c453a4de35fd63a83403efdabd5b201ecfb4c138f6a3236e938ac2337b75e7a30c9fafa112145

  • SSDEEP

    6144:fBacNNrsKHKkyo7cHPIZ6vfWnKIhParq/yuXy9KT6Sczz:AcNNYwKx0cnEBBaWyIQKGScv

Score
10/10
discoveryevasionpersistencetrojanupx

Malware Config

Targets

    • Target

      d46d6fe5f1618c8de8308aba31ea7812_JaffaCakes118

    • Size

      249KB

    • MD5

      d46d6fe5f1618c8de8308aba31ea7812

    • SHA1

      a2188dc24a1f0fbcc130a9babdf9d53abbec5ca5

    • SHA256

      993bb6157d9199e8d6786f9359100738653c8e0c93bcdd69de8d4cf349f184e7

    • SHA512

      e824ba9e827654b57357874ce3cf6be47f6d38c8c5c95a30c30c453a4de35fd63a83403efdabd5b201ecfb4c138f6a3236e938ac2337b75e7a30c9fafa112145

    • SSDEEP

      6144:fBacNNrsKHKkyo7cHPIZ6vfWnKIhParq/yuXy9KT6Sczz:AcNNYwKx0cnEBBaWyIQKGScv

    Score
    10/10
    discoveryupxevasionpersistencetrojan

    • UAC bypass

      evasiontrojan

    • Adds policy Run key to start application

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks