Overview

overview

7

Static

static

7

d47cbb226e...18.exe

windows7-x64

7

d47cbb226e...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    d47cbb226eb4a3e0c9ffe44efa1f9c7c_JaffaCakes118

  • Size

    6.5MB

  • Sample

    240908-qx6vrsyfkq

  • MD5

    d47cbb226eb4a3e0c9ffe44efa1f9c7c

  • SHA1

    fcfb3e2b4b9462e9fb32d6a61a4ed7eb2f034b6d

  • SHA256

    6f63f1183332876cd9662102708df1100e24acec24c47b7b11eb9531ec4bed75

  • SHA512

    f9f17095a6f2fae1d9ff2bc1ea222f698985f321730181f57173ba8f5d492c81538569e3aef248a9cadced83d7fb81adc1fef619c42f476650d0d9b5646cbf46

  • SSDEEP

    196608:ovi9QKb8u023yzM9Bx4BpIfunxXiRJW3bo+BX6C:ovi9F8xTzM90I2Mq3br

Score
7/10
discoverypersistenceupxvmprotect

Malware Config

Targets

    • Target

      d47cbb226eb4a3e0c9ffe44efa1f9c7c_JaffaCakes118

    • Size

      6.5MB

    • MD5

      d47cbb226eb4a3e0c9ffe44efa1f9c7c

    • SHA1

      fcfb3e2b4b9462e9fb32d6a61a4ed7eb2f034b6d

    • SHA256

      6f63f1183332876cd9662102708df1100e24acec24c47b7b11eb9531ec4bed75

    • SHA512

      f9f17095a6f2fae1d9ff2bc1ea222f698985f321730181f57173ba8f5d492c81538569e3aef248a9cadced83d7fb81adc1fef619c42f476650d0d9b5646cbf46

    • SSDEEP

      196608:ovi9QKb8u023yzM9Bx4BpIfunxXiRJW3bo+BX6C:ovi9F8xTzM90I2Mq3br

    Score
    7/10
    discoverypersistenceupxvmprotect

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks