Overview

overview

8

Static

static

7

d9b43bca64...18.exe

windows7-x64

8

d9b43bca64...18.exe

windows10-2004-x64

7

$TEMP/cf_Tsla0.dll

windows7-x64

7

$TEMP/cf_Tsla0.dll

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d9b43bca64b17fa8f80dc119e47d52c4_JaffaCakes118

  • Size

    104KB

  • Sample

    240911-f7wgnsvdjk

  • MD5

    d9b43bca64b17fa8f80dc119e47d52c4

  • SHA1

    c7f3cb301704685a77fd33dcc4d55307af052cc5

  • SHA256

    a44b679f42f0ffec4016d06b04b4917d01325fb7e992404e3965b2888dc89559

  • SHA512

    80427d60d3f90bce2adb0194ea42f5f1b35441191637923e540cb4e5bb1cec49d0c6f2df3f7012415842d4d38f7d11d518eeac51a1b20c26b7441fba6d777bf1

  • SSDEEP

    3072:IgXdZt9P6D3XJbCS9KI/eas9qP1QBIboV4Da2:Ie344q5RsYPIv4Db

Score
8/10
discoveryupx

Malware Config

Targets

    • Target

      d9b43bca64b17fa8f80dc119e47d52c4_JaffaCakes118

    • Size

      104KB

    • MD5

      d9b43bca64b17fa8f80dc119e47d52c4

    • SHA1

      c7f3cb301704685a77fd33dcc4d55307af052cc5

    • SHA256

      a44b679f42f0ffec4016d06b04b4917d01325fb7e992404e3965b2888dc89559

    • SHA512

      80427d60d3f90bce2adb0194ea42f5f1b35441191637923e540cb4e5bb1cec49d0c6f2df3f7012415842d4d38f7d11d518eeac51a1b20c26b7441fba6d777bf1

    • SSDEEP

      3072:IgXdZt9P6D3XJbCS9KI/eas9qP1QBIboV4Da2:Ie344q5RsYPIv4Db

    Score
    8/10
    discoveryupx

    • Blocklisted process makes network request

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      $TEMP/cf_Tsla0.dll

    • Size

      72KB

    • MD5

      138625b670b611b4bc9bbbd129358d13

    • SHA1

      a5a4be78b66a01ae5b58348ae30b4d89942bc716

    • SHA256

      2e3c52f35a12f8ad879426d2c95df39f2490a53587835252a055b20d1929c215

    • SHA512

      a31cac1252d1951b1205747ff07f18a744eac893b8cf77234e34df0de3bac84ea0dd8bfc3f4a9a7f99f9832f54e423f2e755c6e989db78cb73ddcb3dbf26e112

    • SSDEEP

      1536:pmL16cF6cVL5a8pbtU5ACB9RdDg9CQCNmhQRDXY2Y5yDtQFL+oFL:pmL4cocVL5XZYCdUQQRDXYvyDtQFLxFL

    Score
    7/10
    discoveryupx

    • Deletes itself

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks