Overview

overview

8

Static

static

7

dae50e5fbc...18.exe

windows7-x64

8

dae50e5fbc...18.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dae50e5fbc1ae8c7b63206cb93e806db_JaffaCakes118

  • Size

    306KB

  • Sample

    240911-wb5y8stdrj

  • MD5

    dae50e5fbc1ae8c7b63206cb93e806db

  • SHA1

    6e2b55729c61162d59b07fbfbae4dc033602ca16

  • SHA256

    72b091a8ffdfa89ac41d356dfcf0ba92829cb9fa5f6b881b58088fb8fb780fcc

  • SHA512

    06a62a3ca86591feef3b2d2edaad249624faca9915f7202abb101064e05dc758c5de7335a60b05ae2936b3ec071bb41188cf78a385cce6823c693ad38b6c3624

  • SSDEEP

    6144:Y96K/MQ6eN1F8dUQWtz5fQC8Erww434oj6ydQNZp:4UQ6exslK0AZ43L6ydQNZp

Score
8/10
aspackv2discoverypersistence

Malware Config

Targets

    • Target

      dae50e5fbc1ae8c7b63206cb93e806db_JaffaCakes118

    • Size

      306KB

    • MD5

      dae50e5fbc1ae8c7b63206cb93e806db

    • SHA1

      6e2b55729c61162d59b07fbfbae4dc033602ca16

    • SHA256

      72b091a8ffdfa89ac41d356dfcf0ba92829cb9fa5f6b881b58088fb8fb780fcc

    • SHA512

      06a62a3ca86591feef3b2d2edaad249624faca9915f7202abb101064e05dc758c5de7335a60b05ae2936b3ec071bb41188cf78a385cce6823c693ad38b6c3624

    • SSDEEP

      6144:Y96K/MQ6eN1F8dUQWtz5fQC8Erww434oj6ydQNZp:4UQ6exslK0AZ43L6ydQNZp

    Score
    8/10
    aspackv2discoverypersistence

    • Downloads MZ/PE file

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks