Overview

overview

10

Static

static

3

Picture24....ok.exe

windows7-x64

10

Picture24....ok.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec8033bcbffb8b205f2e18f20ecd8dbd_JaffaCakes118

  • Size

    147KB

  • Sample

    240920-az1hrszcja

  • MD5

    ec8033bcbffb8b205f2e18f20ecd8dbd

  • SHA1

    eeb6fd2ee6d2743530ccf2dcfb9dee367501d3f0

  • SHA256

    bf7081708a488f86fa769a6c5e35188ad2ceb35420b24d7c16917e44ddbe9f21

  • SHA512

    991d102c596a4fe22791d477dc0c15bfe5e220b04749b4b38962b35ac164ce1047526e7927a8aea0501ab770529776ff11abe75e6b6285611f2f5cd74b3d0ae7

  • SSDEEP

    3072:xaHIVfYOkdcuTN6MJIFnSUmCxmVd9NZUXln3XP1zuAKo3sX:xayfXu4MqFS/CxKn03f1zpKXX

Score
10/10
discoveryevasionpersistenceprivilege_escalationupx

Malware Config

Targets

    • Target

      Picture24.JPG_www.facebook.com

    • Size

      194KB

    • MD5

      330eaa09892ee328a37fe1fabfdc4fa8

    • SHA1

      ae4243cad9e9c08fbc7e430e7b65da89a33654e7

    • SHA256

      938ac32455f8c307bcfe8329caa715eb94266bb59e8542a97be61cc60caf047f

    • SHA512

      9f4a5d27cd8f3f293bd20244e695c982c8ccf3b128dd8b6d37c84b8bd1c3a81647b4ed2f1be736995d0f2836748ce797692946458af182eb967ad38b84a440b5

    • SSDEEP

      3072:7bunSf0hRUTRdohGw3++rBGaZKBc4gZ6W/F1lryN997rE/IRbEq1uWu0:7MSQUTRyFLKBcUI1Fyv97lb/v

    Score
    10/10
    discoveryevasionpersistenceprivilege_escalationupx

    • Modifies firewall policy service

      evasion

    • Modifies Windows Firewall

      evasion

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks