Overview

overview

10

Static

static

3

edae0a8e57...18.exe

windows7-x64

10

edae0a8e57...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    edae0a8e577ee6a27519e137fd501b27_JaffaCakes118

  • Size

    256KB

  • Sample

    240920-qnjnwayclc

  • MD5

    edae0a8e577ee6a27519e137fd501b27

  • SHA1

    15e9cefec31aa6b0fcabf07d45f65fd5403d4956

  • SHA256

    775c1c28e8e4bca8fbfa6c0530230dcc27cba593e226ebe8a14f1935ac693178

  • SHA512

    efb294984d7494dff4e607793850fd0242b4eff24130c98d2281f43f17ab7d417196de6e41ab476a4191aa20aabe5202ae5b475a22efc662623b41dc8fca2c2e

  • SSDEEP

    6144:E7RPGkG+2O01WQY4MyTjGMT8N00lFKgOLpE4dFbbxGo:E7RekGLO0CyvGMT8N00GlDM

Score
10/10
discoveryevasionpersistenceupx

Malware Config

Targets

    • Target

      edae0a8e577ee6a27519e137fd501b27_JaffaCakes118

    • Size

      256KB

    • MD5

      edae0a8e577ee6a27519e137fd501b27

    • SHA1

      15e9cefec31aa6b0fcabf07d45f65fd5403d4956

    • SHA256

      775c1c28e8e4bca8fbfa6c0530230dcc27cba593e226ebe8a14f1935ac693178

    • SHA512

      efb294984d7494dff4e607793850fd0242b4eff24130c98d2281f43f17ab7d417196de6e41ab476a4191aa20aabe5202ae5b475a22efc662623b41dc8fca2c2e

    • SSDEEP

      6144:E7RPGkG+2O01WQY4MyTjGMT8N00lFKgOLpE4dFbbxGo:E7RekGLO0CyvGMT8N00GlDM

    Score
    10/10
    discoveryevasionpersistenceupx

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Enumerates processes with tasklist

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks