Overview

overview

7

Static

static

3

efbcb62c2f...18.exe

windows7-x64

7

efbcb62c2f...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    efbcb62c2f180599cbe7d4925e30324b_JaffaCakes118

  • Size

    369KB

  • Sample

    240921-n3c4ja1blh

  • MD5

    efbcb62c2f180599cbe7d4925e30324b

  • SHA1

    a41da44737478a6b2180639dbf931754a04d5ee8

  • SHA256

    5eb32845ec057e47ed62d0ac3f86cfa7a11f94caa95038e6f07929c35e0c555b

  • SHA512

    1797f314186f51ccc246728e99260f581fe370593b0390a79068b6bd811da9231cd1583230bb460e4d1b84fa32fb779887cebc9a884128c21b44d8d0a0a3cb61

  • SSDEEP

    6144:UQqOAE4QqtfosaF2pC3gRrxFNQ1EwU4hQ1lxKuPIYt1Iy8tZSIOZrc5ovh2/juMl:7AEwoHF8/rxTR9vx1gYo5t7OZrWfhz

Score
7/10
discoveryvmprotect

Malware Config

Targets

    • Target

      efbcb62c2f180599cbe7d4925e30324b_JaffaCakes118

    • Size

      369KB

    • MD5

      efbcb62c2f180599cbe7d4925e30324b

    • SHA1

      a41da44737478a6b2180639dbf931754a04d5ee8

    • SHA256

      5eb32845ec057e47ed62d0ac3f86cfa7a11f94caa95038e6f07929c35e0c555b

    • SHA512

      1797f314186f51ccc246728e99260f581fe370593b0390a79068b6bd811da9231cd1583230bb460e4d1b84fa32fb779887cebc9a884128c21b44d8d0a0a3cb61

    • SSDEEP

      6144:UQqOAE4QqtfosaF2pC3gRrxFNQ1EwU4hQ1lxKuPIYt1Iy8tZSIOZrc5ovh2/juMl:7AEwoHF8/rxTR9vx1gYo5t7OZrWfhz

    Score
    7/10
    discoveryvmprotect

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks