Overview

overview

7

Static

static

3

f67fcbc55e...18.exe

windows7-x64

7

f67fcbc55e...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f67fcbc55e6ff59bd37bc72cc5de178b_JaffaCakes118

  • Size

    311KB

  • Sample

    240925-vyw46s1apc

  • MD5

    f67fcbc55e6ff59bd37bc72cc5de178b

  • SHA1

    00bdb5a6f30c17404482f43e7fe72bcde0a2dfc2

  • SHA256

    7a93b3d18a91b70cbf5f63e2b93686dc90f2c1c241ec92f128c6e40bd1e2ba3e

  • SHA512

    22b059cb6d6dd6765d1e03d37a541d4ffcc6089687f54377cd21f2c7e34a89e6195115fbc90fd284412f462c8d885a653fc458f43be745faef9f4dfde81a895a

  • SSDEEP

    6144:xFLaRhPNsDQl/IZZ00wJJQPXvNXvQVG25PlaACWaX9lJBHg62EHi:xNUhPlA0UPfNXKGWPEfNlJBHgQ

Score
7/10
agilenetdiscoveryupx

Malware Config

Targets

    • Target

      f67fcbc55e6ff59bd37bc72cc5de178b_JaffaCakes118

    • Size

      311KB

    • MD5

      f67fcbc55e6ff59bd37bc72cc5de178b

    • SHA1

      00bdb5a6f30c17404482f43e7fe72bcde0a2dfc2

    • SHA256

      7a93b3d18a91b70cbf5f63e2b93686dc90f2c1c241ec92f128c6e40bd1e2ba3e

    • SHA512

      22b059cb6d6dd6765d1e03d37a541d4ffcc6089687f54377cd21f2c7e34a89e6195115fbc90fd284412f462c8d885a653fc458f43be745faef9f4dfde81a895a

    • SSDEEP

      6144:xFLaRhPNsDQl/IZZ00wJJQPXvNXvQVG25PlaACWaX9lJBHg62EHi:xNUhPlA0UPfNXKGWPEfNlJBHgQ

    Score
    7/10
    agilenetdiscoveryupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks