Overview

overview

7

Static

static

5

G_Client.exe

windows7-x64

5

G_Client.exe

windows10-2004-x64

5

G_Server.exe

windows7-x64

7

G_Server.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    fb604f608379ed341518be7fa66569c2_JaffaCakes118

  • Size

    694KB

  • Sample

    240928-dhyvdstdmm

  • MD5

    fb604f608379ed341518be7fa66569c2

  • SHA1

    5988b751c9b33f52dfe48dd97a00278ce282536a

  • SHA256

    45ad51fadf8153d4d26a88ec72a3a82617ad132bfb69d88b155f52bdf5af38b2

  • SHA512

    bec2eb03f4eefc02626502b39d31a76ba77b76afe7aa3638f61fc975ab072d18c681d775d83ca427cce8484498dd832635c2a1c2650d17acf83f0b766f4fb615

  • SSDEEP

    12288:stIVS560G35fGtXjVRYZ06ZbXYJxV96iaMFKwKUnIM/tPBev:L5Q5RYZ06Z7QxVYsFKwyM/tAv

Score
7/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      G_Client.exe

    • Size

      454KB

    • MD5

      81fe7a2fa311132027ef812933fe4586

    • SHA1

      ada66eafa1b4f19ec2a8c8fef654f93ec489fa55

    • SHA256

      e2af89f33c3a79e00a6cdd33820cceaba6702576255d4fff33e30d020243ea9c

    • SHA512

      b8138c6ad6b7eda48fd7d440c772b38b50629d6683307bdb38bd588dfa00f0f4f6df5dd575d34336193fc02e4159b9b2d48aaab335381f437fba2df584f4035d

    • SSDEEP

      12288:zREPSooeoOzS+Evpzc6TdVXAMiDeIfl4xhD:zQSVeD/0pzc6XALc

    Score
    5/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      G_Server.exe

    • Size

      260KB

    • MD5

      0edb1943992f9bfad9d79642f27d80a4

    • SHA1

      fddb79d316c00da342c075cc76aa1cdf7ad999b1

    • SHA256

      feb98fc67888867c3805697f9fbcc33120cc197afcebbcf77aa068628242695e

    • SHA512

      04a3b1f8c5de82cf765a9f6e1329b8dd62d4a69740036f2d9c724b0e8f5017d8eef5c512866fc69eb0318f452a9be51bcfc3a228ba336e81188cd3289ff988c6

    • SSDEEP

      6144:t9M6k7TTnKAbDrAzdZQre61669JvRtWu47Be:t9Zk73KAbQTQJk6DptWR

    Score
    7/10
    discoverypersistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks