Overview

overview

10

Static

static

10

fc236b06b1...18.exe

windows7-x64

9

fc236b06b1...18.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fc236b06b1e086a4aa4d809a95cc90db_JaffaCakes118

  • Size

    860KB

  • Sample

    240928-mwqkls1gpn

  • MD5

    fc236b06b1e086a4aa4d809a95cc90db

  • SHA1

    5ca354e16c9442c096236d9a071764af90590083

  • SHA256

    c6859189c1a543044eead81c3165b647650c8d8b59daaf59c68c3a54238f0e9b

  • SHA512

    0cbf49d85f4549d69dd21e059fff25ce0e9bc94a22d53de8ab2385b22fa14a8b1f09ea8b7346329e23d13c34540eaa4310f1b166191c44875919b8d15d78fa30

  • SSDEEP

    24576:r2FinwXSPtxxo/nwBMieNDmh9MGmzjZnjJIexOL1TNkdBAnZyauvw:iFBSPtOn2Zfh9MGmzjZnjJIexOLLkUEU

Score
10/10
fabookiediscoverypersistenceupx

Malware Config

Targets

    • Target

      fc236b06b1e086a4aa4d809a95cc90db_JaffaCakes118

    • Size

      860KB

    • MD5

      fc236b06b1e086a4aa4d809a95cc90db

    • SHA1

      5ca354e16c9442c096236d9a071764af90590083

    • SHA256

      c6859189c1a543044eead81c3165b647650c8d8b59daaf59c68c3a54238f0e9b

    • SHA512

      0cbf49d85f4549d69dd21e059fff25ce0e9bc94a22d53de8ab2385b22fa14a8b1f09ea8b7346329e23d13c34540eaa4310f1b166191c44875919b8d15d78fa30

    • SSDEEP

      24576:r2FinwXSPtxxo/nwBMieNDmh9MGmzjZnjJIexOL1TNkdBAnZyauvw:iFBSPtOn2Zfh9MGmzjZnjJIexOLLkUEU

    Score
    9/10
    discoverypersistenceupx

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks