Overview

overview

7

Static

static

3

03943a6421...18.exe

windows7-x64

6

03943a6421...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    03943a64210171627f6440b5519591c8_JaffaCakes118

  • Size

    325KB

  • Sample

    240930-26e9ystdrb

  • MD5

    03943a64210171627f6440b5519591c8

  • SHA1

    e3479e7dcb8fcb3e2d244b04dc20def140667166

  • SHA256

    ab70addec5caf24bc8898f51227a4012dd3ac61604bae6184392f6d3b1ef6f34

  • SHA512

    9c8b6f8d91dcd71afaacc823f8982b4a2abfe7874664ef7192e5d96bfe8f86aaae2056463809551c4d9ddc10d0e7eba734db524fe37d37a6e39ab0ee1ac85237

  • SSDEEP

    6144:N5H25yd+04kMPPs7J5bFd72j/i4bFcF0A+DzMY8s43Xfx:z25yde4lRFhSbaFwZGnp

Score
7/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      03943a64210171627f6440b5519591c8_JaffaCakes118

    • Size

      325KB

    • MD5

      03943a64210171627f6440b5519591c8

    • SHA1

      e3479e7dcb8fcb3e2d244b04dc20def140667166

    • SHA256

      ab70addec5caf24bc8898f51227a4012dd3ac61604bae6184392f6d3b1ef6f34

    • SHA512

      9c8b6f8d91dcd71afaacc823f8982b4a2abfe7874664ef7192e5d96bfe8f86aaae2056463809551c4d9ddc10d0e7eba734db524fe37d37a6e39ab0ee1ac85237

    • SSDEEP

      6144:N5H25yd+04kMPPs7J5bFd72j/i4bFcF0A+DzMY8s43Xfx:z25yde4lRFhSbaFwZGnp

    Score
    7/10
    discoverypersistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Checks for any installed AV software in registry

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks