Overview

overview

7

Static

static

3

0489d3f6c4...18.exe

windows7-x64

7

0489d3f6c4...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0489d3f6c434904c7f17d0305160bffb_JaffaCakes118

  • Size

    769KB

  • Sample

    241001-f83x5sxbqh

  • MD5

    0489d3f6c434904c7f17d0305160bffb

  • SHA1

    08504d9fd54200c2c88fe5d6e2273d2dc9eb97ae

  • SHA256

    d65277fef74a94a9117faff99a3eb21757addbf62bd6b66c09ea95bbdbdc2a7f

  • SHA512

    16d6635d2cd275ca9ceb6a9f42fce0418efce17fe3606d1acba418f559a6aa9c6216b1988aa53793a869be4f8dbdabc4f9fd20a110658eaf33bc3039ffa8564d

  • SSDEEP

    12288:BW57+tRwhctjylFKtcltvD5irWJB4ZJkXFeq4vFzXCAXZiy2WvJwuH/g:M0tRwh6mXPsav4ZJkgq4d7Tsy2WvJ

Score
7/10
discoverypersistencespywarestealerupx

Malware Config

Targets

    • Target

      0489d3f6c434904c7f17d0305160bffb_JaffaCakes118

    • Size

      769KB

    • MD5

      0489d3f6c434904c7f17d0305160bffb

    • SHA1

      08504d9fd54200c2c88fe5d6e2273d2dc9eb97ae

    • SHA256

      d65277fef74a94a9117faff99a3eb21757addbf62bd6b66c09ea95bbdbdc2a7f

    • SHA512

      16d6635d2cd275ca9ceb6a9f42fce0418efce17fe3606d1acba418f559a6aa9c6216b1988aa53793a869be4f8dbdabc4f9fd20a110658eaf33bc3039ffa8564d

    • SSDEEP

      12288:BW57+tRwhctjylFKtcltvD5irWJB4ZJkXFeq4vFzXCAXZiy2WvJwuH/g:M0tRwh6mXPsav4ZJkgq4d7Tsy2WvJ

    Score
    7/10
    discoverypersistencespywarestealerupx

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks