Overview

overview

8

Static

static

3

052ca5f7b4...18.exe

windows7-x64

8

052ca5f7b4...18.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    052ca5f7b4c0290089a34faa8cabbebe_JaffaCakes118

  • Size

    195KB

  • Sample

    241001-k1q1ts1ejj

  • MD5

    052ca5f7b4c0290089a34faa8cabbebe

  • SHA1

    669ff4abed46f24e35c0149eb293f03c444e174b

  • SHA256

    fe0cc2324a4aeb784b297c4d2db23f69e7b311231f6671d25f0ca9b49f758512

  • SHA512

    90d2fcb2ad7b902badab0080740b1faf3f3dbff57ad70fc0ae7c5ece53ed4136a1ebf5e774f7f5485f8c15e344225297292f133b88f217ac498e5c6f21df01fb

  • SSDEEP

    3072:0z+dXw6kjcHp4uTc9+Mz+T+Xo3CpjP00H+5tBwBWIuzTS5lKP7zmf3o1Wgm2m:0z+y6k2/TAadypjP0T5teBM8lKP+vwP

Score
8/10
defense_evasiondiscoverypersistenceupx

Malware Config

Targets

    • Target

      052ca5f7b4c0290089a34faa8cabbebe_JaffaCakes118

    • Size

      195KB

    • MD5

      052ca5f7b4c0290089a34faa8cabbebe

    • SHA1

      669ff4abed46f24e35c0149eb293f03c444e174b

    • SHA256

      fe0cc2324a4aeb784b297c4d2db23f69e7b311231f6671d25f0ca9b49f758512

    • SHA512

      90d2fcb2ad7b902badab0080740b1faf3f3dbff57ad70fc0ae7c5ece53ed4136a1ebf5e774f7f5485f8c15e344225297292f133b88f217ac498e5c6f21df01fb

    • SSDEEP

      3072:0z+dXw6kjcHp4uTc9+Mz+T+Xo3CpjP00H+5tBwBWIuzTS5lKP7zmf3o1Wgm2m:0z+y6k2/TAadypjP0T5teBM8lKP+vwP

    Score
    8/10
    defense_evasiondiscoverypersistenceupx

    • Drops file in Drivers directory

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

      defense_evasion

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks