Overview

overview

8

Static

static

7

271e09bdd7...18.exe

windows7-x64

8

271e09bdd7...18.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    271e09bdd7b647f0939f4cd54bdc729b_JaffaCakes118

  • Size

    46KB

  • Sample

    241008-3k4wvstakb

  • MD5

    271e09bdd7b647f0939f4cd54bdc729b

  • SHA1

    f5e301c48697713ef4ca48fa6b235ff707e2c014

  • SHA256

    b13a50604a7b7d5a2aafb3321852662c7352c75e4f795757e70ce45ab75c12f7

  • SHA512

    1ecba623a941a8361a4ddb63e7475b9e5a7ada77bca7d2cfca568eef4a5b927f5a4bb2870e5a2afdcd550bce1bfefe54bbd769149ae705c8c94532acd2b06a83

  • SSDEEP

    768:sMZ7vJNs3AS+G3niSALXUHSzIRDfODftR3lNJJKvAbD/Nu07qFB18Nl:sQLJzS1yIrOdPJAAVu2skl

Score
8/10
discoverypersistencevmprotect

Malware Config

Targets

    • Target

      271e09bdd7b647f0939f4cd54bdc729b_JaffaCakes118

    • Size

      46KB

    • MD5

      271e09bdd7b647f0939f4cd54bdc729b

    • SHA1

      f5e301c48697713ef4ca48fa6b235ff707e2c014

    • SHA256

      b13a50604a7b7d5a2aafb3321852662c7352c75e4f795757e70ce45ab75c12f7

    • SHA512

      1ecba623a941a8361a4ddb63e7475b9e5a7ada77bca7d2cfca568eef4a5b927f5a4bb2870e5a2afdcd550bce1bfefe54bbd769149ae705c8c94532acd2b06a83

    • SSDEEP

      768:sMZ7vJNs3AS+G3niSALXUHSzIRDfODftR3lNJJKvAbD/Nu07qFB18Nl:sQLJzS1yIrOdPJAAVu2skl

    Score
    8/10
    discoverypersistencevmprotect

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks