Overview

overview

7

Static

static

3

5E3DBD457F...46.exe

windows7-x64

7

5E3DBD457F...46.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    2bd80261efe73887c84bf88b19d4c2ab_JaffaCakes118

  • Size

    735KB

  • Sample

    241009-gcclrayamb

  • MD5

    2bd80261efe73887c84bf88b19d4c2ab

  • SHA1

    59bb0582d50144c6647d38ce1ec108e29ebfb1c7

  • SHA256

    a184eaf2681eb27dbbd0cc1dbdc0cd88eed3acf110a2a2922ce9074e5df1b317

  • SHA512

    a4492f0b3a1689fe29ca0eec4c9eb0ac58decbf021e89e4c3269b8abb9050ee2357f7da1d7ac1be1288c4747cf29fcbaa301fb8b76604f34ad004c2643e08903

  • SSDEEP

    12288:HXKMiHs7KZDp+pgJ3RqAp/t5mfkbftwGdHEgkeCuRCH/ye/euWmXU+:HXK/HTpbvp/7m2yuhCuG/rNWmE+

Score
7/10
discoverypersistencespywarestealerupx

Malware Config

Targets

    • Target

      5E3DBD457FF262F3AE1CA910CC54DD46.exe

    • Size

      747KB

    • MD5

      5e3dbd457ff262f3ae1ca910cc54dd46

    • SHA1

      a9c433e9bc847e4cb94fd7264faa6223d4fd73d7

    • SHA256

      6c0b53eb04d19bb17fb60420b44813fc216a9792037b1eb67c431c579fe2ece8

    • SHA512

      e9f9c0853028b91104e32b7e252629d9de0bc7a3a70de724ceaeab9ec4c79a383d187c93bc28abf9b4067453f11748353f67f1966475db164dc1b37c380fa58f

    • SSDEEP

      12288:d02NE078i9pjpgJ3RqAz/g5mf1ufgwGeH9tkkAugCH6ye/hnW2XF:d3EkpAvz/mmkhhfAut6rxW2V

    Score
    7/10
    discoverypersistencespywarestealerupx

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks