Overview

overview

7

Static

static

7

2c49be6a5a...18.dll

windows7-x64

7

2c49be6a5a...18.dll

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    2c49be6a5aeddd5b86ce82d5acbd2df7_JaffaCakes118

  • Size

    860KB

  • Sample

    241009-gyz9yaxcmm

  • MD5

    2c49be6a5aeddd5b86ce82d5acbd2df7

  • SHA1

    0c1c742a8d80a6d8cfefa51cfda70bd8f4a72951

  • SHA256

    73d96b0cf7d0d0b5e6cd7c5475851eb5ba8357a9531aa0a4d29f6c003323bfd9

  • SHA512

    e4e109f57bee0176ca23a85cce8affd41f43ce3d1a0dd86a665c8a225f686341121d251c9ed784b1d2c05dea5b2ef4da9aea3861dbffc06c4968b1e2ad7b40cb

  • SSDEEP

    12288:nqhf341a3UvuF3cqxntth389DjgdeYzgUFlKvjwXhJ5b4td:nS53iuZcQnttGwzO7wRzb4n

Score
7/10
discoveryvmprotect

Malware Config

Targets

    • Target

      2c49be6a5aeddd5b86ce82d5acbd2df7_JaffaCakes118

    • Size

      860KB

    • MD5

      2c49be6a5aeddd5b86ce82d5acbd2df7

    • SHA1

      0c1c742a8d80a6d8cfefa51cfda70bd8f4a72951

    • SHA256

      73d96b0cf7d0d0b5e6cd7c5475851eb5ba8357a9531aa0a4d29f6c003323bfd9

    • SHA512

      e4e109f57bee0176ca23a85cce8affd41f43ce3d1a0dd86a665c8a225f686341121d251c9ed784b1d2c05dea5b2ef4da9aea3861dbffc06c4968b1e2ad7b40cb

    • SSDEEP

      12288:nqhf341a3UvuF3cqxntth389DjgdeYzgUFlKvjwXhJ5b4td:nS53iuZcQnttGwzO7wRzb4n

    Score
    7/10
    discoveryvmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks