Overview

overview

10

Static

static

3

5fecb710dd...18.exe

windows7-x64

3

5fecb710dd...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5fecb710ddc8f6c144a2c6e56cb763a9_JaffaCakes118

  • Size

    152KB

  • Sample

    241020-cyw53atele

  • MD5

    5fecb710ddc8f6c144a2c6e56cb763a9

  • SHA1

    8dcf4c9e9b67f3b25dac847c18dc01c96578e99c

  • SHA256

    1b9381edd94145370329e0a82d48608eccf4202c65666a733b916caa603ed56c

  • SHA512

    273a7f5403754b2aebb06145110a0821efd2b8f78792b1430583fd7773bfbbbc6103e5fb5f29239acf213eb5506e3003d8dd151c7c101477405be537cf19c219

  • SSDEEP

    1536:LaHq107vAVltkQo3T2k9/btav2v4rEq1/0SdJxq5gbnvluQDPwnEy3OcoeFFuTnU:Lejtav24r58SdJxbkn/jMTnU

Score
10/10
vobfusdiscoverypersistenceupxworm

Malware Config

Targets

    • Target

      5fecb710ddc8f6c144a2c6e56cb763a9_JaffaCakes118

    • Size

      152KB

    • MD5

      5fecb710ddc8f6c144a2c6e56cb763a9

    • SHA1

      8dcf4c9e9b67f3b25dac847c18dc01c96578e99c

    • SHA256

      1b9381edd94145370329e0a82d48608eccf4202c65666a733b916caa603ed56c

    • SHA512

      273a7f5403754b2aebb06145110a0821efd2b8f78792b1430583fd7773bfbbbc6103e5fb5f29239acf213eb5506e3003d8dd151c7c101477405be537cf19c219

    • SSDEEP

      1536:LaHq107vAVltkQo3T2k9/btav2v4rEq1/0SdJxq5gbnvluQDPwnEy3OcoeFFuTnU:Lejtav24r58SdJxbkn/jMTnU

    Score
    10/10
    discoveryvobfuspersistenceupxworm

    • Vobfus

      A widespread worm which spreads via network drives and removable media.

      wormvobfus

    • Adds policy Run key to start application

      persistence

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks