Overview

overview

7

Static

static

7

111/hook.dll

windows7-x64

7

111/hook.dll

windows10-2004-x64

7

111/巴巴登陆.exe

windows7-x64

7

111/巴巴登陆.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6eea8e41408a06c171f595b2716c19dc_JaffaCakes118

  • Size

    445KB

  • Sample

    241023-pm1qbs1hpr

  • MD5

    6eea8e41408a06c171f595b2716c19dc

  • SHA1

    aa748eb43a763d203bd65d1eb16f6ed6c47a3fe3

  • SHA256

    77bb61d98b15832085f1743a0ebcb899fb331be55fa22a3a7860fe9187e1b944

  • SHA512

    31297f4b4b17cd106c0752b6f9cd4ddf84f1842b53863fef951eb11033afb371669968b961315d6ace8ef59e69cfc6ec691d8cd301b24444bc3c80a01385eadc

  • SSDEEP

    6144:tI01kcsx/aC0bT/rmTA3MKLFCDa7XMPR8+Gw+2TmujsbL4KHwKR5cBX:NzsxSlbWT2FD3Dx2masb8KQKR5mX

Score
7/10
discoveryvmprotect

Malware Config

Targets

    • Target

      111/hook.dll

    • Size

      356KB

    • MD5

      0d90788d07c5e6ebebde93ab7bf13f3d

    • SHA1

      c1dfa0b4a638943cfa164e39f2640e17a7ddab98

    • SHA256

      38ca190541cff33eadbeeeaf6ea62aee4c59459e6e17b5dc3d7cbb82e1d8c7b2

    • SHA512

      6ee9dc9162c6ced643b41c16ced859e3156cced53be4a1b7b4d515d8ab424684af448f4b3ad482e21c47ed1bbec8b0256bf6cb887e7e27758d994fe6d5db2377

    • SSDEEP

      6144:/TyxQkxw6trjxwCh/NccR0UoFj5/cSp972aufHVicWDA40ejJpd++8Kos936Vvfb:/TmljxwClQFCOLuQALgJp8H+ofb

    Score
    7/10
    discoveryvmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      111/巴巴登陆.exe

    • Size

      108KB

    • MD5

      4d2c6fe14d286c3b78ea97538119eae8

    • SHA1

      7238fedf946fa9dbe066edcef331395b9e743faa

    • SHA256

      87ca2994478dfbffc3c29bfcac885ab067702dd1691af9628991c8154f9ea125

    • SHA512

      6c86b014e402141f373bc432088549a83018fda750eae516ceaf4fbf2edc59dbfbe3559ce275a2b28f33c1585e520abb269d0126627e271bb302c23d7acde3d9

    • SSDEEP

      1536:HM2RDhRnuu+K+7OckMyj3yrK0cjcJ4CjvODMXW9xU4sGo0/c3pMv6SxbIPdD:JXKcckMy7ye0cjO4+vjVooGc3p86SiV

    Score
    7/10
    discoveryvmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks