Overview

overview

7

Static

static

3

û�...��.exe

windows7-x64

7

û�...��.exe

windows10-2004-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6f6ab557564eec56e7bdacd2bf642224_JaffaCakes118

  • Size

    1.7MB

  • Sample

    241023-rx1t7axbnn

  • MD5

    6f6ab557564eec56e7bdacd2bf642224

  • SHA1

    735eb353d47bd0947747f716f21bc5a3d1ba9bb7

  • SHA256

    021a638a698ebbe044071330510d98ec312e7befb8bbdd4dfc41ed7b327a3413

  • SHA512

    1b64761644ff804c7fe1a2e27d01880c7d32eb47cc889d32356a0259cebb48c8a9721f0decdee9a7b575ca474902ac5870dfc8b60107a44f6bdd66cbaaf14bc0

  • SSDEEP

    24576:on8vZDUl5q3P97iT/mYMndLET+zF9CcDaPGeyPbq9hq46kGJKf4i1y1LblLGase:msZUlAf9G+Y6ayo+Khq1kGUwUy1P8g

Score
7/10
discoveryupxvmprotect

Malware Config

Targets

    • Target

      ûһ޹棬.exe

    • Size

      1.8MB

    • MD5

      aeb13ee07eba8787cdaf7dc713bdf54b

    • SHA1

      1182c270784b40e439915869b1f29b50c30ef9da

    • SHA256

      98c5c06613c9a539085f5c3ea57a7170bc96e4cf258ce719c437c25be084b375

    • SHA512

      e750d2022f1594ddb0d84e42952d54b0e0692ad546a443384f6667a343244658fa68f50ea0cf665578b10a542a37999a3518d379005dfb6a8a39897e267ac23f

    • SSDEEP

      49152:vmQom7xGI9dAIBad/H25HA8t3zI5tSuJ9fiT5zNiWpQEZ3F:vm6xlAd/qAQzILSe9fkd9F

    Score
    7/10
    discoveryupxvmprotect

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks