Overview

overview

7

Static

static

3

6fcf6c30ea...18.exe

windows7-x64

7

6fcf6c30ea...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6fcf6c30ea659d02f112f95a4198b737_JaffaCakes118

  • Size

    248KB

  • Sample

    241023-tqjnfayhlc

  • MD5

    6fcf6c30ea659d02f112f95a4198b737

  • SHA1

    a5bf327b488541ee3af7749f742fb377a3eb60eb

  • SHA256

    a1a21509b66e87dfb1d3cc64d8f29231cc5233fe246f913715887fd1b9e9e9fa

  • SHA512

    e74cf74a17bbdbeced9f9d02b3bce2942bc8b3a8b32a620a94fb43556767b9319a786f9f542f993c6cf7398b5c8615710bb272b72745eac0a003139bca2325fd

  • SSDEEP

    3072:jOPIb4wq6tTBfzdddHmFS+MQIvq6X4cXGkIc57tZHD6qm6YrzQpxSrL6gFIuYg68:yPIbhq6tTBxfQIBdWmHZk6Iu7gFOg6

Score
7/10
discoveryvmprotect

Malware Config

Targets

    • Target

      6fcf6c30ea659d02f112f95a4198b737_JaffaCakes118

    • Size

      248KB

    • MD5

      6fcf6c30ea659d02f112f95a4198b737

    • SHA1

      a5bf327b488541ee3af7749f742fb377a3eb60eb

    • SHA256

      a1a21509b66e87dfb1d3cc64d8f29231cc5233fe246f913715887fd1b9e9e9fa

    • SHA512

      e74cf74a17bbdbeced9f9d02b3bce2942bc8b3a8b32a620a94fb43556767b9319a786f9f542f993c6cf7398b5c8615710bb272b72745eac0a003139bca2325fd

    • SSDEEP

      3072:jOPIb4wq6tTBfzdddHmFS+MQIvq6X4cXGkIc57tZHD6qm6YrzQpxSrL6gFIuYg68:yPIbhq6tTBxfQIBdWmHZk6Iu7gFOg6

    Score
    7/10
    discoveryvmprotect

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks