Overview

overview

10

Static

static

3

87d9ef97da...18.exe

windows7-x64

10

87d9ef97da...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    87d9ef97da1e685c852a13caa06d07fb_JaffaCakes118

  • Size

    95KB

  • Sample

    241102-1a1qcavrc1

  • MD5

    87d9ef97da1e685c852a13caa06d07fb

  • SHA1

    96721e8bc666588b9f2b1adc01f13d566157a989

  • SHA256

    a6ef6f6c2903431580bdd87e3aa3ee4fdd1f33b3a533a72ff735185e3d32ad9c

  • SHA512

    ab10ed5236fa6ded2d1d595c8fbca9a552aa05bb289ecd0d87149a7f852bff438d5fe8a6007230e6b4002c5e1839c91e44f9406e60fa7337eecf9dc1cc7212ad

  • SSDEEP

    1536:fN8k3qSADi1D5z8HqyA8vk0mRW2abvrRt5Cmxvxi2XB8fgHR29Z15zFvUprX:d1ADKD5ADMrRALk6xiVfgxWZPzFST

Score
10/10
vobfusdiscoverypersistenceupxworm

Malware Config

Targets

    • Target

      87d9ef97da1e685c852a13caa06d07fb_JaffaCakes118

    • Size

      95KB

    • MD5

      87d9ef97da1e685c852a13caa06d07fb

    • SHA1

      96721e8bc666588b9f2b1adc01f13d566157a989

    • SHA256

      a6ef6f6c2903431580bdd87e3aa3ee4fdd1f33b3a533a72ff735185e3d32ad9c

    • SHA512

      ab10ed5236fa6ded2d1d595c8fbca9a552aa05bb289ecd0d87149a7f852bff438d5fe8a6007230e6b4002c5e1839c91e44f9406e60fa7337eecf9dc1cc7212ad

    • SSDEEP

      1536:fN8k3qSADi1D5z8HqyA8vk0mRW2abvrRt5Cmxvxi2XB8fgHR29Z15zFvUprX:d1ADKD5ADMrRALk6xiVfgxWZPzFST

    Score
    10/10
    vobfusdiscoverypersistenceupxworm

    • Vobfus

      A widespread worm which spreads via network drives and removable media.

      wormvobfus

    • Vobfus family

      vobfus

    • Adds policy Run key to start application

      persistence

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks