Overview

overview

7

Static

static

3

JaffaCakes...1c.exe

windows7-x64

7

JaffaCakes...1c.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_2a27ef2d9715982118c1ca7fff34951c

  • Size

    831KB

  • Sample

    250227-c1ad3s1xb1

  • MD5

    2a27ef2d9715982118c1ca7fff34951c

  • SHA1

    282ade51e4c753c4851f93634adddad8e396b4e1

  • SHA256

    37cd5aa0a66c7f5687fe5fcac5c86e2295538b5795dcd67f19d20d3c14a951f3

  • SHA512

    77d2ca01b9d0f6f09291aed3203728bc311af63028135971354c62ede75d9b8197f5e4aaa38f3329f334b43be048704215df8c06ab1b435c63130697b8fa5d99

  • SSDEEP

    24576:0F+L86wT24LmDlEgCuEoLd/zwMkkrVKaO:E+hwT2dDlEgi+zwYYa

Score
7/10
discoverypersistencespywarestealerupx

Malware Config

Targets

    • Target

      JaffaCakes118_2a27ef2d9715982118c1ca7fff34951c

    • Size

      831KB

    • MD5

      2a27ef2d9715982118c1ca7fff34951c

    • SHA1

      282ade51e4c753c4851f93634adddad8e396b4e1

    • SHA256

      37cd5aa0a66c7f5687fe5fcac5c86e2295538b5795dcd67f19d20d3c14a951f3

    • SHA512

      77d2ca01b9d0f6f09291aed3203728bc311af63028135971354c62ede75d9b8197f5e4aaa38f3329f334b43be048704215df8c06ab1b435c63130697b8fa5d99

    • SSDEEP

      24576:0F+L86wT24LmDlEgCuEoLd/zwMkkrVKaO:E+hwT2dDlEgi+zwYYa

    Score
    7/10
    discoverypersistencespywarestealerupx

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks