Resubmissions

08/07/2025, 08:09

250708-j16kvavwcx 10

04/07/2025, 04:30

250704-e483xsap8v 10

13/05/2024, 10:29

240513-mjfjwabd28 10

General

  • Target

    3f0a46b1febcd33e25da42f6b491a273_JaffaCakes118

  • Size

    285KB

  • Sample

    250708-j16kvavwcx

  • MD5

    3f0a46b1febcd33e25da42f6b491a273

  • SHA1

    2b98f85d3b6514856dfe55401c68e200a7e21bd3

  • SHA256

    033570bf95d42dad2652ed0662a2369d954d4580d1b872ea44041697d0edc237

  • SHA512

    2545524a7c9052cb1df1d561cc9b9c6b1decbc3c0ca708f3836739657d4f0f8f59a7301499827ec000b1902516d17947d3c9819557b08c356ef665689639e5e9

  • SSDEEP

    6144:pnt7lIlDAroRJ+RJsKfnwpaxJ9nKcVhvr7DFLPLegEF4x3ddRUYC:pnVyDsnRhKcVhvr7RLPLeF4x3dPtC

Malware Config

Targets

    • Target

      323CANON.EXE_WORM_VOBFUS.SM01

    • Size

      300KB

    • MD5

      70f0b7bd55b91de26f9ed6f1ef86b456

    • SHA1

      d774cdaa9082ac15feb9514e7364d76092a6807a

    • SHA256

      fe32599d6f2d1a874b65928cfd01a87f9d0a83d2b1e30b8f1148c8ad8aefd985

    • SHA512

      3928885f382a5f833eb2c2b4641b8227138dce4cb161cae3049e837ba13384119ec8aaf70c6e85c99583c07db18bbaab77e19bdc3485f9e23adb3be3d0ab7912

    • SSDEEP

      3072:XMIQ/iifD4gfGWKdbKsQOO1HobSp0xl6EPpc4VpJzNDdlcjBPZz:XBciib4gfGWcmsQobG0xlfPpndiVPB

    • Modifies visiblity of hidden/system files in Explorer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Target

      WORM_VOBFUS.SMA3

    • Size

      212KB

    • MD5

      7b19b2b8aed0285eb2b2c5cb81313569

    • SHA1

      e0a536ed1b6c6f202412079e1213305543b533a3

    • SHA256

      e54bbabcaed8ace734f53234a44ad1e697e9cd2252255b59906fc5e3322c1be6

    • SHA512

      31f79937bb4aba8aecd95daf310c9dd22f06f4f842f4bae64502e27e44aa3ef26f25d8d72adae36f25aa4db6f7b229926dc8bda4d09613f7d1f6968a15cc2eb0

    • SSDEEP

      3072:/lh+mENvtRR3FmHmpF+CklMnQIKAWNBlm/XBq6ciFCdaNdVOvs:9h+NNFRRCmpF+CklMYuFciFC+Ok

    • Modifies visiblity of hidden/system files in Explorer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Target

      WORM_VOBFUS.SMIS

    • Size

      188KB

    • MD5

      634aa845f5b0b519b6d8a8670b994906

    • SHA1

      82ad537a7acb18702a02b6dd2c6d12eaac0b3656

    • SHA256

      7f7e5751277a0169ec2eb4492b0489ca850808f64b52e708f716f46ac160e54b

    • SHA512

      63a72331fed9c53d593d2b572fc35efe24eb9d5d292cbe891765926de60987fefa0ddc95aa9037384e45f52015ef075c4ce9aaf9bd297e4e437f606104257cbf

    • SSDEEP

      3072:dzimFU1cIsisNUbaxF6qJDe94aqosAm+w90Z69:tisYGDe94aqosAm+w90C

    • Modifies visiblity of hidden/system files in Explorer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Target

      WORM_VOBFUS.SMM2

    • Size

      92KB

    • MD5

      4e15d812491ff0454f1e9393675b1c60

    • SHA1

      ec9291957872191902fb525641040b42e057acd8

    • SHA256

      e4d0b740421cfba7e7e4a30a2a69d59486e7347979af94145fb8f335960c33d5

    • SHA512

      9554e4e882a176b7b38b55dc2a80400354aae90a12e7e0c3a4f481e68032423f65f28c439621dc27fdf4c99e8ad10aaed949f140398970480c26aa574b7a5982

    • SSDEEP

      768:29QXHugT0lvlq/P1vwwrnkjBt1TJk8vK8GSdrD9wGy241ZUb/CxhYLJP30UOEGaK:i0PuBpmUbaxeLd4IfmkBwC8BD+KBq2x

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v16

Tasks