Overview

overview

7

Static

static

3

1b4a34e0d7...18.exe

windows7-x64

7

1b4a34e0d7...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1b4a34e0d73123d8678b8e9dcf71e75b_JaffaCakes118

  • Size

    980KB

  • Sample

    240701-pkyg7a1fne

  • MD5

    1b4a34e0d73123d8678b8e9dcf71e75b

  • SHA1

    435e4b4ed57da91c57526f675da684fb1f4f27cf

  • SHA256

    2793769b0b5b8154971ffcdf6758ea9def6dfd75e3ebbfb1c3bf81aafeea401a

  • SHA512

    0b12049a9de7997b98c448b4bb05d2962dcfed5846856b5b6aa52b915ec4b58af46aafc481f88b62b7c961d2e44385f72334e3b6a6856b499453797594c76e00

  • SSDEEP

    12288:nj84YFQ/IeTLHQBLfgmFgvMbF4rYrPUXMWmf7O4FwlTcpreytAG9wrqCH5yCv1:nVAHr4/mzO4Fw1wAG925yk1

Score
7/10
vmprotect

Malware Config

Targets

    • Target

      1b4a34e0d73123d8678b8e9dcf71e75b_JaffaCakes118

    • Size

      980KB

    • MD5

      1b4a34e0d73123d8678b8e9dcf71e75b

    • SHA1

      435e4b4ed57da91c57526f675da684fb1f4f27cf

    • SHA256

      2793769b0b5b8154971ffcdf6758ea9def6dfd75e3ebbfb1c3bf81aafeea401a

    • SHA512

      0b12049a9de7997b98c448b4bb05d2962dcfed5846856b5b6aa52b915ec4b58af46aafc481f88b62b7c961d2e44385f72334e3b6a6856b499453797594c76e00

    • SSDEEP

      12288:nj84YFQ/IeTLHQBLfgmFgvMbF4rYrPUXMWmf7O4FwlTcpreytAG9wrqCH5yCv1:nVAHr4/mzO4Fw1wAG925yk1

    Score
    7/10
    vmprotect

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks