Overview

overview

7

Static

static

3

ea3bc6e342...18.exe

windows7-x64

7

ea3bc6e342...18.exe

windows10-2004-x64

7

tmp/uninstall.exe

windows7-x64

7

tmp/uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

tmp/zmp3s.exe

windows7-x64

3

tmp/zmp3s.exe

windows10-2004-x64

3

zmp3.dll

windows7-x64

1

zmp3.dll

windows10-2004-x64

1

zmp3.exe

windows7-x64

3

zmp3.exe

windows10-2004-x64

3

zmp3s.exe

windows7-x64

3

zmp3s.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ea3bc6e3420211ccdfa739692880eab4_JaffaCakes118

  • Size

    367KB

  • Sample

    240409-r586jadb7t

  • MD5

    ea3bc6e3420211ccdfa739692880eab4

  • SHA1

    a268f2d4d35a7dc70958034f67a37a6ce5ad1b10

  • SHA256

    14276a4f40426ca69d0076e18875a04dc221db987cafa1aab73301c9a0b2a31b

  • SHA512

    66f07bb9420c9f055595847fb6ecacac15b28ed3400fe27ae6d35ee65ef629450122ce454dea5752447e58b598b945730d4f99f5f23728abd5046d116e7dc939

  • SSDEEP

    6144:7DI8zTCwMpJZYR93dkLJ+CZ+FYAlLmJUDVXWRv5zYLJoDnWCkU7U/vEoR:dsp4m8F99WTzCJoD9dUx

Score
7/10
discoverypersistence

Malware Config

Targets

    • Target

      ea3bc6e3420211ccdfa739692880eab4_JaffaCakes118

    • Size

      367KB

    • MD5

      ea3bc6e3420211ccdfa739692880eab4

    • SHA1

      a268f2d4d35a7dc70958034f67a37a6ce5ad1b10

    • SHA256

      14276a4f40426ca69d0076e18875a04dc221db987cafa1aab73301c9a0b2a31b

    • SHA512

      66f07bb9420c9f055595847fb6ecacac15b28ed3400fe27ae6d35ee65ef629450122ce454dea5752447e58b598b945730d4f99f5f23728abd5046d116e7dc939

    • SSDEEP

      6144:7DI8zTCwMpJZYR93dkLJ+CZ+FYAlLmJUDVXWRv5zYLJoDnWCkU7U/vEoR:dsp4m8F99WTzCJoD9dUx

    Score
    7/10
    discoverypersistence

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

    • Target

      tmp/uninstall.exe

    • Size

      54KB

    • MD5

      e61a6f0afef69321195f0910c3a6585e

    • SHA1

      568aea66fd7a4578182d34e2c20fbdfe853323d9

    • SHA256

      ae356269d7c548d07c8f3664fb6a21a10f10c8895dd019068dd0f63e7650939a

    • SHA512

      06a4b2df997e488d232125c07667437c2579de1ce1349a660f1bc31a66de255e2d96c5080f249473a0c79e5aa780764d80f198fbb4edc2b530147bea1d4e8fea

    • SSDEEP

      1536:PjLaMv3xnCwNz0DxkJiqAELVigJaE8wOT:7eYBCwqDxkJlAI0oY

    Score
    7/10

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral3behavioral4

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      12KB

    • MD5

      08c82a46416a5e2b471d457968f53816

    • SHA1

      3e3897c20b9e89b279b4764a633f67955bf8f09a

    • SHA256

      435baf3b7282c9110697a4916834ef9371dd29fae6b4cb8e19c19eb126562dc9

    • SHA512

      91e2055b91d04b2348a923cb298ac6ba3637de5038dc4f849c4d2f1665d17de9cd6eb6a97d42d0f894d65348c8fd8e79cd61b667ea5a78e8960347e8cc8db81d

    • SSDEEP

      384:PKlm7i+c3QW6ckPhyDEaLni2bbBBIXwZ:Sqi8BcyhEhLPbbTI

    Score
    3/10
    behavioral5behavioral6

    • Target

      tmp/zmp3s.exe

    • Size

      284KB

    • MD5

      63dd8c8b51f5f9e76647c008222e7938

    • SHA1

      869e9c1a7581254db1f2ef9b853b931feda57cd5

    • SHA256

      a00015a82344010c32471cdc034c0f2bf3ec1823cee39728ebdc4ecc1b824cf7

    • SHA512

      9a9149a4ffdb79f11027e5728d524ef505be59f7b50a875e0ac72db5963b4f555fa6ab5f4d5145768996981b0a7cfdef54f76e9f483d7a0d1f661ad6b51bfcf4

    • SSDEEP

      6144:wRDj9Wef0x0GjCD9cLe1i0YEGKfSsp347TYT:ctf0xjCBl1i2fbW

    Score
    3/10
    behavioral7behavioral8

    • Target

      zmp3.dll

    • Size

      96KB

    • MD5

      94bec8d84cb8f23b70e5c06a7e4a4f3d

    • SHA1

      35528a7943c7f329c6c4f8def82bac99a57a27ff

    • SHA256

      a686518b60a11c8ce6b0c3639c4ce5fdac6220d2d1617165801012e1dbb74fe1

    • SHA512

      2ce8b18fc00b927196bfb2b33882910df9680fbcc9ff781d13fecdb5b91e4acc1c9477e7b85a8cfe35936120ac5ddafe0f04f49df5e9723745e040fe55864ee4

    • SSDEEP

      1536:UqnqTwi2pxXZalzZ1sd3Z5TpgeyNHWS9/WENtwQOaSMUNflhuuueeB:Uzsi2pxXwlV6d3HE1h2fld

    Score
    1/10
    behavioral10behavioral9

    • Target

      zmp3.exe

    • Size

      276KB

    • MD5

      8828b01e056973c9fa56717a79487003

    • SHA1

      39710e138781eee55d719ca920e8a626ef0f56ba

    • SHA256

      19e587a1b7d53f2bbb56cd9b03a905e62c2f71afbc1392b6477e3e003f7cac67

    • SHA512

      57b434977d04a6f9050ae8d2aa32ff7cd836c7b2e665ad91d02c23bb4123fcac6a9224ebe3d596ec8a78ee5079a7a366754b6306ee16ea91fe964fb61bf633b5

    • SSDEEP

      6144:9zF1yGfVSt3CC/P8yntR3CpI+mMcoDc1MXtl:9zF19+yC/PhvQI+mgDc1M

    Score
    3/10
    behavioral11behavioral12

    • Target

      zmp3s.exe

    • Size

      284KB

    • MD5

      63dd8c8b51f5f9e76647c008222e7938

    • SHA1

      869e9c1a7581254db1f2ef9b853b931feda57cd5

    • SHA256

      a00015a82344010c32471cdc034c0f2bf3ec1823cee39728ebdc4ecc1b824cf7

    • SHA512

      9a9149a4ffdb79f11027e5728d524ef505be59f7b50a875e0ac72db5963b4f555fa6ab5f4d5145768996981b0a7cfdef54f76e9f483d7a0d1f661ad6b51bfcf4

    • SSDEEP

      6144:wRDj9Wef0x0GjCD9cLe1i0YEGKfSsp347TYT:ctf0xjCBl1i2fbW

    Score
    3/10
    behavioral13behavioral14

MITRE ATT&CK Enterprise v15

Tasks