1cb6977c6c4553ff7842af9205760e5c5958a85ffb3db2c1e94c69fcd0f0a347

Sharing

Copy URL

Twitter E-mail

General

Target

ed03f8136c974575f1995a02588027fd_JaffaCakes118
Size

1.0MB
Sample

240411-kl3fbaba5t
MD5

ed03f8136c974575f1995a02588027fd
SHA1

6938361bcdb6464efa695314f823099edf64ceb7
SHA256

1cb6977c6c4553ff7842af9205760e5c5958a85ffb3db2c1e94c69fcd0f0a347
SHA512

62fcd214537cff84a4259fdaed385c468a97ca7ff00d573291314b96491ac638db5911f09ab7dd76f963f6edf34f913f53ed7397547d4c71d83b568ddb5ae0bf
SSDEEP

24576:UsKpBnGtQcAw9VgfMWbo+1/h54/GBshHvPM1NbwlJULneh:UdBnGtQ1jT0+rGA8H3M1NbwlWLneh

Score

10^/10

Malware Config

Targets

- Target
  
  ed03f8136c974575f1995a02588027fd_JaffaCakes118
- Size
  
  1.0MB
- MD5
  
  ed03f8136c974575f1995a02588027fd
- SHA1
  
  6938361bcdb6464efa695314f823099edf64ceb7
- SHA256
  
  1cb6977c6c4553ff7842af9205760e5c5958a85ffb3db2c1e94c69fcd0f0a347
- SHA512
  
  62fcd214537cff84a4259fdaed385c468a97ca7ff00d573291314b96491ac638db5911f09ab7dd76f963f6edf34f913f53ed7397547d4c71d83b568ddb5ae0bf
- SSDEEP
  
  24576:UsKpBnGtQcAw9VgfMWbo+1/h54/GBshHvPM1NbwlJULneh:UdBnGtQ1jT0+rGA8H3M1NbwlWLneh
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InetLoad.dll
- Size
  
  18KB
- MD5
  
  994669c5737b25c26642c94180e92fa2
- SHA1
  
  d8a1836914a446b0e06881ce1be8631554adafde
- SHA256
  
  bf01a1f272e0daf82df3407690b646e0ff6b2c562e36e47cf177eda71ccb6f6c
- SHA512
  
  d0ab7ca7f890ef9e59015c33e6b400a0a4d1ce0d24599537e09e845f4b953e3ecd44bf3e3cbe584f57c2948743e689ed67d2d40e6caf923bd630886e89c38563
- SSDEEP
  
  384:nUOPTbiJmdztwwKq8W1cyMjPzV0Ac9k+LMkIX1+Gn+XHdjf:nTikliwKq8W1rMjPzz+f
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/MakeDll.dll
- Size
  
  392KB
- MD5
  
  eb907eaaf1d86c90112783c8a189882a
- SHA1
  
  04ca0180f47096b3ef711914cf93ca6ec2b6c390
- SHA256
  
  42e21a9f51079d8a8c211b20ffbb31e86ed1e68f306cf72442a5b46c49ffff1a
- SHA512
  
  0e5327d7447ce77ab2001d1bd2bdd634da5adf1160064d77747381e3912e0b9716134edf847fdb0fd32847a5ec8efa4edd6bddbb568b7e849c99e4cbde9817ac
- SSDEEP
  
  6144:LET26hNKPuz98w6DkrSbu0ia7TOscYT0DEw0isbDfg7dNpJ7yOSc3gvlb/wl:l+NKPs6oubumRqoisw7P7yOF3yb+
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  72f18eaa88886bd0d46de64a17d9720c
- SHA1
  
  e604c84de0ded023cf4c5e215c0534faf1d18227
- SHA256
  
  05f699d932f1fea8e6f1a711c3bc8ba51463b924b78a68bfd0683295de008da1
- SHA512
  
  5a80e303f1418dde67ffe0b9b60d574b85634de0d2b557a6691229812e9b376fb34ba7e276efd0e20f35baec91f1030b738e2138d7b7ee146715fcab5cd7e018
- SSDEEP
  
  96:VgJbo7bG2VHk3C45rJixqE+6nSvMn0iGLG8wq/aAtJ1t2RhU1fU:qJk7ZHgRJRHvcwBwqP/t6wf
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  00a0194c20ee912257df53bfe258ee4a
- SHA1
  
  d7b4e319bc5119024690dc8230b9cc919b1b86b2
- SHA256
  
  dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
- SHA512
  
  3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  c6284e23cd7e4d11db8298deb4541083
- SHA1
  
  e338686c7579620383ab8cc5a51bbb8d846f60cf
- SHA256
  
  79914940cbbf70a385f13a9970a9d577d7a7e07d240fe44563b45a472cd4bc3f
- SHA512
  
  72103e470d770fb402a18e975ff339526a3e4c9aeb8fac1b0977995a6eace0eca965b1915404df9b5a25b59628db1b199d2b9b10372841309c137054356a5cd7
- SSDEEP
  
  96:q0HzOxnC1hncrcpRciM8wcxMkDOW6LbUXv8X2PXv5bcndYosRn:qJxw3pmiMRxNE/8c5bcdo
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  40909a97db3a51fc83aaeff503128b3f
- SHA1
  
  9693d68a1fb11db70f61b8277e1195dd298abbab
- SHA256
  
  f2633b3604a80a7b1be67858fb43288fd7b686730bad158f347dfa38c6df59d9
- SHA512
  
  cd1425e28302dfeced644fa155a09549aae25b96f5f6a7688624135a69be7abee8e6eaac89194dc6ec89281c45e00451fae43db5953360ee9a47dc0d11d07c77
- SSDEEP
  
  96:+Vyk3+0P+gcVUzWKw1lq4xNmuUUOnyX3z9zJ5cVK23EHC:+40P+gcVUzWlyuUStJ5cVKXHC
Score

3^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/nsRandom.dll
- Size
  
  21KB
- MD5
  
  ab467b8dfaa660a0f0e5b26e28af5735
- SHA1
  
  596abd2c31eaff3479edf2069db1c155b59ce74d
- SHA256
  
  db267d9920395b4badc48de04df99dfd21d579480d103cae0f48e6578197ff73
- SHA512
  
  7d002dc203997b8a4d8ec20c92cd82848e29d746414f4a61265c76d4afb12c05bce826fc63f4d2bd3d527f38506c391855767d864c37584df11b5db9ca008301
- SSDEEP
  
  384:LCHDPMs4GdtyO5roguusMxUXiO3wOw95euooP2UgKbd9BvNtf:LCHD6Gh87MKXil/5r2U3z
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/registry.dll
- Size
  
  16KB
- MD5
  
  351f89337642c165a48dd763aa210023
- SHA1
  
  a5b204cbc51a0ad84248aa680b85be7824f3354e
- SHA256
  
  b610ab13da00e05b000026c73081cfdf0d2ebd3f2fad05e1d0f277060fc3c07f
- SHA512
  
  10326b95ea81b377f74cb9e42135e891930a354b65ce50a4562246da33ca6816f5397089bb60cd1eb647bd28829d70f6425c3113440e11f9a9a4f7fecaac7f4c
- SSDEEP
  
  384:tTVUUuJHxgeh2OTU+X9pCtlohiTV0pWY7:tTqzHxgeh5X9oaiTgW
Score

3^/10
behavioral17 behavioral18
- Target
  
  $TEMP/v.txt
- Size
  
  3KB
- MD5
  
  7dd5b42c6430c95daaa78d819a976831
- SHA1
  
  72d84b93404c6f37ce3d9f2a5aa1d38445740315
- SHA256
  
  bfc85625539ed0d5e8bd5cbe1239776ef4895cd5fee73eb7d0858c803158129a
- SHA512
  
  0a81ceee170bb7e687a24fe13d8b3780c7ed3fe7011454fc0241386fbda7f2e749b9a391b8c9056eedcbff5aa169203e3dd655840e29d334a0f4a663bca075df
Score

3^/10
behavioral19 behavioral20
- Target
  
  $TEMP/xcmd.exe
- Size
  
  32KB
- MD5
  
  378e0103156f2e6844c83087d80a7156
- SHA1
  
  c3e577e294ee81cd763625b4f6657795c4a8a6c4
- SHA256
  
  82fbc8842aceeb471967d2e78b7336c972e3d1379fcd23662df022af958f40c1
- SHA512
  
  0d9e162042f0894aeefb4d43a2c98161686b4451605cbaddcf12f367b17ed1a3796370e770dfbbe6b2ce7ddfba7dc42747ce564b8f80c292b331a600910103bb
- SSDEEP
  
  768:vGw9ERxPw5DAKshWRjzrjBav9+IZ5deSbA:vGQc4TsYznBA9LISbA
Score

9^/10

upx
- Nirsoft
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral21 behavioral22
- Target
  
  $_48_/$APPDATA/xcmd.exe
- Size
  
  32KB
- MD5
  
  378e0103156f2e6844c83087d80a7156
- SHA1
  
  c3e577e294ee81cd763625b4f6657795c4a8a6c4
- SHA256
  
  82fbc8842aceeb471967d2e78b7336c972e3d1379fcd23662df022af958f40c1
- SHA512
  
  0d9e162042f0894aeefb4d43a2c98161686b4451605cbaddcf12f367b17ed1a3796370e770dfbbe6b2ce7ddfba7dc42747ce564b8f80c292b331a600910103bb
- SSDEEP
  
  768:vGw9ERxPw5DAKshWRjzrjBav9+IZ5deSbA:vGQc4TsYznBA9LISbA
Score

9^/10

upx
- Nirsoft
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral23 behavioral24
- Target
  
  $_48_/1.html
- Size
  
  321B
- MD5
  
  a0238afd1edbd480243061ba3a1469fc
- SHA1
  
  40a15406c5deb21f6ad07b6da337f549257840c8
- SHA256
  
  0fd737d043eadbdd0ad65e03ffd45c6b010b302a0be68ba2c8d5994bae3ef835
- SHA512
  
  721dd8d512797677f46d7da349f2d47edc8581ffa1481883423b04d41eb09c36aa30e5bc8348b17ec5981cec8ad81dfc7e19977b7b0f46a439690d95f088d7ed
Score

6^/10

motw phishing
- Mark of the Web detected: This indicates that the page was originally saved or cloned.
  phishing motw
behavioral25 behavioral26
- Target
  
  $_48_/3.bat
- Size
  
  2KB
- MD5
  
  964f86619e2df6796baee5c74c18dfa2
- SHA1
  
  12763c3b7799c58c4033579397d36988bb80f862
- SHA256
  
  85c84bfbf5c75b551653561c77d4ca6341f45f08ee74e4489a54a5aefe9aa538
- SHA512
  
  85921ed39207d217cb2762ca19f9bffa82313d8c9ae52bc64ad24546b302d2387704b0440b4fa5fe8c825dbd3a7b686b87365346dcac4c1bcfbcddf7de0e5492
Score

1^/10
behavioral27 behavioral28
- Target
  
  $_48_/3.vbs
- Size
  
  2KB
- MD5
  
  a1e554f682917f550a2e2724e4de948a
- SHA1
  
  b969a24c3581b7a3c8a1493bb5f28410b3359dce
- SHA256
  
  2b4aa2bd62996af03ef4669df853ecb883e676e9ddbb92139d43413fabbad0c0
- SHA512
  
  dfdc643f220be01c6ee9c90970ed84887038d8dd3199c8092d435d8cf6e5ac75a3f2f2b2f5fe020c8bcf0cfcefc64af28d91ef77b80075380b071c284e59c2ad
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral29 behavioral30
- Target
  
  $_48_/qq
- Size
  
  1KB
- MD5
  
  fb8a0c0af287b4b015369b5e756d2bb2
- SHA1
  
  6d2f48d51f5b01e4d5e852b1652c79098fb92a7a
- SHA256
  
  9ad1f7f062cb13e077fffd5a0642a46feffb17ad89415cc6365f9a012ded5fc4
- SHA512
  
  35b59fb0c8b5a70ec32cb69e561e0559644f2a3d19caa28387891fcd6be6ec35781a760ab3f84cc4c9fef2b61cbcb57692e67971c18c8fdfca18fe169502651a
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

UPX packed file

Nirsoft

UPX packed file

Nirsoft

UPX packed file

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Checks computer location settings

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32