General

  • Target

    ed03f8136c974575f1995a02588027fd_JaffaCakes118

  • Size

    1.0MB

  • Sample

    240411-kl3fbaba5t

  • MD5

    ed03f8136c974575f1995a02588027fd

  • SHA1

    6938361bcdb6464efa695314f823099edf64ceb7

  • SHA256

    1cb6977c6c4553ff7842af9205760e5c5958a85ffb3db2c1e94c69fcd0f0a347

  • SHA512

    62fcd214537cff84a4259fdaed385c468a97ca7ff00d573291314b96491ac638db5911f09ab7dd76f963f6edf34f913f53ed7397547d4c71d83b568ddb5ae0bf

  • SSDEEP

    24576:UsKpBnGtQcAw9VgfMWbo+1/h54/GBshHvPM1NbwlJULneh:UdBnGtQ1jT0+rGA8H3M1NbwlWLneh

Score
10/10

Malware Config

Targets

    • Target

      ed03f8136c974575f1995a02588027fd_JaffaCakes118

    • Size

      1.0MB

    • MD5

      ed03f8136c974575f1995a02588027fd

    • SHA1

      6938361bcdb6464efa695314f823099edf64ceb7

    • SHA256

      1cb6977c6c4553ff7842af9205760e5c5958a85ffb3db2c1e94c69fcd0f0a347

    • SHA512

      62fcd214537cff84a4259fdaed385c468a97ca7ff00d573291314b96491ac638db5911f09ab7dd76f963f6edf34f913f53ed7397547d4c71d83b568ddb5ae0bf

    • SSDEEP

      24576:UsKpBnGtQcAw9VgfMWbo+1/h54/GBshHvPM1NbwlJULneh:UdBnGtQ1jT0+rGA8H3M1NbwlWLneh

    Score
    7/10
    • Loads dropped DLL

    • Target

      $PLUGINSDIR/InetLoad.dll

    • Size

      18KB

    • MD5

      994669c5737b25c26642c94180e92fa2

    • SHA1

      d8a1836914a446b0e06881ce1be8631554adafde

    • SHA256

      bf01a1f272e0daf82df3407690b646e0ff6b2c562e36e47cf177eda71ccb6f6c

    • SHA512

      d0ab7ca7f890ef9e59015c33e6b400a0a4d1ce0d24599537e09e845f4b953e3ecd44bf3e3cbe584f57c2948743e689ed67d2d40e6caf923bd630886e89c38563

    • SSDEEP

      384:nUOPTbiJmdztwwKq8W1cyMjPzV0Ac9k+LMkIX1+Gn+XHdjf:nTikliwKq8W1rMjPzz+f

    Score
    3/10
    • Target

      $PLUGINSDIR/MakeDll.dll

    • Size

      392KB

    • MD5

      eb907eaaf1d86c90112783c8a189882a

    • SHA1

      04ca0180f47096b3ef711914cf93ca6ec2b6c390

    • SHA256

      42e21a9f51079d8a8c211b20ffbb31e86ed1e68f306cf72442a5b46c49ffff1a

    • SHA512

      0e5327d7447ce77ab2001d1bd2bdd634da5adf1160064d77747381e3912e0b9716134edf847fdb0fd32847a5ec8efa4edd6bddbb568b7e849c99e4cbde9817ac

    • SSDEEP

      6144:LET26hNKPuz98w6DkrSbu0ia7TOscYT0DEw0isbDfg7dNpJ7yOSc3gvlb/wl:l+NKPs6oubumRqoisw7P7yOF3yb+

    Score
    3/10
    • Target

      $PLUGINSDIR/StartMenu.dll

    • Size

      7KB

    • MD5

      72f18eaa88886bd0d46de64a17d9720c

    • SHA1

      e604c84de0ded023cf4c5e215c0534faf1d18227

    • SHA256

      05f699d932f1fea8e6f1a711c3bc8ba51463b924b78a68bfd0683295de008da1

    • SHA512

      5a80e303f1418dde67ffe0b9b60d574b85634de0d2b557a6691229812e9b376fb34ba7e276efd0e20f35baec91f1030b738e2138d7b7ee146715fcab5cd7e018

    • SSDEEP

      96:VgJbo7bG2VHk3C45rJixqE+6nSvMn0iGLG8wq/aAtJ1t2RhU1fU:qJk7ZHgRJRHvcwBwqP/t6wf

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      00a0194c20ee912257df53bfe258ee4a

    • SHA1

      d7b4e319bc5119024690dc8230b9cc919b1b86b2

    • SHA256

      dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

    • SHA512

      3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      c6284e23cd7e4d11db8298deb4541083

    • SHA1

      e338686c7579620383ab8cc5a51bbb8d846f60cf

    • SHA256

      79914940cbbf70a385f13a9970a9d577d7a7e07d240fe44563b45a472cd4bc3f

    • SHA512

      72103e470d770fb402a18e975ff339526a3e4c9aeb8fac1b0977995a6eace0eca965b1915404df9b5a25b59628db1b199d2b9b10372841309c137054356a5cd7

    • SSDEEP

      96:q0HzOxnC1hncrcpRciM8wcxMkDOW6LbUXv8X2PXv5bcndYosRn:qJxw3pmiMRxNE/8c5bcdo

    Score
    3/10
    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      40909a97db3a51fc83aaeff503128b3f

    • SHA1

      9693d68a1fb11db70f61b8277e1195dd298abbab

    • SHA256

      f2633b3604a80a7b1be67858fb43288fd7b686730bad158f347dfa38c6df59d9

    • SHA512

      cd1425e28302dfeced644fa155a09549aae25b96f5f6a7688624135a69be7abee8e6eaac89194dc6ec89281c45e00451fae43db5953360ee9a47dc0d11d07c77

    • SSDEEP

      96:+Vyk3+0P+gcVUzWKw1lq4xNmuUUOnyX3z9zJ5cVK23EHC:+40P+gcVUzWlyuUStJ5cVKXHC

    Score
    3/10
    • Target

      $PLUGINSDIR/nsRandom.dll

    • Size

      21KB

    • MD5

      ab467b8dfaa660a0f0e5b26e28af5735

    • SHA1

      596abd2c31eaff3479edf2069db1c155b59ce74d

    • SHA256

      db267d9920395b4badc48de04df99dfd21d579480d103cae0f48e6578197ff73

    • SHA512

      7d002dc203997b8a4d8ec20c92cd82848e29d746414f4a61265c76d4afb12c05bce826fc63f4d2bd3d527f38506c391855767d864c37584df11b5db9ca008301

    • SSDEEP

      384:LCHDPMs4GdtyO5roguusMxUXiO3wOw95euooP2UgKbd9BvNtf:LCHD6Gh87MKXil/5r2U3z

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PLUGINSDIR/registry.dll

    • Size

      16KB

    • MD5

      351f89337642c165a48dd763aa210023

    • SHA1

      a5b204cbc51a0ad84248aa680b85be7824f3354e

    • SHA256

      b610ab13da00e05b000026c73081cfdf0d2ebd3f2fad05e1d0f277060fc3c07f

    • SHA512

      10326b95ea81b377f74cb9e42135e891930a354b65ce50a4562246da33ca6816f5397089bb60cd1eb647bd28829d70f6425c3113440e11f9a9a4f7fecaac7f4c

    • SSDEEP

      384:tTVUUuJHxgeh2OTU+X9pCtlohiTV0pWY7:tTqzHxgeh5X9oaiTgW

    Score
    3/10
    • Target

      $TEMP/v.txt

    • Size

      3KB

    • MD5

      7dd5b42c6430c95daaa78d819a976831

    • SHA1

      72d84b93404c6f37ce3d9f2a5aa1d38445740315

    • SHA256

      bfc85625539ed0d5e8bd5cbe1239776ef4895cd5fee73eb7d0858c803158129a

    • SHA512

      0a81ceee170bb7e687a24fe13d8b3780c7ed3fe7011454fc0241386fbda7f2e749b9a391b8c9056eedcbff5aa169203e3dd655840e29d334a0f4a663bca075df

    Score
    3/10
    • Target

      $TEMP/xcmd.exe

    • Size

      32KB

    • MD5

      378e0103156f2e6844c83087d80a7156

    • SHA1

      c3e577e294ee81cd763625b4f6657795c4a8a6c4

    • SHA256

      82fbc8842aceeb471967d2e78b7336c972e3d1379fcd23662df022af958f40c1

    • SHA512

      0d9e162042f0894aeefb4d43a2c98161686b4451605cbaddcf12f367b17ed1a3796370e770dfbbe6b2ce7ddfba7dc42747ce564b8f80c292b331a600910103bb

    • SSDEEP

      768:vGw9ERxPw5DAKshWRjzrjBav9+IZ5deSbA:vGQc4TsYznBA9LISbA

    Score
    9/10
    • Nirsoft

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $_48_/$APPDATA/xcmd.exe

    • Size

      32KB

    • MD5

      378e0103156f2e6844c83087d80a7156

    • SHA1

      c3e577e294ee81cd763625b4f6657795c4a8a6c4

    • SHA256

      82fbc8842aceeb471967d2e78b7336c972e3d1379fcd23662df022af958f40c1

    • SHA512

      0d9e162042f0894aeefb4d43a2c98161686b4451605cbaddcf12f367b17ed1a3796370e770dfbbe6b2ce7ddfba7dc42747ce564b8f80c292b331a600910103bb

    • SSDEEP

      768:vGw9ERxPw5DAKshWRjzrjBav9+IZ5deSbA:vGQc4TsYznBA9LISbA

    Score
    9/10
    • Nirsoft

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $_48_/1.html

    • Size

      321B

    • MD5

      a0238afd1edbd480243061ba3a1469fc

    • SHA1

      40a15406c5deb21f6ad07b6da337f549257840c8

    • SHA256

      0fd737d043eadbdd0ad65e03ffd45c6b010b302a0be68ba2c8d5994bae3ef835

    • SHA512

      721dd8d512797677f46d7da349f2d47edc8581ffa1481883423b04d41eb09c36aa30e5bc8348b17ec5981cec8ad81dfc7e19977b7b0f46a439690d95f088d7ed

    Score
    6/10
    • Mark of the Web detected: This indicates that the page was originally saved or cloned.

    • Target

      $_48_/3.bat

    • Size

      2KB

    • MD5

      964f86619e2df6796baee5c74c18dfa2

    • SHA1

      12763c3b7799c58c4033579397d36988bb80f862

    • SHA256

      85c84bfbf5c75b551653561c77d4ca6341f45f08ee74e4489a54a5aefe9aa538

    • SHA512

      85921ed39207d217cb2762ca19f9bffa82313d8c9ae52bc64ad24546b302d2387704b0440b4fa5fe8c825dbd3a7b686b87365346dcac4c1bcfbcddf7de0e5492

    Score
    1/10
    • Target

      $_48_/3.vbs

    • Size

      2KB

    • MD5

      a1e554f682917f550a2e2724e4de948a

    • SHA1

      b969a24c3581b7a3c8a1493bb5f28410b3359dce

    • SHA256

      2b4aa2bd62996af03ef4669df853ecb883e676e9ddbb92139d43413fabbad0c0

    • SHA512

      dfdc643f220be01c6ee9c90970ed84887038d8dd3199c8092d435d8cf6e5ac75a3f2f2b2f5fe020c8bcf0cfcefc64af28d91ef77b80075380b071c284e59c2ad

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      $_48_/qq

    • Size

      1KB

    • MD5

      fb8a0c0af287b4b015369b5e756d2bb2

    • SHA1

      6d2f48d51f5b01e4d5e852b1652c79098fb92a7a

    • SHA256

      9ad1f7f062cb13e077fffd5a0642a46feffb17ad89415cc6365f9a012ded5fc4

    • SHA512

      35b59fb0c8b5a70ec32cb69e561e0559644f2a3d19caa28387891fcd6be6ec35781a760ab3f84cc4c9fef2b61cbcb57692e67971c18c8fdfca18fe169502651a

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Modify Registry

3
T1112

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Discovery

System Information Discovery

7
T1082

Query Registry

3
T1012

Tasks

static1

upx
Score
10/10

behavioral1

Score
7/10

behavioral2

Score
7/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

upx
Score
7/10

behavioral16

upx
Score
7/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

upx
Score
9/10

behavioral22

upx
Score
9/10

behavioral23

upx
Score
9/10

behavioral24

upx
Score
9/10

behavioral25

motwphishing
Score
6/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
4/10

behavioral30

Score
7/10

behavioral31

Score
3/10

behavioral32

Score
7/10