General

  • Target

    edcdbe783499408e682d6ef3d70b20e7_JaffaCakes118

  • Size

    19.6MB

  • Sample

    240411-tewtmaab8w

  • MD5

    edcdbe783499408e682d6ef3d70b20e7

  • SHA1

    8a9eb2486632f22488e363610f322e62aec27713

  • SHA256

    c436273967199e5ccebbe0020e71f385e7d2a6e4fe57dd61bf9d204b953f29ca

  • SHA512

    e5af12091e777358df42ac4f10cfa0471fea37cf4a32bdcfdad14eddb6f3da62ea5f8b7f46a99d4e557933e3784c3c990c81b59de368b1daa342a3e227296261

  • SSDEEP

    393216:nZFRWDx9uTwHos56fVInAVt+78R8f/2Vztjps2Qg5Qdwvaz1DTcxYFr41em1:ZFR3vs8diAVtz6n2Nzsdwvg1DTcxY947

Score
7/10

Malware Config

Targets

    • Target

      155绿色软件站.url

    • Size

      219B

    • MD5

      3a1f2a8a3ef08ae269517a69ea918b2c

    • SHA1

      7d2e6719702bc8472e045e010efa6ed3f7df4b5b

    • SHA256

      66eafefa8bb0155e60828476bde6068573fe64a4fd0aa052eba074dbe85d46cd

    • SHA512

      22203a78192cadc02d0f887247675925273a69e3be82ec1a331197f892216a282cc8f37c3ffbfb578a708244181037277b8cc6a40d8ec70cdf0feac5d80f8576

    Score
    1/10
    • Target

      baobao.exe

    • Size

      19.6MB

    • MD5

      c5d68c3c3818e7bd6ccfefc3488266f2

    • SHA1

      9141d2c4a9d1c534583996cab4b9890b1945ca4f

    • SHA256

      1942b3019e086f1907bea72bd4a865ea954d07bc3a8a619775e0017072c91f90

    • SHA512

      88a46e5e586fbf296f6dd0ca67acce89c30d0b6086d40c3d97f9c38a62579c45e72e29e5c514f8f72e2baabc7626f1596f70e9d32b38844e80e1a32d0c55f65c

    • SSDEEP

      393216:9vtgMZeNKXdHaFMVjg+xDZ1WD1N0u4spi9PdRJSHc2VEmmd4bafOCYUH:9lgJNKtHDNgoZ1SOugPfJU/I5fDBH

    Score
    7/10
    • Loads dropped DLL

    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      14KB

    • MD5

      2bb3a180348b2b3d155cd12b9eda0712

    • SHA1

      1f3e94f5457502ce59aee891275288f88739f367

    • SHA256

      944bc80b57670eb187bdd59250f77af6ab657a2cb6ede3621139d8c04d57eec3

    • SHA512

      d555b890910a8a729e37cd69fb612d5d7efe76f2821995b3c7b532d663d5993688692d8d5be6f97f683daaaf02683a134c69f9ae6710a7e005dc7cd47cce0c55

    • SSDEEP

      192:k4lsN55M8r67wmsvJI5a299sfoG8I+WhPB3RY+h/G3DNl/qYcVp/12kgszA:kysdM80dCI5a2LsQ5IlPNRY00AlAYU

    Score
    3/10
    • Target

      $PLUGINSDIR/StartMenu.dll

    • Size

      7KB

    • MD5

      3d8f82aa21fd7861890594027f39879f

    • SHA1

      5fecbecabc15f639c7b3fb57400f6ca6e192a73e

    • SHA256

      4bc38ffc6d1b09108be0031874bbebb3bd892eac86498c76a60a33c1e3c80d9e

    • SHA512

      28ebf820047a27e3a7f0f2fa593af5492e27dddf62ea0c2ca633840fa68fb8b893b1c194f8456869d175eaf5a34f6146fb01f95898007ce19ed29438a1fee65e

    • SSDEEP

      96:Z+BBC0x22epxPEvC4FkWE+in1/FMvsCGRfRFqCB5t5GhEl5VN:Z+zepxPE1r8/FtmCDtwg5v

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      0bbcbaee7b703ebd55cd8658a0e8dcd3

    • SHA1

      6ed448b8b67cea36eb45bfbc67fed9a6da9623e4

    • SHA256

      e67277ecc4f6c7beb3c7e586ce508677269db056c7541eacfecf6c719f559da6

    • SHA512

      604c524bd00313f6411cc9878d5c9a1db77588049feeb5bb02c971df44f8becbd18d251cc20e551b878173eb2a78be61f31352769597c6334cffc0bc2326b008

    • SSDEEP

      192:WO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1azgMO:TKAFERdlxhGRYUzqZaz

    Score
    3/10
    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      8KB

    • MD5

      9119c6371994557db43f61887dbec301

    • SHA1

      f43aa3a2547c61a0f9d6f7e975da0a475f973c28

    • SHA256

      562e24d6cb190f12ca6f4b2943874fd6a4e434a7fcb6efefc18af66c37aa1acd

    • SHA512

      efe8fe0ad174edf0301fccbffb820064f0e6dbbda20d4b2107cc937f10ab40d0e5f98c9e91023823f7c50d7e551ba63ffd7953d9e312ff827b4471e3e39c593a

    • SSDEEP

      96:r55NxaBY5vP/PGfMzqu/ODzNIZhyGE1xQR0r6UHpYkUdiU+:r5gu/AMXUz+ZhtEA0r6UJxUd

    Score
    3/10
    • Target

      $PLUGINSDIR/nsisos.dll

    • Size

      5KB

    • MD5

      69806691d649ef1c8703fd9e29231d44

    • SHA1

      e2193fcf5b4863605eec2a5eb17bf84c7ac00166

    • SHA256

      ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

    • SHA512

      5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb

    • SSDEEP

      48:6EyuygeHCfxwU5x+6kx/k1gONv27oBc2OkIrHHl:VeHCf2762kKsu7oGjkIrn

    Score
    3/10
    • Target

      bin/_capture.pyd

    • Size

      884KB

    • MD5

      a23d5e1ef466a3366a583ba3b8453a7c

    • SHA1

      12bcd5c86ca8e595ed333cf064e2efb2d9760c4b

    • SHA256

      0e318b33bd6bf56993e2ce8e05aae1fafab2e04979f19d76a8b9581097bb2fb6

    • SHA512

      381c79a795f94de06f34788130b8d5a9437f65e9a9e9fb6626dc9cfb3480ced43ee9e54e5e69cca77c49571c76ff2f68e1673f3e0976696a848e0b64ad4a3a0b

    • SSDEEP

      24576:vqaQ/h7yyPY/74OpTc1RYdLVOXdEWU6oDLDG9Y:vGh7dkdAf91UhDaY

    Score
    7/10
    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      bin/_ctypes.pyd

    • Size

      76KB

    • MD5

      c09feb426a80d847662a08912fb95656

    • SHA1

      d843dc2470c358d6f7e02031a8b6feb1e78f6b7d

    • SHA256

      da13608df8b7655970a958390a91b74cae3b73ed57d32c37444785cc1f2f06df

    • SHA512

      5374e9ba137263f743c2112dc2c3301cdbecf8e7525a5d87a473e89e8e2daff913bdc214267c0ad18ebde7602dd88bb28287d0dc55b4c4798b4b798de856d2ff

    • SSDEEP

      1536:GCEIcOlHOG9WCet34H8li2FTSTiTdFaoRNuv+iiLWJXAs0fLlr:GC/cWOGyt34clikNuv+ZcATfLR

    Score
    3/10
    • Target

      bin/_elementtree.pyd

    • Size

      123KB

    • MD5

      cc17beade39e1d3cddfc7f8988d577b9

    • SHA1

      d4f00352daf380f327d2b03b734ab9ec3b7f5d02

    • SHA256

      217f4b2a8747ac1088008a0ce0844fad8362414baaaf9b6053fe1dcbdd28203b

    • SHA512

      70a8dc7b3daee44dfa816f8f431bcdb68427a9b56d98ed7b07d00830fa65080fd36e1293859263ffa34983bb7e1e7c3213534d1d9165f88aacd96f8181b20926

    • SSDEEP

      3072:MlWqS5YJqA7/pA947nCvCFQOrq0G/SWtKK8h:QSaJlTplnGCiOW0GND+

    Score
    3/10
    • Target

      bin/_flv.pyd

    • Size

      223KB

    • MD5

      9b9665dadcb8329dc7d00c7341956309

    • SHA1

      6037aa9671697ba1f399298e70d5dd508ce9d9e1

    • SHA256

      4cc2fb56bd58c44fb80792983914e44ea7b5e39ae7d2d9f5212f3a95cd88361d

    • SHA512

      aad23912c2a25c01650771918926147273dc17ec2d382a2142b90d8f3879a71d8bab035f0b40f6514f8cfc19f069d49c15dcc7982ee1c65b80ab1ba4332cebc3

    • SSDEEP

      6144:b7MtDUAQuxlJlWixqfRdx1Fn8cBict7mOtxdza5:nMtkuxlJl/YfRdxHnBbxw

    Score
    3/10
    • Target

      bin/_hotkeys.pyd

    • Size

      17KB

    • MD5

      e863f2497dfcdb733e91952266a9fb3b

    • SHA1

      a18ff5b08b037334b5b5a155683e336a74f52164

    • SHA256

      f2751d2ef544b345ad4164b47bdc3464787e9d1aa6ba29580333045bb1ad2f2b

    • SHA512

      9b826191e6d5c7b1a11e3cbd86d9d9d7ddecf8a22fdc69a74f4edec3e94c5faac07cce70edc7e222ac9afd676831490af6716355b5595b356ce3b8b15d3d60fb

    • SSDEEP

      384:mGZbtniJWQ5Xhoi8Da2vOflbtMgiPZ9+VR4yIPeD2OKf0NoES:ms1iJ7xod+2q6g++RiK2OKMNK

    Score
    3/10
    • Target

      bin/_image.pyd

    • Size

      272KB

    • MD5

      bb0ffdc81a4c9986b2ceab4eb4e40ace

    • SHA1

      091094e73d3b1560d8bda2e75424949a0d172342

    • SHA256

      0ad6aa0f21c938e8419c31bb3cfa72b21b3b149e424f46a3f0e5adf26a33ec00

    • SHA512

      11adfd546e16b3654e2063b99a7e4ff984c97e14f5df31a579eaf96dcee547630c4787cdd520bcb696d5f0e4e80fac4483647be72f20d2d0cd132a280a288ec2

    • SSDEEP

      6144:C3xrNuZROSSO1cGsLWDmrK7ay9rZJYnBjVQTBqzRCOKD:C3xKIE1cGbaT8r+cTsz

    Score
    3/10
    • Target

      bin/_kit.pyd

    • Size

      212KB

    • MD5

      a82b4d4dcc53cac93ee947343eaade79

    • SHA1

      42cac9ecd6d1427d6a327bd75542bdde2aef5155

    • SHA256

      c94c74a6a0a8670e383d1845ed08b498ab282cf01d5931f8500a207f83dc6d08

    • SHA512

      20c3eda101939b2895cbded4ff8ad909f1a5c8cd1f77d22052c2501ecff5cec4949c28d1ca0b7e97dcdbf921e9652263daa766eb7a8a75aaad7023745dd2c467

    • SSDEEP

      3072:E2HbdY7F3C/CFgQ88wuig62P3vdw0ngXZc/7tAKpBSHOeOjMXbHIpiNH3tdNFKx5:E2a1Zbig6xR85cajwNH3yxSuhOKS6H

    Score
    3/10
    • Target

      bin/_win32sysloader.pyd

    • Size

      8KB

    • MD5

      96e03886a276eef318400d4bf45e9188

    • SHA1

      6ee990f2f666bc4091509a4e911156635e9b66f9

    • SHA256

      f48112595d64a1dcbd330cf1c6036811bc88aeccc4774a8ddeda1fd7434c6c6f

    • SHA512

      70c823957beae128e2283812d043d5d3bfdecdeee9cd155ddb586ed3f066b1a568b5ec43f64bb8cde8637c05f745ba7b067201f56f66b8ca26910b3c8aac7333

    • SSDEEP

      192:AeHcjD5F2WsUGhPjfv3wm3Xpo6MbrkjOOP:A1P5FIvpjAaZo6M0

    Score
    3/10
    • Target

      bin/baby.exe

    • Size

      1.0MB

    • MD5

      98f5ae4dd09008592f24fdd11c2805d0

    • SHA1

      d22db12708152cdc5684a4eb65587186d92db0b9

    • SHA256

      b51dea8831d7f2334c3e6879ea27a0e33e09a94935a8f30325fd6928327ded05

    • SHA512

      b6e586f8ed4fa051dd0010017f0b637945d4d75f218814f22d8ef5afadca6cbf87b20884d2b0a5487d5b7f3b7e315fae45a04fd666b00f6c460e5c6e4985694c

    • SSDEEP

      24576:6f6m57WftWWHm5ksMdt+Rtp2XvX3xOs70ZEWcu6GicX:6N5kDABQ0tp2vR0KuKcX

    Score
    7/10
    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

themida
Score
7/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
7/10

behavioral4

Score
7/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
3/10

behavioral14

Score
1/10

behavioral15

evasionthemida
Score
7/10

behavioral16

evasionthemida
Score
7/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
3/10

behavioral30

Score
3/10

behavioral31

evasionthemida
Score
7/10

behavioral32

evasionthemida
Score
7/10