Overview

overview

7

Static

static

3

f5c77ef216...18.exe

windows7-x64

7

f5c77ef216...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

SpyOut.exe

windows7-x64

1

SpyOut.exe

windows10-2004-x64

1

SpyOutLaunch.exe

windows7-x64

3

SpyOutLaunch.exe

windows10-2004-x64

7

SpyOutUp.exe

windows7-x64

1

SpyOutUp.exe

windows10-2004-x64

1

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f5c77ef21662451265e0828c66274852_JaffaCakes118

  • Size

    1.7MB

  • Sample

    240417-prk6fafb23

  • MD5

    f5c77ef21662451265e0828c66274852

  • SHA1

    5e479f7e68943f792e754fac4bea372c41fc8b5d

  • SHA256

    02ed70ca5fc0e47d0cb7016a0959a0793853beaa8bba1e1d26b9fe9489c798fe

  • SHA512

    02abf7e20f37041d0594deccc2daa59ffed761b0d7f898f2cccf93502c9719729abe03f7e67348b645c3107c7a0dc7db602eb67c40dbc103794f6e0bdf7069f8

  • SSDEEP

    49152:itLrXclQ6jGV1C4MSRBSAXTdxd8rNPk45COkDwuFhnEo:itLgQBqoRBSAX58rG45COPuFP

Score
7/10

Malware Config

Targets

    • Target

      f5c77ef21662451265e0828c66274852_JaffaCakes118

    • Size

      1.7MB

    • MD5

      f5c77ef21662451265e0828c66274852

    • SHA1

      5e479f7e68943f792e754fac4bea372c41fc8b5d

    • SHA256

      02ed70ca5fc0e47d0cb7016a0959a0793853beaa8bba1e1d26b9fe9489c798fe

    • SHA512

      02abf7e20f37041d0594deccc2daa59ffed761b0d7f898f2cccf93502c9719729abe03f7e67348b645c3107c7a0dc7db602eb67c40dbc103794f6e0bdf7069f8

    • SSDEEP

      49152:itLrXclQ6jGV1C4MSRBSAXTdxd8rNPk45COkDwuFhnEo:itLgQBqoRBSAX58rG45COPuFP

    Score
    7/10

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      0dc0cc7a6d9db685bf05a7e5f3ea4781

    • SHA1

      5d8b6268eeec9d8d904bc9d988a4b588b392213f

    • SHA256

      8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c

    • SHA512

      814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0

    • SSDEEP

      192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo

    Score
    3/10
    behavioral3behavioral4

    • Target

      SpyOut.exe

    • Size

      1.8MB

    • MD5

      a5396c316c0fe5831ec38feb82fcecae

    • SHA1

      a1665a5b6211d71b23690d06cfcfa99acd9c4c1c

    • SHA256

      d09943d5ae1a2ee088b5050f12a287461daa69bf56102f3f4e8b27c499e6f18b

    • SHA512

      fdca6774d81eba00b724c0854fc4ab6963b05fc036af18122ee0e54d870e68ec5e23705ad6f352494adb992cf787887f313279771c985ef2f4861afebe6274e6

    • SSDEEP

      24576:GyDY61d9bWTh/Pj0mlfgB9JfOz1Ci4iT70Mq02x0ZYFqAXUSmW5:9Y61d9bWlXj0ggy1CDhtj3XUSmm

    Score
    1/10
    behavioral5behavioral6

    • Target

      SpyOutLaunch.exe

    • Size

      236KB

    • MD5

      3e4daf1d1296da3d9cbfb9d1a334e1ad

    • SHA1

      a5bbdabc7de6fb8eaae6f5b8775d16f22d718011

    • SHA256

      f39229d4f54dbe68606018a58ed5e7e1869c67b6dfaf28b2baa27d43968ec9b0

    • SHA512

      981cd39bd19323cd700a027b714afc7359bfb68c17a885e7af8a4c80b30236a7dede38647d7e4c1cd06f996867f695074d21ab50ef374f98d7226c284d8cbf34

    • SSDEEP

      6144:mBmUYYMcm4dmAP4Xp+EQHKCUeFE/t+Do:MlWcm4dmA28EF+Do

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral7behavioral8

    • Target

      SpyOutUp.exe

    • Size

      416KB

    • MD5

      668512b230a150b2b98da1ba889b24f1

    • SHA1

      d348c96f53ef8401ad736148b0f009c156a325c8

    • SHA256

      19e632355649d31642822c8d37a0a3a3bed2d424016dbac3f194045343804e27

    • SHA512

      c04cb8f5d4683d89b966fcbc19142ea395d30bd2b43be44f7fcc7c61f82ffc951ffcb68d4eef46b43895cef38feab489bb4bc8255c1b4813adcf1c50d1bc2182

    • SSDEEP

      6144:eQMgHzeagMs6ATZXRJtWF2QDbV+B4NDwUeFE/t+DozX:LMgTeagMzOZ1WFe3EF+DoT

    Score
    1/10
    behavioral10behavioral9

    • Target

      uninst.exe

    • Size

      132KB

    • MD5

      46841052d7e2a47af13f8845ea018484

    • SHA1

      d6f5e38b803a2ffa654c681bd1244f77097769e3

    • SHA256

      529830765e44fb8dabfb8fe92aa242005edc2ca83fbe13f4fc4d6cfa7d6b4a50

    • SHA512

      0d68120e128caa6c47f11b318f452b7596600c9b6bf6741e761115e0be6f3010bc8fcf05a0b3c8ebba9d7919f87084d08f2a799f256812eab6026b6dd49be178

    • SSDEEP

      1536:jQpQ5EP0ijnRTXJfiSFxYrZqa9WXkI8s3ofkP0r0eLuUeFEv8VeOF/B:jQIURTXJfiokZqa9+8qo6hUeFEv8v

    Score
    7/10

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral11behavioral12

    • Target

      $PLUGINSDIR/KillProcDLL.dll

    • Size

      4KB

    • MD5

      99f345cf51b6c3c317d20a81acb11012

    • SHA1

      b3d0355f527c536ea14a8ff51741c8739d66f727

    • SHA256

      c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93

    • SHA512

      937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef

    Score
    3/10
    behavioral13behavioral14

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

4
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks