Overview

overview

10

Static

static

7

f8d954064a...18.exe

windows7-x64

10

f8d954064a...18.exe

windows10-2004-x64

10

Bunifu_UI_v1.52.dll

windows7-x64

1

Bunifu_UI_v1.52.dll

windows10-2004-x64

1

Guna.UI.dll

windows7-x64

1

Guna.UI.dll

windows10-2004-x64

1

Guna.UI2.dll

windows7-x64

1

Guna.UI2.dll

windows10-2004-x64

1

Newtonsoft.Json.dll

windows7-x64

1

Newtonsoft.Json.dll

windows10-2004-x64

1

loader.exe

windows7-x64

10

loader.exe

windows10-2004-x64

10

login.dll

windows7-x64

1

login.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f8d954064ae4783f8060bb27b83fc3f5_JaffaCakes118

  • Size

    4.3MB

  • Sample

    240418-1z91bagb34

  • MD5

    f8d954064ae4783f8060bb27b83fc3f5

  • SHA1

    e48e3f9035dea0caa383964f44ba6ff9e469e58b

  • SHA256

    0b86c4e1fa9b6db44f44f2ef3d0701429bc2d93c66160a9249f4111c78052d52

  • SHA512

    3d3c377f93d7af54ff27edb7ec0f60e712a482a7175e2084bee57ceca9416dd425c48fbccd81b78a2b294a63bcd2df5dedbf88563f3b19bc321fdf6e107981f1

  • SSDEEP

    98304:Z/LPqUHodWSu6vKkqWHX5XMNGl/RZepcVfBfmOo8M+21o+w32UWIkQwd7:Z/hIgOvXe8/nfpo8v26mPQ+

Score
10/10
agilenetevasiontrojan

Malware Config

Targets

    • Target

      f8d954064ae4783f8060bb27b83fc3f5_JaffaCakes118

    • Size

      4.3MB

    • MD5

      f8d954064ae4783f8060bb27b83fc3f5

    • SHA1

      e48e3f9035dea0caa383964f44ba6ff9e469e58b

    • SHA256

      0b86c4e1fa9b6db44f44f2ef3d0701429bc2d93c66160a9249f4111c78052d52

    • SHA512

      3d3c377f93d7af54ff27edb7ec0f60e712a482a7175e2084bee57ceca9416dd425c48fbccd81b78a2b294a63bcd2df5dedbf88563f3b19bc321fdf6e107981f1

    • SSDEEP

      98304:Z/LPqUHodWSu6vKkqWHX5XMNGl/RZepcVfBfmOo8M+21o+w32UWIkQwd7:Z/hIgOvXe8/nfpo8v26mPQ+

    Score
    10/10
    evasiontrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan
    behavioral1behavioral2

    • Target

      Bunifu_UI_v1.52.dll

    • Size

      220KB

    • MD5

      3764580d568e4fc506048e04db90562c

    • SHA1

      e8d2771a4891ad7b751c4ac153f599d7d58ebd31

    • SHA256

      27c8cea7e793ace737415881a5c16b4e2d98ce46609d272e82c6c905ad2d9f36

    • SHA512

      fdc11be9388034404c9c71a60374486ff15d552bd8e9f7f74ca345e7d40df20dcb992e6d4e7b509e31e53c910e33ed8e275467da92c30193d6fab16934491763

    • SSDEEP

      3072:UYZOzNgqlPPL42pFzo3tgyGkToR74K5BC6u+QVTNDcHaDDPuD6bl4:UYZYgEr44Fzo3tFIEKiJNDcHKPueb

    Score
    1/10
    behavioral3behavioral4

    • Target

      Guna.UI.dll

    • Size

      1.1MB

    • MD5

      8673eae95d67e5eb19f0eca3111408e8

    • SHA1

      ad3e1ce93782537ffd3cd9e0bb9d30ae22d40ddb

    • SHA256

      576d2de2c9ef5bc1ea9bdd73ae8f408004260037c3b72227eed27e995166276d

    • SHA512

      65c4eadf448a643f45fa9a0d91497bb25af404c41a3a32686d9e99ba4f4e50783d73f5b13d5df505cc62c465be300746d84a2eaa8000531893cd0b19d6436239

    • SSDEEP

      24576:hUsmpWNSUFmCqJPNsTuJDYYviEcHy1t6Y:hSUQWSF8q

    Score
    1/10
    behavioral5behavioral6

    • Target

      Guna.UI2.dll

    • Size

      1.9MB

    • MD5

      aed0276b4fe83e9f315d7f9575513178

    • SHA1

      e19698cb57ec89879039491100ede72e3f25001f

    • SHA256

      25ab13005a5b8020f86e59dae31728937cf93de879baee7a12c1b32a9530e564

    • SHA512

      fa6ec94acbacf2fb5c286c731bf0ee98575466233bf06d42976106edc47d2b3e92ad4952989148b2ef92323e58b8284bb686654566cd000332e1086cd8de1646

    • SSDEEP

      24576:rTNgPBPbTkcHYx48hazs9yXQbVzEh621w2C0xpNBy:nqux43YMQZ+621RR3e

    Score
    1/10
    behavioral7behavioral8

    • Target

      Newtonsoft.Json.dll

    • Size

      683KB

    • MD5

      6815034209687816d8cf401877ec8133

    • SHA1

      1248142eb45eed3beb0d9a2d3b8bed5fe2569b10

    • SHA256

      7f912b28a07c226e0be3acfb2f57f050538aba0100fa1f0bf2c39f1a1f1da814

    • SHA512

      3398094ce429ab5dcdecf2ad04803230669bb4accaef7083992e9b87afac55841ba8def2a5168358bd17e60799e55d076b0e5ca44c86b9e6c91150d3dc37c721

    • SSDEEP

      12288:Lf9WGsSVSM2mxL2nRiOr8gUckc6V/g2GhBzj05cH:7XNL2PVh6B+Bzjmc

    Score
    1/10
    behavioral10behavioral9

    • Target

      loader.exe

    • Size

      2.2MB

    • MD5

      7d0f7ec4fb32340091e5497fbd00217d

    • SHA1

      c5d05baf74e865830c857cb02be2c0d4da5c97a9

    • SHA256

      a5a261103364bb4afc265ccdab56fdf97e881ae506054c60c03f9540d6cac6cc

    • SHA512

      0d16090e36650fa1d8fd3ad33d661c88c067bd5d54a4bb6a4c801c7729ab70c3a23f4a22da430be58c25d9abaacd0944d537f653ec8e2b840867d13a7382a116

    • SSDEEP

      49152:aqLqOsZP4G2AZFYflZ3MhCH26GjnGYqPBSswLmg8tuWjXZN2Q:vT+JVcflR0m26G75qPEmuSZN2

    Score
    10/10
    evasiontrojan
    behavioral11behavioral12

    • Target

      login.dll

    • Size

      128KB

    • MD5

      a63a1bbf75ea748c7f0b5f938c0a716e

    • SHA1

      65f3dac1dff5397650a91755c9f0a83c79c905a6

    • SHA256

      6c8dbe4af8f850e71a54a9b7d81d143608fc00426c4ad064a6aaf7eb6785562f

    • SHA512

      086a11b17627bac1270157c74b8d741bfe5dfe152d4d05ea6ceffe0c5f7d20fd265b7c30480482f835ecce8cb7e0e9b94dc6db3b441c9fb52bd22afbfe6593f8

    • SSDEEP

      1536:SdosT0xYpoH1AeuXE4Dk/aMCGZfHxYTLXNwhvjXNxCHVopgSinEzrF8:oT0epoVAxk/aBGJRYTLXNwBXNxC1HEy

    Score
    1/10
    behavioral13behavioral14

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Privilege Escalation

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Defense Evasion

Modify Registry

4
T1112

Impair Defenses

4
T1562

Disable or Modify Tools

4
T1562.001

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks