Overview

overview

7

Static

static

7

autoclicker.exe

windows7-x64

autoclicker.exe

windows10-2004-x64

autoclickerhk.dll

windows7-x64

1

autoclickerhk.dll

windows10-2004-x64

1

click.exe

windows7-x64

1

click.exe

windows10-2004-x64

1

rinst.exe

windows7-x64

7

rinst.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fb13ec7b06e71e25cc30942e0cc30545_JaffaCakes118

  • Size

    208KB

  • Sample

    240419-yxnm7aec43

  • MD5

    fb13ec7b06e71e25cc30942e0cc30545

  • SHA1

    b93e0eebdeafdd83fa21167c87c8663184b2e4bd

  • SHA256

    32d39da9693346790b89a355d174c2106709e5ac67944f16856ed11528aa49d8

  • SHA512

    00a01e70051c268a547e9594ed4c6254e3ba8181a0304cf972f5cd3451d26c181a04bf1fde9ff2acd47cfb4cb389084c14a6c380adfbbcd41811ea12b3547a22

  • SSDEEP

    3072:tu10Th+5eHdaThmjyrrHlzYolfLPLzmdBtugCCl9rSSd5l2DUQnIgLLLolvnthS4:w0lzdg2QF7lfLPLCdBHrhngnLwPHPN

Score
7/10
aspackv2persistence

Malware Config

Targets

    • Target

      autoclicker.exe

    • Size

      408KB

    • MD5

      4658fa7a1917906acfb7c483164cebeb

    • SHA1

      a244fe62947443bc0485b214502828afcaba3a8c

    • SHA256

      64c89a6874843e3912475700ee122d6f37dffc478f9732bf078a7ff2007a95b6

    • SHA512

      6db69db1d7b8f0d7b15a70175ca7ea527d1898929300be3e6a31cf749e9e7de3ec8a7d9d7cf46eea0728ad4b1354e5fededf12765292d4760c37988cf497d260

    • SSDEEP

      6144:IoRfQfX61WuTpEA6F6m/mt2sO83JqfBGwxsV1BNFUrMGg5xod+n:IEYvEEF6cmtdt5qfL01X4MGg5xFn

    Score
    1/10
    behavioral1behavioral2

    • Target

      autoclickerhk.dll

    • Size

      21KB

    • MD5

      166f2c8d2091af52c39e2cabe6998e0d

    • SHA1

      f861475c267ad4148e66068d702442800715caa3

    • SHA256

      1ab70f1bbbe30244a8124e2625dfdc450313d5d30028d5ae8f18618fcbb7ed89

    • SHA512

      a9dcb958a1b635f2a65505fdd95e5e68d15cfc78e4ef5939f8ef40cdb4372e29c095eb6e3b6735fc0fba7ce7f2f4ad06d6d297ec58a581236218a680ea133f4c

    • SSDEEP

      384:lN54E+/n3pVI/vknldWHWn/CiDH7CfM81RrZpI0Vl/pMtHBM:D54Ew3rI/vklw0TDbCXljrpMB2

    Score
    1/10
    behavioral3behavioral4

    • Target

      click.exe

    • Size

      26KB

    • MD5

      43591e20c0a6220f9a50ff2991e2eb0f

    • SHA1

      0f321be24d7633fd8a3f27c2172c6309b4082478

    • SHA256

      bd79444d59f2a9f72e4bf58cc0ac93f9ad12050326b585f354f7752c31ecb0fa

    • SHA512

      3341e0f64f07da37d728e1632f55e3582f59da5e2651dad0a53a76dc124897b07096e98e3e6f901f2a6727bce9b76776d1a0bd8b377e46b6be764fdef6b781bd

    • SSDEEP

      768:fUhjWKnS71FwJ5ZrrqBo9whNUAlYtx2deV3Z/adN:8hjC7QJ5x94lYC24d

    Score
    1/10
    behavioral5behavioral6

    • Target

      rinst.exe

    • Size

      22KB

    • MD5

      9a00d512f9e1464ad793702cf2b1eda0

    • SHA1

      39a47a90cd3dd132dbab9f5052dda38dbd7c63f6

    • SHA256

      98d257f639ee9df968f77b1f66c78230d07d86e58a7ddf0d306a24af3873dc5b

    • SHA512

      18604f20351db1d418f48f2eb023be07588754b428b5d6abb0a7c40d6bf174ce7dcab2ae6e06f22585e12f1bfdb6e408b17bf20e2a7ba137620002ac04b8b4ba

    • SSDEEP

      384:c3PqIGR1uEtfWlXdbvoht0zsQHmr246v1hLqsHWuTqvhwp:aqZv3tfEbgIzsQHs6v1hLqQ9q

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral7behavioral8

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks