85e49fb3510654cbcf61f244955ef7aeeca49234287c5cb1b5651dfd0a420910

Sharing

Copy URL

Twitter E-mail

General

Target

fb9bbadc9c995e51e4cb9379c97e4b8a_JaffaCakes118
Size

28.9MB
Sample

240420-brkb9acf96
MD5

fb9bbadc9c995e51e4cb9379c97e4b8a
SHA1

09493cc2a5e65b098d4b78cfa43fadf035c0be07
SHA256

85e49fb3510654cbcf61f244955ef7aeeca49234287c5cb1b5651dfd0a420910
SHA512

ed77faa953c848b7c7c445100bddcb548015e8e92a7a711b3e06bfe8a26ec199a516d02de6c00aa80060fceeaa8e7fadf9181dfbcc5b1d99e6c08bae9706adf2
SSDEEP

786432:x3HKNjaPzZVloeX2uwSvi6OPel+3D2DuVeWwXheEQZK1P/zq:xaNoLlT3wSabelAD2DuV+y4O

Score

10^/10

discovery persistence

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
79.174.12.59
Port:
21
Username:
gFUhfuFUTfTFu6tr&6yfgvHd
Password:
GHhgJHg%Uk@ghgvbcg5jhv67ujhv

Targets

- Target
  
  fb9bbadc9c995e51e4cb9379c97e4b8a_JaffaCakes118
- Size
  
  28.9MB
- MD5
  
  fb9bbadc9c995e51e4cb9379c97e4b8a
- SHA1
  
  09493cc2a5e65b098d4b78cfa43fadf035c0be07
- SHA256
  
  85e49fb3510654cbcf61f244955ef7aeeca49234287c5cb1b5651dfd0a420910
- SHA512
  
  ed77faa953c848b7c7c445100bddcb548015e8e92a7a711b3e06bfe8a26ec199a516d02de6c00aa80060fceeaa8e7fadf9181dfbcc5b1d99e6c08bae9706adf2
- SSDEEP
  
  786432:x3HKNjaPzZVloeX2uwSvi6OPel+3D2DuVeWwXheEQZK1P/zq:xaNoLlT3wSabelAD2DuV+y4O
Score

10^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2
- Target
  
  ⌚/1660.py
- Size
  
  13KB
- MD5
  
  02b33905651cf9a4e554407dea1aaf53
- SHA1
  
  bf2ad9f7bb03d24503a1ffeb2ba9cd403b3b0689
- SHA256
  
  369097bd7cafd69e531ec24a2cee7af703736f3d3191c47d190dfd285b488bd4
- SHA512
  
  07b274e2a7c17c5d11c7c1a7a24a35a3c85ff4fa0d4ab63fc3bc488bdfa9634c792c20a878f84ca988f13676360e0974fb32e750148f4e1aaad7a0a6108ac1cf
- SSDEEP
  
  192:Tp9rX3fARJ3xLme88LOGBRA0kQVaOMTNf592lON2Vg20w0Z67d2U:Tbf4YUL/TkQVaOG592lHVow0Z67db
Score

1^/10
behavioral3 behavioral4
- Target
  
  ⌚/Reestr.exe
- Size
  
  38KB
- MD5
  
  9a38f8140e015d4171194f5ef210c3ff
- SHA1
  
  f0fa6e53d81a344972af31f6362965f98c106776
- SHA256
  
  5ceaae261c2bb0454be1dd0dae82fe6cdc086a9d64ca14f66ec1205bb1fcc5b4
- SHA512
  
  4826a0d97a76192f816e4c237d7059ba6cd5bd0f77eeadf0df2873d364fded0c9c340f53a6844838d6ef17232739d5d566ecff610d1b933be0c6c5f64c20f8c1
- SSDEEP
  
  768:C9ExNRwCp+0LY6HWFD4c7PFLWhwXcJ+1s9WkxOp0D3SpS1GkuVbK:YQNRwF/6HWFDw2ShOp0DiJkuVbK
Score

1^/10
behavioral5 behavioral6
- Target
  
  ⌚/clip2.py
- Size
  
  14KB
- MD5
  
  8eb64163aabca8cdeed0fa401a69632d
- SHA1
  
  7a99d41eaa30e29c9c9b25307b4020ad8f1e207e
- SHA256
  
  4938b8ac89f68b5999ada112023a1198fc8c91ea4c032b2c695340eea94cb681
- SHA512
  
  6833625b9127746884aae10a2a15afad72a1e7c0c5fbd4e80758a213ad1761cdd4219477e3f31c688881ea5443aa84c6f34b44e19ba4029ad31147e1aa0aa8c2
- SSDEEP
  
  192:TpZpdVSQ0gcpDSFhe1cU5EfW7XqEv0134Q62Vg20/B0Z67d2U:Tz0zp0heKU5d7XqEI34QFVop0Z67db
Score

1^/10
behavioral7 behavioral8
- Target
  
  ⌚/run.py
- Size
  
  14KB
- MD5
  
  24691f1dea3a169a9bd505b7e84570bc
- SHA1
  
  c9eb6fb96d66892987f0f3c0b951202ce7518c02
- SHA256
  
  05397470526e5bb1502597aa9bb280bfe9b51322981278eefa80ac0322972c2f
- SHA512
  
  33941abd4b6c3f4d44803f951f4903e95bbb4ec44fd0cee9027a693bd261107e652ce4ac5239d9169299ac3f8f4f76b186654eb31d6b1596484f1b2e4bc09a11
- SSDEEP
  
  192:TpEpdVSQ0gcpDSFhe1cU5EfW7XqEv0134Q62Vg20/B0Z67d2p:TC0zp0heKU5d7XqEI34QFVop0Z67du
Score

1^/10
behavioral10 behavioral9
- Target
  
  ⌚/runBUI.py
- Size
  
  14KB
- MD5
  
  1ea05383b3d39042e0af3619386bac78
- SHA1
  
  732c6b1c1015d9ac7d885fbc7937784f52a84182
- SHA256
  
  44cf9ae8681a3dde742b280c2fab0920300428b5efd3c4589f31c4fe3251a58e
- SHA512
  
  3d60fc88c41c7055913eddaa6d99ac2502b5684f2dfc1fa256d12acd4d3571daf930201ee9182bc61975de50bd2241c00713dd1ebb6b042d078a5f4901e1ea6c
- SSDEEP
  
  192:TpFpdVSQ0gcpDSFhe1cU5EfW7XqEv0134Q62Vg20/B0Z67d2p:Tr0zp0heKU5d7XqEI34QFVop0Z67du
Score

1^/10
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Registers COM server for autorun

Adds Run key to start application

Blocklisted process makes network request

Checks installed software on the system

Enumerates connected drives

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12