01e8b6a66c844769dd5d595dff576f972fb7a70ce4e19474f30ca66ee018b960

Sharing

Copy URL

Twitter E-mail

General

Target

031ccd978f5ebea1f0057fd8ecd8a4fa_JaffaCakes118
Size

1.8MB
Sample

240427-m71jyshg9v
MD5

031ccd978f5ebea1f0057fd8ecd8a4fa
SHA1

4528d216839cec9507465a9d5e830fffd200d5cd
SHA256

01e8b6a66c844769dd5d595dff576f972fb7a70ce4e19474f30ca66ee018b960
SHA512

1295a5d16f7481321e1f4880e0aa193310ec7b39e5ff234cf8f71c25e5644fd6f0346068dda9f129d2cefbc68e15862d06afb251786dc000ef5a7de4251030f8
SSDEEP

49152:ZJEp3Lk+p+Tql6X2PVdd5RzoRJP7PjunNi:ZOp8OMGPVDIbyn

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  031ccd978f5ebea1f0057fd8ecd8a4fa_JaffaCakes118
- Size
  
  1.8MB
- MD5
  
  031ccd978f5ebea1f0057fd8ecd8a4fa
- SHA1
  
  4528d216839cec9507465a9d5e830fffd200d5cd
- SHA256
  
  01e8b6a66c844769dd5d595dff576f972fb7a70ce4e19474f30ca66ee018b960
- SHA512
  
  1295a5d16f7481321e1f4880e0aa193310ec7b39e5ff234cf8f71c25e5644fd6f0346068dda9f129d2cefbc68e15862d06afb251786dc000ef5a7de4251030f8
- SSDEEP
  
  49152:ZJEp3Lk+p+Tql6X2PVdd5RzoRJP7PjunNi:ZOp8OMGPVDIbyn
Score

7^/10

persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $APPDATA/ortmp/uninstaller.exe
- Size
  
  228KB
- MD5
  
  f2d10de88dd21a0a05b105c550f41934
- SHA1
  
  c60af2a8f858847a7179e8a2cb32bfed1fd3ee5c
- SHA256
  
  7db3af7f676e1506fd3d81446ad2938c3c09866d539f38aefcd7d00f7e609251
- SHA512
  
  4a08ad1414aa9ad79e4c306a10916d1cdeb674feeb8d91e05541b0c3b7f3ce138f24cff923af2acfdf4d005494e2537a56faea267add2dc7951a1ac6176dfa1f
- SSDEEP
  
  3072:jtgA3uVV7aXdEmy+v9ZmcywxwJcPpIKvP8bN+OdYM+xn32H3K1F:ZR3sVejyeciRIUQ+ka0sF
Score

1^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  14KB
- MD5
  
  21010df9bc37daffcc0b5ae190381d85
- SHA1
  
  a8ba022aafc1233894db29e40e569dfc8b280eb9
- SHA256
  
  0ebd62de633fa108cf18139be6778fa560680f9f8a755e41c6ab544ab8db5c16
- SHA512
  
  95d3dbba6eac144260d5fcc7fcd5fb3afcb59ae62bd2eafc5a1d2190e9b44f8e125290d62fef82ad8799d0072997c57b2fa8a643aba554d0a82bbd3f8eb1403e
- SSDEEP
  
  192:OFb8Y8oqy2mqZc9hGBQHRx39oRxmMvURkB/Fs:qb8Y8nKqohGBKxox9vURw/a
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  00a0194c20ee912257df53bfe258ee4a
- SHA1
  
  d7b4e319bc5119024690dc8230b9cc919b1b86b2
- SHA256
  
  dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
- SHA512
  
  3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral7 behavioral8
- Target
  
  $TEMPfolder/FonbOmacd/NijosoBeelta.exe
- Size
  
  97KB
- MD5
  
  de9c67896bdf6cd6c2341ad4097c51b5
- SHA1
  
  c9cf857e9bc4c4802d2bddab0093a358fe6242fc
- SHA256
  
  62ee1606571e96c642291b81024cbc99633a9aae4cbae4bc28096badb8f3702c
- SHA512
  
  84a9a7b9c8c3b71063af0806234369efd0912c74b10f262cd0f6d2dc826132cf8289c2d6f0ebcb17c89b960f5bbc16d1d33e6b1adcf50d4645919e2d6a34a671
- SSDEEP
  
  1536:S7QcEXMJiX6X5vMbNUK6LU3Oojw+XM9aFC3Ul7fcbaRl9jasWjcdRbVO74:/8iKXGbNJ1Oojwcf+aRzjFRbVOE
Score

7^/10

persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral10 behavioral9
- Target
  
  $TEMPfolder/FonbOmacd/freebl3.dll
- Size
  
  296KB
- MD5
  
  a3c1cba32232b8c28d3551fb78307058
- SHA1
  
  0c07aee705c8e10d4b4cb9af43f0f6722e7f4c3a
- SHA256
  
  ee912f5dcb516747d4ab5497e4a61cfbc413efab61fafbca6646a320cf07f601
- SHA512
  
  c7f7bb85db1d1a15deb9dc862f7eefa19203bdf22b582ea0f31973dbba9abbeab7fb7babd32c2037f7c9411c747c7fb91762ef18cf1642ef1edd3072f1875765
- SSDEEP
  
  6144:y6uQXzEKoFU1cMeRX+wsE0qMbPpErdJIkE2qwQqqDL67PXGHrIrm:TuQXzEVVsE0qgxE5JIkPVVqn6jIp
Score

1^/10
behavioral11 behavioral12
- Target
  
  $TEMPfolder/FonbOmacd/libnspr4.dll
- Size
  
  288KB
- MD5
  
  74485152d7f2c06fe413f48c7da4ff33
- SHA1
  
  a07c30fedc80e5f4c2cc0be5202d64f51b015b44
- SHA256
  
  3c019cb209ba4f01015ffbb628d988735d2c5d9805abd7dd4dab441ea82eb688
- SHA512
  
  43b3b3bd5d5f3afd845cc79d68e942836f95f708eac96cd84d09b774d8f92f772b2353a273185b6be336603b5b283a486756e95ff26bb1ecd4fe84667cbe6f52
- SSDEEP
  
  6144:HkkTJqYJt8dDvEpuzn1IQg5sjvCOODLzvSPIMEuA:H5JqYJadDvEpYE5sjqn7vSPIME
Score

3^/10
behavioral13 behavioral14
- Target
  
  $TEMPfolder/FonbOmacd/libplc4.dll
- Size
  
  47KB
- MD5
  
  08bacf2967fd8ea468c69f6e8d31b914
- SHA1
  
  eec97e847be6303013e468979b861ff74d4279ed
- SHA256
  
  2f143cac2efdc21b98620338c6f0404dfce812ee5741960ff68671ed0b0f3a9a
- SHA512
  
  2550e9481d2604b9c62b97ede184af4a8b2db1333b6707e01bc67b3699f72b0b764a238c86801d4457007e31977a181007f67c300f7c47899d4a771d05c2e97a
- SSDEEP
  
  768:Y8Ti1h/2mVqk1YlCD4DfpEMMyWcMmvXTeFSPjORVWCTwHmD:rGlVP1tYE9yW7i6RMMAm
Score

3^/10
behavioral15 behavioral16
- Target
  
  $TEMPfolder/FonbOmacd/libplds4.dll
- Size
  
  45KB
- MD5
  
  56c1c79274ef5728b1f50986a5a8f22e
- SHA1
  
  32f67170194ce27736e564b5328dbab6c4be33b3
- SHA256
  
  8720171993fc29c517a8124b8235c2c5d71b0ae4c236685ba202088326d780de
- SHA512
  
  6198edad58ffbb9109c827de704a6d67be44300e7bf11d5af427e568388a9a746ce58e6c09babd65f6cf7dbec9520be6c9d92c7a4724c0892e044c38a9e2ce3a
- SSDEEP
  
  768:DHwclA1A6MPkrIyW4Xd6j8XFC7K0mjk1PH2TMR9T6O:J8AQW4OkFf0jdR9T6
Score

3^/10
behavioral17 behavioral18
- Target
  
  $TEMPfolder/FonbOmacd/nss3.dll
- Size
  
  834KB
- MD5
  
  9721a913f9a997a62c532d72ed3e7b8d
- SHA1
  
  2e1f33ec48938eab775f6775e4de93150b39b46d
- SHA256
  
  4515d073983b96bd48d2601fb22646d72aa56aec163cb172e6d06dd55b8a9e80
- SHA512
  
  7363b2192a3b0b5f946c14983b197315632907790871dd795b2d995d8cf924d9d3ad7af2c3b465b70f5bb110ba8aaef1412d2cc33bedaeca8c64e2a523678ad7
- SSDEEP
  
  24576:Oc/6FaZIbEOQsrzvV6ZhS69nggn67iPQzggwadmMHzbuoO66HgMFzS8d4:/WwUvILzS8
Score

3^/10
behavioral19 behavioral20
- Target
  
  $TEMPfolder/FonbOmacd/nssckbi.dll
- Size
  
  407KB
- MD5
  
  ba406d87af2f892c1b59628899fbcb10
- SHA1
  
  6392231726ed0759352c8e11c699a17b2519e528
- SHA256
  
  7a5c06a5050881b747eae24e77a4a4ec0f66752c4e0d89e447cded177629965f
- SHA512
  
  f2df98b3172eea84a6b2948adf6ff2d48d88f9e393822d776203d5c930628c4b850cb8b92ba60993dec1d25f0e8f6391ca545d2259da1b7a53bece22c7251155
- SSDEEP
  
  6144:dJz2s9oBgdMTWfpUwFygo5zUM38MEuL9ewNkUE0kUq:7f9OgWTWfpf0gmzY49zNkUE0kUq
Score

3^/10
behavioral21 behavioral22
- Target
  
  $TEMPfolder/FonbOmacd/nssdbm3.dll
- Size
  
  160KB
- MD5
  
  56c619b8135d1fbe8386800020fe7696
- SHA1
  
  0d1383b7d38a2a7a768d3504358d7f5690801785
- SHA256
  
  331125565c61dab2c0120ea5b183a8e15d0d96595fad420f972e3199d193926e
- SHA512
  
  6d2b8d532a1a22dad5737f77fe244fe4755993af106f86a493dc1131dbb1543dbb700fe9a9a311a60dd7b370f724f1d16bc705df7e5f1f1453252d1183d9f18f
- SSDEEP
  
  3072:SWAuhz/7qnmt07ogzy+Pl4mJqyomsdJQg4n5mw/:3z1ftU1t4vmsd+d3/
Score

1^/10
behavioral23 behavioral24
- Target
  
  $TEMPfolder/FonbOmacd/nssutil3.dll
- Size
  
  132KB
- MD5
  
  08b59a1793e8cd6fb085271650f8b5d0
- SHA1
  
  3182956535052ab496bc92f59167a7e114752b1e
- SHA256
  
  f0c14914986be4dc13a72fbe509db10a4c24c55e545471d1e4dde2c1d4ca03a1
- SHA512
  
  e2526879a4904f9e96b5f9422a088bfc4811f5ed3567fd0ad4021c10e6b796df10c61734cf59a2b2b36151fb1451660283284f97d7ff95eb3b78d6340f1cd136
- SSDEEP
  
  3072:FrWGRqQf+09adxCf1aW5GrOeDrcP03Oi45C8k9QJ:RWGNtOOqrcPl
Score

3^/10
behavioral25 behavioral26
- Target
  
  $TEMPfolder/FonbOmacd/smime3.dll
- Size
  
  129KB
- MD5
  
  88f553be556ae62c59b3a3fbea81987e
- SHA1
  
  166abd59cdf04380b939c3d216b514cbe09735f8
- SHA256
  
  741bf85f9011be7f57df51a409b9b43b45bed0329d14cedc05d0f84e60c66006
- SHA512
  
  d27e0ea06245782960bcffd41f9afbd9a7fe3bbb43f15eddbfa083568b21cc6dd15c86686fb597a0bf05d2bb4e76332eb7f28aba82e6a3695423f1458fb924c4
- SSDEEP
  
  3072:AUOZ75SYZdOhxAhuV9yMABbSRn8suaQZOXXoYC/6I4zdSbfoMR0NOBqN:AUOZ75P6muSMmWRntuTAdNN
Score

3^/10
behavioral27 behavioral28
- Target
  
  $TEMPfolder/FonbOmacd/softokn3.dll
- Size
  
  225KB
- MD5
  
  5ecb1c6033d08a9277df748f6272d6a2
- SHA1
  
  17542582b66e31bcfe292b6a1f1afe8284fadd65
- SHA256
  
  3a85a3c19e83c078e1f950627c407e3b5c53eba3ccdc827fb627c7e00bd7f8a8
- SHA512
  
  696a8b9dd681ae1df8ca4379a186f5ecdf9846fd143ee2fe6dd54ba28f3edc509e80cb6a0c9ff6d79f3ab053ce63646eeb0ae2bd58243ba174c85813a95bd564
- SSDEEP
  
  3072:d4T4Ne9khUjPGYmxK+VZ3A0vX+7fNti8Yvl1/NDnJ0cnUljfxS+Z/4l3p5q:STJUSGVXj9O7fNt5Yt3Jqljfxr6
Score

3^/10
behavioral29 behavioral30
- Target
  
  $TEMPfolder/FonbOmacd/sqlite3.dll
- Size
  
  444KB
- MD5
  
  18a54a743d683a0dc40c65155d108608
- SHA1
  
  dd499c8bab4bf8523d6c2cbcd3f6a38f819f5f3e
- SHA256
  
  1a5a89214fc67a35da8d64d0f17f9bd4b4f49d5ff6383743c62e18fbe482d6b3
- SHA512
  
  57e563fb01a54e5200f5b125a02fdc5ad0b0e152deab873221bd378d1044f5d30b3cd11197880b431676d4b5cb7636ca7830e4cb537f53383b76896cb53b5dca
- SSDEEP
  
  6144:XguzLWRZAuMy5z9cnsdKs2ANtHWP6+/Q0PQmmOJcOAvkobZcDmnuDo3/AHE:NWRZNDd4804fkCZ0U3/l
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Checks BIOS information in registry

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Drops file in System32 directory

Checks BIOS information in registry

Loads dropped DLL

Adds Run key to start application

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32