ee2994270b42614eb65db99369dbe610a5ddaba06322b56c15280d1d5ec76019

Sharing

Copy URL

Twitter E-mail

General

Target

06956d4e1404512c1b2fbfaaa6d208aa_JaffaCakes118
Size

1.7MB
Sample

240429-cj8kjsfb47
MD5

06956d4e1404512c1b2fbfaaa6d208aa
SHA1

7d6ec7f2a07e087ad24895244ae840414d90cb75
SHA256

ee2994270b42614eb65db99369dbe610a5ddaba06322b56c15280d1d5ec76019
SHA512

c00a3fdfa966c5ae739cf8259473606464dc07b30db5ed40feb3ea85c07c2923085183851cd24986d14cacb489ea80f62b18cd8b7850bf2c3171f3a8bef18181
SSDEEP

49152:+23ZMjkAni5NJ44lClN5OVwlwikOZ+L9bgwWdUB8wI5:+8Mni5NJ46ClN5bkO7UB8f5

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  06956d4e1404512c1b2fbfaaa6d208aa_JaffaCakes118
- Size
  
  1.7MB
- MD5
  
  06956d4e1404512c1b2fbfaaa6d208aa
- SHA1
  
  7d6ec7f2a07e087ad24895244ae840414d90cb75
- SHA256
  
  ee2994270b42614eb65db99369dbe610a5ddaba06322b56c15280d1d5ec76019
- SHA512
  
  c00a3fdfa966c5ae739cf8259473606464dc07b30db5ed40feb3ea85c07c2923085183851cd24986d14cacb489ea80f62b18cd8b7850bf2c3171f3a8bef18181
- SSDEEP
  
  49152:+23ZMjkAni5NJ44lClN5OVwlwikOZ+L9bgwWdUB8wI5:+8Mni5NJ46ClN5bkO7UB8f5
Score

7^/10

persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $APPDATA/ortmp/uninstaller.exe
- Size
  
  227KB
- MD5
  
  cd5a0e02e4560f8e8bda88b6394d24b9
- SHA1
  
  6ad845740446fe62ee126d4fe3c1dae2557c992d
- SHA256
  
  d45e1091a902484ad589953981d6691e66180cf0cd3b72fe61eab0c235c7e978
- SHA512
  
  c6b0de4c9da96cb43d4293bc2265bbc25db9c4b634bbf4b89122060f0a6a6d05b855bac456856d5b8def91445ceb21d9e01004818ac88a9e52680e33ffd9224d
- SSDEEP
  
  3072:gTDXPIS1blQmbVRyt9822RecS+EqClkN+OqlzM+a1MH3Kh6:W7P/1Om5V3KK+FGyA6
Score

1^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  14KB
- MD5
  
  21010df9bc37daffcc0b5ae190381d85
- SHA1
  
  a8ba022aafc1233894db29e40e569dfc8b280eb9
- SHA256
  
  0ebd62de633fa108cf18139be6778fa560680f9f8a755e41c6ab544ab8db5c16
- SHA512
  
  95d3dbba6eac144260d5fcc7fcd5fb3afcb59ae62bd2eafc5a1d2190e9b44f8e125290d62fef82ad8799d0072997c57b2fa8a643aba554d0a82bbd3f8eb1403e
- SSDEEP
  
  192:OFb8Y8oqy2mqZc9hGBQHRx39oRxmMvURkB/Fs:qb8Y8nKqohGBKxox9vURw/a
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  00a0194c20ee912257df53bfe258ee4a
- SHA1
  
  d7b4e319bc5119024690dc8230b9cc919b1b86b2
- SHA256
  
  dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
- SHA512
  
  3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral7 behavioral8
- Target
  
  $TEMPfolder/ortmp/freebl3.dll
- Size
  
  296KB
- MD5
  
  a3c1cba32232b8c28d3551fb78307058
- SHA1
  
  0c07aee705c8e10d4b4cb9af43f0f6722e7f4c3a
- SHA256
  
  ee912f5dcb516747d4ab5497e4a61cfbc413efab61fafbca6646a320cf07f601
- SHA512
  
  c7f7bb85db1d1a15deb9dc862f7eefa19203bdf22b582ea0f31973dbba9abbeab7fb7babd32c2037f7c9411c747c7fb91762ef18cf1642ef1edd3072f1875765
- SSDEEP
  
  6144:y6uQXzEKoFU1cMeRX+wsE0qMbPpErdJIkE2qwQqqDL67PXGHrIrm:TuQXzEVVsE0qgxE5JIkPVVqn6jIp
Score

1^/10
behavioral10 behavioral9
- Target
  
  $TEMPfolder/ortmp/libnspr4.dll
- Size
  
  288KB
- MD5
  
  74485152d7f2c06fe413f48c7da4ff33
- SHA1
  
  a07c30fedc80e5f4c2cc0be5202d64f51b015b44
- SHA256
  
  3c019cb209ba4f01015ffbb628d988735d2c5d9805abd7dd4dab441ea82eb688
- SHA512
  
  43b3b3bd5d5f3afd845cc79d68e942836f95f708eac96cd84d09b774d8f92f772b2353a273185b6be336603b5b283a486756e95ff26bb1ecd4fe84667cbe6f52
- SSDEEP
  
  6144:HkkTJqYJt8dDvEpuzn1IQg5sjvCOODLzvSPIMEuA:H5JqYJadDvEpYE5sjqn7vSPIME
Score

3^/10
behavioral11 behavioral12
- Target
  
  $TEMPfolder/ortmp/libplc4.dll
- Size
  
  47KB
- MD5
  
  08bacf2967fd8ea468c69f6e8d31b914
- SHA1
  
  eec97e847be6303013e468979b861ff74d4279ed
- SHA256
  
  2f143cac2efdc21b98620338c6f0404dfce812ee5741960ff68671ed0b0f3a9a
- SHA512
  
  2550e9481d2604b9c62b97ede184af4a8b2db1333b6707e01bc67b3699f72b0b764a238c86801d4457007e31977a181007f67c300f7c47899d4a771d05c2e97a
- SSDEEP
  
  768:Y8Ti1h/2mVqk1YlCD4DfpEMMyWcMmvXTeFSPjORVWCTwHmD:rGlVP1tYE9yW7i6RMMAm
Score

3^/10
behavioral13 behavioral14
- Target
  
  $TEMPfolder/ortmp/libplds4.dll
- Size
  
  45KB
- MD5
  
  56c1c79274ef5728b1f50986a5a8f22e
- SHA1
  
  32f67170194ce27736e564b5328dbab6c4be33b3
- SHA256
  
  8720171993fc29c517a8124b8235c2c5d71b0ae4c236685ba202088326d780de
- SHA512
  
  6198edad58ffbb9109c827de704a6d67be44300e7bf11d5af427e568388a9a746ce58e6c09babd65f6cf7dbec9520be6c9d92c7a4724c0892e044c38a9e2ce3a
- SSDEEP
  
  768:DHwclA1A6MPkrIyW4Xd6j8XFC7K0mjk1PH2TMR9T6O:J8AQW4OkFf0jdR9T6
Score

3^/10
behavioral15 behavioral16
- Target
  
  $TEMPfolder/ortmp/nss3.dll
- Size
  
  834KB
- MD5
  
  9721a913f9a997a62c532d72ed3e7b8d
- SHA1
  
  2e1f33ec48938eab775f6775e4de93150b39b46d
- SHA256
  
  4515d073983b96bd48d2601fb22646d72aa56aec163cb172e6d06dd55b8a9e80
- SHA512
  
  7363b2192a3b0b5f946c14983b197315632907790871dd795b2d995d8cf924d9d3ad7af2c3b465b70f5bb110ba8aaef1412d2cc33bedaeca8c64e2a523678ad7
- SSDEEP
  
  24576:Oc/6FaZIbEOQsrzvV6ZhS69nggn67iPQzggwadmMHzbuoO66HgMFzS8d4:/WwUvILzS8
Score

3^/10
behavioral17 behavioral18
- Target
  
  $TEMPfolder/ortmp/nssckbi.dll
- Size
  
  407KB
- MD5
  
  ba406d87af2f892c1b59628899fbcb10
- SHA1
  
  6392231726ed0759352c8e11c699a17b2519e528
- SHA256
  
  7a5c06a5050881b747eae24e77a4a4ec0f66752c4e0d89e447cded177629965f
- SHA512
  
  f2df98b3172eea84a6b2948adf6ff2d48d88f9e393822d776203d5c930628c4b850cb8b92ba60993dec1d25f0e8f6391ca545d2259da1b7a53bece22c7251155
- SSDEEP
  
  6144:dJz2s9oBgdMTWfpUwFygo5zUM38MEuL9ewNkUE0kUq:7f9OgWTWfpf0gmzY49zNkUE0kUq
Score

3^/10
behavioral19 behavioral20
- Target
  
  $TEMPfolder/ortmp/nssdbm3.dll
- Size
  
  160KB
- MD5
  
  56c619b8135d1fbe8386800020fe7696
- SHA1
  
  0d1383b7d38a2a7a768d3504358d7f5690801785
- SHA256
  
  331125565c61dab2c0120ea5b183a8e15d0d96595fad420f972e3199d193926e
- SHA512
  
  6d2b8d532a1a22dad5737f77fe244fe4755993af106f86a493dc1131dbb1543dbb700fe9a9a311a60dd7b370f724f1d16bc705df7e5f1f1453252d1183d9f18f
- SSDEEP
  
  3072:SWAuhz/7qnmt07ogzy+Pl4mJqyomsdJQg4n5mw/:3z1ftU1t4vmsd+d3/
Score

1^/10
behavioral21 behavioral22
- Target
  
  $TEMPfolder/ortmp/nssutil3.dll
- Size
  
  132KB
- MD5
  
  08b59a1793e8cd6fb085271650f8b5d0
- SHA1
  
  3182956535052ab496bc92f59167a7e114752b1e
- SHA256
  
  f0c14914986be4dc13a72fbe509db10a4c24c55e545471d1e4dde2c1d4ca03a1
- SHA512
  
  e2526879a4904f9e96b5f9422a088bfc4811f5ed3567fd0ad4021c10e6b796df10c61734cf59a2b2b36151fb1451660283284f97d7ff95eb3b78d6340f1cd136
- SSDEEP
  
  3072:FrWGRqQf+09adxCf1aW5GrOeDrcP03Oi45C8k9QJ:RWGNtOOqrcPl
Score

3^/10
behavioral23 behavioral24
- Target
  
  $TEMPfolder/ortmp/orion.exe
- Size
  
  1.1MB
- MD5
  
  be84f2d7a82cafeaa173428f0370a46b
- SHA1
  
  d1775cd2bf9da213b013d4b6eabd0e8764a35c0e
- SHA256
  
  51b3f447940a700e264e0eb0ac4a90e137421a958928bb1ce709534d59990699
- SHA512
  
  79ce4c7769d1d22fe36b65baad8dc9523e47511a808a5bdcb1620f8c66cacb05f9ecc3a83fdc6a6a859f3402b00705bb0ffae25b4fdd3de6c1abee2eda734575
- SSDEEP
  
  24576:FjiSynMq8nwn5QS1+KpPr6+dZ5l1YSQlm5loSGTc/p/tb:hiSK59jm/jA/p/tb
Score

7^/10

persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral25 behavioral26
- Target
  
  $TEMPfolder/ortmp/smime3.dll
- Size
  
  129KB
- MD5
  
  88f553be556ae62c59b3a3fbea81987e
- SHA1
  
  166abd59cdf04380b939c3d216b514cbe09735f8
- SHA256
  
  741bf85f9011be7f57df51a409b9b43b45bed0329d14cedc05d0f84e60c66006
- SHA512
  
  d27e0ea06245782960bcffd41f9afbd9a7fe3bbb43f15eddbfa083568b21cc6dd15c86686fb597a0bf05d2bb4e76332eb7f28aba82e6a3695423f1458fb924c4
- SSDEEP
  
  3072:AUOZ75SYZdOhxAhuV9yMABbSRn8suaQZOXXoYC/6I4zdSbfoMR0NOBqN:AUOZ75P6muSMmWRntuTAdNN
Score

3^/10
behavioral27 behavioral28
- Target
  
  $TEMPfolder/ortmp/softokn3.dll
- Size
  
  225KB
- MD5
  
  5ecb1c6033d08a9277df748f6272d6a2
- SHA1
  
  17542582b66e31bcfe292b6a1f1afe8284fadd65
- SHA256
  
  3a85a3c19e83c078e1f950627c407e3b5c53eba3ccdc827fb627c7e00bd7f8a8
- SHA512
  
  696a8b9dd681ae1df8ca4379a186f5ecdf9846fd143ee2fe6dd54ba28f3edc509e80cb6a0c9ff6d79f3ab053ce63646eeb0ae2bd58243ba174c85813a95bd564
- SSDEEP
  
  3072:d4T4Ne9khUjPGYmxK+VZ3A0vX+7fNti8Yvl1/NDnJ0cnUljfxS+Z/4l3p5q:STJUSGVXj9O7fNt5Yt3Jqljfxr6
Score

3^/10
behavioral29 behavioral30
- Target
  
  $TEMPfolder/ortmp/sqlite3.dll
- Size
  
  444KB
- MD5
  
  18a54a743d683a0dc40c65155d108608
- SHA1
  
  dd499c8bab4bf8523d6c2cbcd3f6a38f819f5f3e
- SHA256
  
  1a5a89214fc67a35da8d64d0f17f9bd4b4f49d5ff6383743c62e18fbe482d6b3
- SHA512
  
  57e563fb01a54e5200f5b125a02fdc5ad0b0e152deab873221bd378d1044f5d30b3cd11197880b431676d4b5cb7636ca7830e4cb537f53383b76896cb53b5dca
- SSDEEP
  
  6144:XguzLWRZAuMy5z9cnsdKs2ANtHWP6+/Q0PQmmOJcOAvkobZcDmnuDo3/AHE:NWRZNDd4804fkCZ0U3/l
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks BIOS information in registry

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Drops file in System32 directory

Checks BIOS information in registry

Loads dropped DLL

Adds Run key to start application

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32