94c70fd5da5feb18eb47c379083c68edb32ef7c35d97ee80bad5da8c00688600

Sharing

Copy URL

Twitter E-mail

General

Target

077750e84f5bf5267d582995482adecc_JaffaCakes118
Size

3.7MB
Sample

240429-mqgqhsgh9t
MD5

077750e84f5bf5267d582995482adecc
SHA1

09a4734534c18956eefb003222688b16a082aa89
SHA256

94c70fd5da5feb18eb47c379083c68edb32ef7c35d97ee80bad5da8c00688600
SHA512

ffb27b9ff32ee5e52e27e0e722af5de369d9f8a3073ee907a7a6cb4da2be7d183267cb7dfc0f9168a1917d491594cafa98f1af2e8a74dd2d55594f93149c7048
SSDEEP

98304:y2v74FzFVieLkrim7AVBURgWKQW+O418Qq7snNVnmfPI:FvEk6krisKWKt+Na4VmHI

Score

7^/10

evasion upx

Malware Config

Targets

- Target
  
  077750e84f5bf5267d582995482adecc_JaffaCakes118
- Size
  
  3.7MB
- MD5
  
  077750e84f5bf5267d582995482adecc
- SHA1
  
  09a4734534c18956eefb003222688b16a082aa89
- SHA256
  
  94c70fd5da5feb18eb47c379083c68edb32ef7c35d97ee80bad5da8c00688600
- SHA512
  
  ffb27b9ff32ee5e52e27e0e722af5de369d9f8a3073ee907a7a6cb4da2be7d183267cb7dfc0f9168a1917d491594cafa98f1af2e8a74dd2d55594f93149c7048
- SSDEEP
  
  98304:y2v74FzFVieLkrim7AVBURgWKQW+O418Qq7snNVnmfPI:FvEk6krisKWKt+Na4VmHI
Score

7^/10

upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  Italian!it.txt
- Size
  
  65KB
- MD5
  
  0ec32e3e931ab9352fb103dc425c6ce1
- SHA1
  
  35557900205740086e8e5045af661a6bc8c6f28e
- SHA256
  
  9dd7ebd0944e9d4ed6fdcadeb53a8490551b48b777f6fa8e2df2739150b9e5b6
- SHA512
  
  7872e5819552d972b961b5eb832202b582c1f04451a7a147ff84737024f73b5eb50e83bb32e90e45e11953bf94281bbb6a60fdfa5fcb26e7f3a59258ac42dc9b
- SSDEEP
  
  1536:ZgibwpZYpFyuevprh9FcgaayQKf0Ct9v0aa/HcLaPd94YNnq1tpTHlJXfLn:ZgmgZYpFy9vprh9FcgaaB1CTv0aa/8Lp
Score

1^/10
behavioral3 behavioral4
- Target
  
  Welsh!cy.txt
- Size
  
  63KB
- MD5
  
  fe085c71fe1fd7bbafaa535c68a767cc
- SHA1
  
  4ea364029c185e641021cfb167bc540a80ba4115
- SHA256
  
  833cd3556028ee149b08fe24e1e9a7750dd3fadc4785b9fe1dbe1ab15b456ca4
- SHA512
  
  a175dcfcc1062adf3f2c06289454129c89f70216b36129735d5a7b2b66bdd1259e5d1bba837d91a859501a2b9c30037a83b516270f733054bf54bfeabd12ddfc
- SSDEEP
  
  768:SQ2288B9I/YO/PcSA54rghubFErXxWdB658yPy8VdkUWElCU0IQZS+puOtj:SC4e+j3OL0ISl0Wj
Score

1^/10
behavioral5 behavioral6
- Target
  
  $DESKTOP/Torrent Portable/App/uTorrent/uTorrent.exe
- Size
  
  4.9MB
- MD5
  
  97c2ccf6622b460d89eaa0b481610394
- SHA1
  
  bc6fd3319daf27dfbb2786ad35b17329665a930b
- SHA256
  
  a17b3463587b84d73eecf57929d111dcfba158e33f93d5d43f8b28b7e4e3267c
- SHA512
  
  3ff0dcf9eb9b7c237d8ed13d51b20d3e14aedb5b11db763ff070c1afcef1ee677ace6d5f7d3bd724fc4277c925a30dcdd0d0280015d8cf4c8d88fd9efe910e57
- SSDEEP
  
  49152:lYTEpjDUiCeD8i8aUZMOwbk+ZNTEmrVLUWvggIhbf/NobusuC99ZaTg+P2jqAtHv:lY4ui18i2aQCaQa7P2jxpL9fn9UDc
Score

7^/10

evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral7 behavioral8
- Target
  
  Italian!it.txt
- Size
  
  65KB
- MD5
  
  0ec32e3e931ab9352fb103dc425c6ce1
- SHA1
  
  35557900205740086e8e5045af661a6bc8c6f28e
- SHA256
  
  9dd7ebd0944e9d4ed6fdcadeb53a8490551b48b777f6fa8e2df2739150b9e5b6
- SHA512
  
  7872e5819552d972b961b5eb832202b582c1f04451a7a147ff84737024f73b5eb50e83bb32e90e45e11953bf94281bbb6a60fdfa5fcb26e7f3a59258ac42dc9b
- SSDEEP
  
  1536:ZgibwpZYpFyuevprh9FcgaayQKf0Ct9v0aa/HcLaPd94YNnq1tpTHlJXfLn:ZgmgZYpFy9vprh9FcgaaB1CTv0aa/8Lp
Score

1^/10
behavioral10 behavioral9
- Target
  
  Welsh!cy.txt
- Size
  
  63KB
- MD5
  
  fe085c71fe1fd7bbafaa535c68a767cc
- SHA1
  
  4ea364029c185e641021cfb167bc540a80ba4115
- SHA256
  
  833cd3556028ee149b08fe24e1e9a7750dd3fadc4785b9fe1dbe1ab15b456ca4
- SHA512
  
  a175dcfcc1062adf3f2c06289454129c89f70216b36129735d5a7b2b66bdd1259e5d1bba837d91a859501a2b9c30037a83b516270f733054bf54bfeabd12ddfc
- SSDEEP
  
  768:SQ2288B9I/YO/PcSA54rghubFErXxWdB658yPy8VdkUWElCU0IQZS+puOtj:SC4e+j3OL0ISl0Wj
Score

1^/10
behavioral11 behavioral12
- Target
  
  $DESKTOP/Torrent Portable/uTorrentPortable.exe
- Size
  
  82KB
- MD5
  
  5e1fae6406ca925a0968b55546b73e18
- SHA1
  
  ee96d2b039cca1569e4752903286462345400bcd
- SHA256
  
  f9d5869e1e0517f9940472c7a08fe229da200ebc17fb300e78db1d74be4a6475
- SHA512
  
  d6b2d01d6d579dd8e9fe62cb18655914aa100e0cd11a5ae4bf79dcb447d07906b6946b1eb7375bb0cf15da90fcf11d19e9fccd34def9d8748947ea3d19ca769e
- SSDEEP
  
  1536:t/E+bBR0yXzwLCk3SycmxVTtISCXwCiS74b+/6LRjxaw37OYwryw8L7Qe:1EhKzShSyc2uXwC974e61jt7OYoXe
Score

3^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/FindProcDLL.dll
- Size
  
  3KB
- MD5
  
  75e7351a0f836b8659e6f315683c29f7
- SHA1
  
  66b733d1c978d68cadc245e7efbfcae32807429d
- SHA256
  
  7ffc549e7f679a08c77fa230654b77cdffb3444296bb7c6b8b5769db374b61ee
- SHA512
  
  f03400798b07ccca5e12fa119a586ee9444deb0d2419aced24d93fd84a4702d66864a71b40a11b04b1dbe56e36481cd6a644aec0347bc82bc7375b27bc403fe4
Score

3^/10
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/NewTextreplace.dll
- Size
  
  11KB
- MD5
  
  4c584ada75e66e2f3662f72c79b4bc26
- SHA1
  
  5ee7d2a0ed5662f0cda76a059234fe5f203a3b24
- SHA256
  
  2a770e400a83ce5220460d79f9e22236463c9972e2e32120f125a7d31761e302
- SHA512
  
  c6d7ea8d0e35084f23cd197b207cabe6625cc54d89efe6a8d016929d3bae3eb984342ce9b0e7f2c1e390c62aa4ba3cc2cfcbc40016d247244bd652ea46b2b75a
- SSDEEP
  
  192:tKUSemBDZGm2kaPKknekoGawkCOWf1QP8mnnL96h+/ii:7iAHd7WWq8mL9dii
Score

3^/10
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/Registry.dll
- Size
  
  24KB
- MD5
  
  2b7007ed0262ca02ef69d8990815cbeb
- SHA1
  
  2eabe4f755213666dbbbde024a5235ddde02b47f
- SHA256
  
  0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d
- SHA512
  
  aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca
- SSDEEP
  
  384:W2mvyNjH3rPnAZ4wu2QbnC7qB7PnrvScaeYA4CIDEge/QqL2AQ:/75w/OfrzB4CUxuQfA
Score

3^/10
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/newadvsplash.dll
- Size
  
  8KB
- MD5
  
  7ee14dff57fb6e6c644b318d16768f4c
- SHA1
  
  9a5d5b31ab56ab01e9b0bd76c51b8b4605a8ccce
- SHA256
  
  53377d0710f551182edbab4150935425948535d11b92bf08a1c2dcf989723bd7
- SHA512
  
  0565ff2bdbdf044c5f90bd45475d478b48cdbd5e19569976291b1bdd703e61355410c65f29f2c9213faf56251beb16d342c8625288dad6afc670717b9636d51f
- SSDEEP
  
  96:qD5UDaGxZH52QhtZafDP9BTS9nPg83UniV/zRzGEl1DMl1zN6LmeYt4dO:W5UDaGxZH5T0j+9nl3BzG0IZ6LqN
Score

1^/10
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/nsisFirewall.dll
- Size
  
  8KB
- MD5
  
  69f2e8c6fd141e9e720b2c4c366a8154
- SHA1
  
  a6279d93a102b6d7608dced32a36ddcd3e51994c
- SHA256
  
  2e204ee4f1d12b4ca35c8205cea0cabe354f2e79a471863cfb76a7cee83cf107
- SHA512
  
  bf23a5f3ce98e6a1c04fe8ae6b6f385483ceed62470cd109017c97f37c23adbf0203bfb43d09b007c6925aeb5da9617f33bc5c478618f00cc91da83a48cacaf2
- SSDEEP
  
  96:KCQjg8aCpUcmloiwmXaYY8NVxIYn69TEdUc1ND0RrXQAcuAtoFrJxalMu2k:KCQPeip58NjMNWND0RrXYuAWkM
Score

3^/10
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/Aero.dll
- Size
  
  6KB
- MD5
  
  243bf44688b131c3171f2827a93e39dc
- SHA1
  
  07e9c7bd16ae47953e42c06ae2606de188386f35
- SHA256
  
  04a577df50431eb0ff6fb103566402bf66c50415bcc1f8a86b9c235053131455
- SHA512
  
  a1a8c21d38c54a43d1c6c394f481dfbddcb359c617e9928ecca8f84d47354616a78d20735a1fe7bebd21626c21cf96d0e1a69e3e98f6b35f2a774cc0244f9516
- SSDEEP
  
  96:Mh1Wh+rTUNfwRtoqLOk+UVud5Wa7U2ZG:MTWh+cZG2qLOkjud5Waw2Z
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral25 behavioral26
- Target
  
  $PLUGINSDIR/BrandingURL.dll
- Size
  
  4KB
- MD5
  
  71c46b663baa92ad941388d082af97e7
- SHA1
  
  5a9fcce065366a526d75cc5ded9aade7cadd6421
- SHA256
  
  bb2b9c272b8b66bc1b414675c2acba7afad03fff66a63babee3ee57ed163d19e
- SHA512
  
  5965bd3f5369b9a1ed641c479f7b8a14af27700d0c27d482aa8eb62acc42f7b702b5947d82f9791b29bcba4d46e1409244f0a8ddce4ec75022b5e27f6d671bce
Score

3^/10
behavioral27 behavioral28
- Target
  
  $PLUGINSDIR/InvokeShellVerb.dll
- Size
  
  4KB
- MD5
  
  0f137d75542976c9a5905457411b8fc4
- SHA1
  
  3a498dd92be9e3e174669a6da937568cad5b0129
- SHA256
  
  b38dd9db2839864de3bea895cb169ea9c01a86013b9b4a49b95159c92567e953
- SHA512
  
  255754c7f3ba80eb193b7818067a78f033347a145bdb5fdf792ec1ac4e836624a81f9e0fe685351a58481bb29826921c3d34b0d9f3c65e26e0934f670402287f
Score

3^/10
behavioral29 behavioral30
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  9384f4007c492d4fa040924f31c00166
- SHA1
  
  aba37faef30d7c445584c688a0b5638f5db31c7b
- SHA256
  
  60a964095af1be79f6a99b22212fefe2d16f5a0afd7e707d14394e4143e3f4f5
- SHA512
  
  68f158887e24302673227adffc688fd3edabf097d7f5410f983e06c6b9c7344ca1d8a45c7fa05553adcc5987993df3a298763477168d4842e554c4eb93b9aaaf
- SSDEEP
  
  48:iV6pAvmNC6iMPUptxEZK65x/AmvycNSmwVsOYJyvrpXptp/JvR0Jlof5d2:2811GED5ZTvycNSmwVsTJuftpZR0Sd2
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

ACProtect 1.3x - 1.4x DLL software

Loads dropped DLL

UPX packed file

Identifies Wine through registry keys

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32