General

  • Target

    0dec9b0485007f34490b029822a1022b_JaffaCakes118

  • Size

    6.4MB

  • Sample

    240502-jn9fzaeg49

  • MD5

    0dec9b0485007f34490b029822a1022b

  • SHA1

    52a72de60b46526b8b7fb9a1022c944393d63578

  • SHA256

    e37bd3d6e631895d68a60dd3e7ce8305609edd617e0b6082fae05c8deb89f1c2

  • SHA512

    cee7c7a4d1c65b062680a255896b8227841f960aeb7ff3cf93fa378b4fbb54778d5e5b3bf23a4d6d4e917a7dcab45ed0fe640f01501ee41b38370ca5a8c0adac

  • SSDEEP

    98304:XUQ28a9Ni4Xo7W4cO9Flr4AP10RgA572fi6iJ0i6xOKyrIl9BZcCjf8TM:XHANi4Y7//8AP10iTiGObrIlJjc

Malware Config

Targets

    • Target

      0dec9b0485007f34490b029822a1022b_JaffaCakes118

    • Size

      6.4MB

    • MD5

      0dec9b0485007f34490b029822a1022b

    • SHA1

      52a72de60b46526b8b7fb9a1022c944393d63578

    • SHA256

      e37bd3d6e631895d68a60dd3e7ce8305609edd617e0b6082fae05c8deb89f1c2

    • SHA512

      cee7c7a4d1c65b062680a255896b8227841f960aeb7ff3cf93fa378b4fbb54778d5e5b3bf23a4d6d4e917a7dcab45ed0fe640f01501ee41b38370ca5a8c0adac

    • SSDEEP

      98304:XUQ28a9Ni4Xo7W4cO9Flr4AP10RgA572fi6iJ0i6xOKyrIl9BZcCjf8TM:XHANi4Y7//8AP10iTiGObrIlJjc

    Score
    8/10
    • Blocklisted process makes network request

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Downloads MZ/PE file

    • Modifies Windows Firewall

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      fbe295e5a1acfbd0a6271898f885fe6a

    • SHA1

      d6d205922e61635472efb13c2bb92c9ac6cb96da

    • SHA256

      a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1

    • SHA512

      2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06

    • SSDEEP

      192:yPtkiQJr7V9r3Ftr87NfwXQ6whlgi62V7i77blbTc4DI:N7Vxr8IgLgi3sVc4

    Score
    3/10
    • Target

      Tools/modules/bugreport.hta

    • Size

      27KB

    • MD5

      492b077cd9c947c4cccab9acd25e6c43

    • SHA1

      b34ba31c78d48fd1ccd4e43cb2bec1db3155a97c

    • SHA256

      14763e4336a3f96fa2d9aeb5a55dfad39672ba2ce68114c582c56d874350c386

    • SHA512

      37127dfcd39c3ed973c4e1ba1d0aca9b11b719fbb9c29b668128a50ef44217e16621a7f8e20b924320fb63ac603f19836ec861695f4a5f486f5b7747b309b669

    • SSDEEP

      192:cZGGdaWZf6bORA1bwDtGaTi6I9BcwlnXLH8goq7i31GsRr8hd4S1JLMAHgPx0HS6:cdZKORA0tGp6iBceX7B7i3Yq8hd4fu

    Score
    3/10
    • Target

      Tools/run.hta

    • Size

      2KB

    • MD5

      d0e69969ac10cee9ac933c3223542059

    • SHA1

      7f9246b3bcb6f1cf1b5d9f26ad7a747dc4fbceb3

    • SHA256

      11abb36beb797e400f6d5fc924f8ae07f40ec41aeb1b1b43f6583bb60a875cd5

    • SHA512

      4bd2df510345263952df26c7b6c9f2fc57e1af4046919d68f8a9aa3c8b1d60127a4bef6b75bf915710287e8a1e442437dde135eb3ac7d4dc10321ffbf97dc2d6

    • Blocklisted process makes network request

    • Modifies Windows Firewall

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Target

      config.js

    • Size

      3KB

    • MD5

      e6f4bc31e1a7820cbe3412c418a2c7d5

    • SHA1

      5d257254c6cd68c466ee352f372eabb62fd3180f

    • SHA256

      7eef38152220cabab121f551d92fe40b850c41065653b9d43c021de73bf6c6d2

    • SHA512

      e16a2aa03615ebfcafa3f88ce79dd2d52e6ab1379ac62a0fa72b8ffa948851dd07b561ff3c10d411d692ff19290ec829faac9e91e261135e8c79d8b10f73d982

    Score
    1/10
    • Target

      drp.js

    • Size

      3.2MB

    • MD5

      b7674027589c6a154ab53fde901a6092

    • SHA1

      43e7f020a9ff7723b3aa49e95d8865d9f8e20e76

    • SHA256

      d6e4d36dd48968e7fc1e83ce57b4411dfdaf6c6c359e682bffb027432e199d32

    • SHA512

      f6156c1b973e6d0849f7ae894bc346839c315d258f5818dfed886e2e52cf5612b1d55e2f7178aba71d0bb81b26b6fb5689e8aa9d1d043f9b72ce44895c445ab9

    • SSDEEP

      49152:2hMKdGyTJYZ6t201dIPEWzUsuAFREUplsAiGJOljSY3qEJlq5JKOXk7jTwhgrC43:2

    Score
    1/10
    • Target

      js/soft.js

    • Size

      80KB

    • MD5

      136cab6fee03e89698d703852962e665

    • SHA1

      84f88e4a556223f0bfef29ae2eee9b0a18e61249

    • SHA256

      f0d71f23dde0161e01dd62281395d61f778711442918fff97b445ac0368e3b12

    • SHA512

      483aa8ee115b94ed0b494a219d930afa1435f6ae2c6a0e6bd94b7c8c9714615e2042eb28a509e4abf0933a011f3a54a6cbdf744c4498a08d36c5b66e0f75984a

    • SSDEEP

      384:RxHo7ouhAiGuhVl0uhAXuhVlIokuhAr0uhA4FtYJtUj1n3suBF9zxSfKwK+gzG7E:HaFt0TwzPWYBttzKZoGESa+

    Score
    1/10
    • Target

      languages/ar.js

    • Size

      68KB

    • MD5

      668f36ad72a2ea2b002fbe7857b06298

    • SHA1

      136bd40e54fed28a5d5767a4137de8799da1797a

    • SHA256

      31f958f26de20c29f9dd75678d62941d5f2384b6996b1b0700115890504b3271

    • SHA512

      a0765c04ae34de71283f9bdfe8b5c2088b572567ffe0d99975d1109ff4269be02b347a4b3a3f6610355957bb0c2a31bee12d7f01635074d47a7e8dfe078524b2

    • SSDEEP

      1536:EjO4P0k5PcjqUeVM9z0tlqlrGQB3Lql7R2jQg1HqlC/t8Dd8Dr1riPsjnjiW69eP:EjTMk5PtF+B2sjbd0OcT239

    Score
    1/10
    • Target

      languages/az.js

    • Size

      62KB

    • MD5

      e10cd6174c53af336a74c8e1b7c15661

    • SHA1

      28bd659e7f99c4a709972243605217d754845032

    • SHA256

      71d62b8da4564098d9745dfb0f0dd805d5d1bd34c3b68b1dfb8fa4b1046dd128

    • SHA512

      2a05478a7621d132dfde79684ba298ce36848284b2fd9b387d91f3abdf93ae4421ae4af8213d873cc7a5a9cdc8ca298e7627fea2dfb62d5257d90666068e8f1e

    • SSDEEP

      1536:MqNVGWURh3wAHz/2BHysUWPTvnepoIzRHlcL9hC+s7UGZPHIGPsogjHx71ly4o1O:MqNVGW0hgAT+Ysq11LotFSfS

    Score
    1/10
    • Target

      languages/be.js

    • Size

      75KB

    • MD5

      e74b286b507b14d203439155c65905f8

    • SHA1

      7f1635267d1ccb588748322d08c3a2d33ba183f2

    • SHA256

      9c420b9d29482bb7d6206eb111fa39c261472c3e11443be043d1ea4c42fee9ed

    • SHA512

      530a320f7e1cadebd80dc34c0269921a7f1eae056a1fbebffef464bc2dffb886f094ffbaff9422a5983fd5e50ca73df38e25103c8b5fa4d1803349c5589ae9d2

    • SSDEEP

      1536:y9xuQkeE69vmb7mnUDtlwE7l5/e1pNFZ5kl98Z+FU5ZU/bfqcAbf1Ijy/XnUqsPV:y9xuQVFZFpIQWO37mF

    Score
    1/10
    • Target

      languages/bg.js

    • Size

      74KB

    • MD5

      01e14defb02ef0464275566b7e0426b6

    • SHA1

      ddf47989547983fc5e65028e2a9d4d637b197c2f

    • SHA256

      5e2486820a10800e1dd33a4630ffafca099801405ba471056322416b76273fab

    • SHA512

      9fb688df6a17608fd49e2803c50f61a4087d49e99fd35714aa58db307797503cc9ab6bd5bb744272f78ff1c610d0f57c1c607018b502270bf6850711b4645398

    • SSDEEP

      1536:ixdzqEe/o9zfIlrW6ZsJZ2iTWM4XXhurQWPsG0V7DkdyWeJI/A8qlo6YjoiDEgzx:ixpq12jt3M1Y

    Score
    1/10
    • Target

      languages/bn.js

    • Size

      87KB

    • MD5

      32e1cc875aab0ca4da70f85f4b35a4d7

    • SHA1

      8dbf76417fe42fc37d805fca012c3f6ee18612bb

    • SHA256

      fd790dc3de0a4934ecda042c27be47d4dc5902c49b12104bc8f9f30e7c7bb76d

    • SHA512

      8995a64fcf8a3cf1fb194011a3ba3a5664b9028c06e5c4d806e6976c8d34a5849e8080b88badc3d4186ff6d0448fe57202a8bb3fb54c3e86fdce4871e6be21be

    • SSDEEP

      1536:gKjsuujaehj9z/1lCySRNuZp5Hm4px8gjFiFr4EKHSm2cgT3y8DwLZS2EkzGF++H:P7oXdqd7

    Score
    1/10
    • Target

      languages/ca.js

    • Size

      56KB

    • MD5

      9ebce00c112dcf5cd8a4770d32dd2f8e

    • SHA1

      f42f7dc35bfdc2cadcd9709de372bf5c35ba163b

    • SHA256

      07df1e3bdb4f6b0d53f9dfe00a3502168accf69695851ac92e3de0c3dc361b1c

    • SHA512

      2154e914b8252a2e956bd46edcd132847cd1ba8303ab95b0544e084522e25a9a227eb94eae5dd5a3cf940420d779dc7abf34aa8e24a050b0ffff322be215a793

    • SSDEEP

      1536:f3eNqTtcpUGwbDuerJ9JmAqmVpPgH8CfWME+s25HBa0vG5+DoQTJamzGom+1+oT6:f3HTQZwXz2amE+pgB

    Score
    1/10
    • Target

      languages/cs.js

    • Size

      53KB

    • MD5

      bfd3d979857335937ff82f5af766fb65

    • SHA1

      25d207bbb3b12be0510c5a0e8fb72d053a16c5af

    • SHA256

      047543f76bcc25cb34e3ba328aa4321122519124bc2beb6c6c3c52d7a39df6ea

    • SHA512

      4de4b620d31c812b97c9e56f33e8e0c0214f78fd1793e33ea125063791c84d09d28dc97897a2b1b71c63ba5953ca0c33f8bd616c552a18785e5b8513d46586f1

    • SSDEEP

      1536:poHaaxTNPO/eZ19zVQl3fTI8FO6bH+hbMD06ymbQquzn6LD3CONtmek0bE65A7bA:+jtNWmidRH/

    Score
    1/10
    • Target

      languages/de.js

    • Size

      55KB

    • MD5

      579336b0fc67949daa17b880549f402a

    • SHA1

      2b2aa9378d68bd10e1cde81136111aecb43c0ff9

    • SHA256

      73b86880a25fbbd243d39fdeb63a1f64aaec231379cae181b17fbe18f2ae4617

    • SHA512

      ef1cbe0e2e9034b36d5aed0afd28a771637096ea7ac94865ac89402e672f1c6f17ac9d139174e259c20f06d439ee925f446f322ad2e4f2c07f6b4a13587fa373

    • SSDEEP

      1536:MRJ2Xf8Y09UUIeZIhvzjZlSmvPavPCD+/lhu5ztVIRhCqMWHEPoyXMHWyEZ+Ktfs:OUsed9BmV

    Score
    1/10
    • Target

      languages/el.js

    • Size

      61KB

    • MD5

      9aa0c35214ba859c6b088b32ae482e33

    • SHA1

      2f083132417b295b447205ad8b6fbab48e740cfa

    • SHA256

      d5df0a88e9861621028fa48f56542f5e42dbab98a7a769869219ed85ad239edf

    • SHA512

      5bd1d773ae080406e419e2dd90737e8dbd7bc80c9aa3d04d5a9f76c1e4444bc1a1a83ed3b4cb2d0545709f2c12b2d1f86cbc48d73c0f99954d37d55c7fc4a46f

    • SSDEEP

      1536:BAXiQCqAvnpkjchnC9NseYr9zVQl3foUTzO/xm+hbMX2JyKh+h5JAi/f0m91ONte:6SQCRvnpGchn2NN1z9ERHG

    Score
    1/10

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

BITS Jobs

1
T1197

Privilege Escalation

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Defense Evasion

Impair Defenses

2
T1562

Disable or Modify System Firewall

2
T1562.004

BITS Jobs

1
T1197

Modify Registry

3
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Collection

Data from Local System

1
T1005

Tasks

static1

qrlink
Score
3/10

behavioral1

discoveryevasionupx
Score
8/10

behavioral2

Score
4/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

discoveryevasionspywarestealer
Score
8/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10