b671f420afcc25cd5b00b9b32c7cbad7b0ad7410354a133f246469f7c0414016

Sharing

Copy URL

Twitter E-mail

General

Target

1901f19b380f48253fbd668ba247fab5_JaffaCakes118
Size

1.5MB
Sample

240505-yblxgabf5v
MD5

1901f19b380f48253fbd668ba247fab5
SHA1

c95849d3cf91cb231fd5997abb4c52c7b40a471c
SHA256

b671f420afcc25cd5b00b9b32c7cbad7b0ad7410354a133f246469f7c0414016
SHA512

9937d02afed518c03f8bc1701f25ca7162ab653ea9ecb43b9c24fe2b02b0152b3821f34813aab0889539521e033071953ac3bf69644b40f78b5533d8b78e439c
SSDEEP

24576:zWS6QpPxUqFKUY54e8sPe0GH0tzzM+Ch8Se6qc0c/UC4WBUtes48/WyKZhlvsW:ae9xW3zPMTTf0hWBUQsJ/Wy4hlEW

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  NingaliNET 1.0.2.1/IconInjector.dll
- Size
  
  13KB
- MD5
  
  a011c4d9973857b53c6d26bb616ec7db
- SHA1
  
  cabb81130a064bf9ca41047205af18ecd456433c
- SHA256
  
  360b7cb7812529a3902c8adebec8975019454f762200b98ee78213532416f435
- SHA512
  
  e8085290144e6090918c7bbff20e626f6d7812187f778b9c5705e4710ac589e020ba626c09be43156dcacf846f8571e7690e1e3569d704db3067be365833e6e3
- SSDEEP
  
  192:jLCpu5cRy2zdtwsYvCZVzQInlYJL/efvnaDNIDLTHqaf+UJxX+3DrDmWcLc9C:jL+pY25OvCpQdqHnq+LTQUmrDmW98
Score

1^/10
behavioral1 behavioral2
- Target
  
  NingaliNET 1.0.2.1/Interop.NATUPNPLib.dll
- Size
  
  7KB
- MD5
  
  8a24aa73080b46f93c4c9f3450fe43e5
- SHA1
  
  ed0d8edf55ea6b0d717813fd829e434eb3d63abb
- SHA256
  
  e45f7168be51641d43873f90ff538f9f7557755e911dc23783ff6a4028c30c25
- SHA512
  
  17325bab37fb2a0975ba3e3885a73f235e06f1634124743eca2c2c76e5f2d76fbb751ca8eccecbeef8bb6a9872970e44e6e5847adc54af1cf63dd6f9a5c3b13d
- SSDEEP
  
  96:CFinj09TiY5IxaUsyKY05YgZsXFn6cQkE8g8nIxqG0tVClW:mGEJIrKrYgZsd6wVIiX
Score

1^/10
behavioral3 behavioral4
- Target
  
  NingaliNET 1.0.2.1/Mono.Cecil.dll
- Size
  
  305KB
- MD5
  
  851ec9d84343fbd089520d420348a902
- SHA1
  
  f8e2a80130058e4db3cf569cf4297d07d05c93e0
- SHA256
  
  cdadc26c09f869e21053ee1a0acf3b2d11df8edd599fe9c377bd4d3ce1c9cda9
- SHA512
  
  5e1d1b953fda4a905749eff8c4133a164748ba08c4854348539d335cf53c873eae7c653807a2701bf307693a049ae6c523bd1497a8e659bdea0a71085a58a5f1
- SSDEEP
  
  6144:ueMQM/aMOZabe3h1PtRjAqmYVNf3yTXcYBbt6KMBhu:uF/aMDb8BtRjA7XcYNclB
Score

1^/10
behavioral5 behavioral6
- Target
  
  NingaliNET 1.0.2.1/NingaliNET.exe
- Size
  
  1.4MB
- MD5
  
  eeda9e3dba1a866465f817af9e7c8212
- SHA1
  
  b78966eb20fdd1c9b4c22c409b2bb9a9a071d680
- SHA256
  
  f656b5b6736911a787fc4f3374ff247cfbcb277c7c2945c9c5c462354fea968c
- SHA512
  
  7a7b008b23d1164cfb851c1dc5aa8545b1a76764c331c41cb7de18647f103ac99b138dd7fad20823c90362e17efa043b5517aa8ba11cb5cf836423ace430eccc
- SSDEEP
  
  12288:Vtop+3x/jgQV7nXM3bFsatCwCUA0s1G9uaumrnmaR1G9218lgrIh1j:Vf3keatCwCsuGEarjmaGg2G
Score

1^/10
behavioral7 behavioral8
- Target
  
  NingaliNET 1.0.2.1/Plugins/Filebinder.bin
- Size
  
  14KB
- MD5
  
  f4c7f8ef90e34c3e9f19d1366db79f03
- SHA1
  
  3ee1d1fafa5444b376c729279939a64a69caa544
- SHA256
  
  3ab5e13d7c560937ec3e1f764fb728bc81d22a177c695507065e09ae12d98894
- SHA512
  
  82246a0b218d2fda14fcb358d5abc58a8d7b3c57cffad22c198f2bfdabc7465848940ef9b6a627a403197bf1a635feb2bec098725f9a2ef91b217f0bb466c78e
- SSDEEP
  
  384:j6FMwWPfLQV42kuGCy4ju7LRB3u0+L6JOCzYcCe:uFHWPfXCEJvzYcCe
Score

1^/10
behavioral10 behavioral9
- Target
  
  NingaliNET 1.0.2.1/Plugins/Server.bin
- Size
  
  150KB
- MD5
  
  8ee6cfa5124a73f0e61d602ea7878863
- SHA1
  
  fbdff1a9009c2df072d74699f97700ccf2356ce7
- SHA256
  
  37df8b661f2ac4bf71ff9ef424de495813468294a4d88d682c45da1333859aa4
- SHA512
  
  da86a1e56e181c03ed7728b0cbbc9c516bdbe130361f2e74364a14d7686e148591dc272c4f5408d3f3f9e1e3d171a32c2af10927f46c0153e1d9b7e0c8997089
- SSDEEP
  
  3072:VLhz+8pIFc/i3bJ1c2kHWuVx1cep3a9xk9knBq:7z+n3bQHWCx1cepK9xJn
Score

1^/10
behavioral11 behavioral12
- Target
  
  NingaliNET 1.0.2.1/Plugins/dlentrypoint.bin
- Size
  
  11KB
- MD5
  
  14960a1079f4ffbfb46f553cfc52ad09
- SHA1
  
  b3d18ffc2b1120d3a58c04d45bd3a404aceb8af3
- SHA256
  
  b047352ca4a417181e493c6f353eba94a0fce9d67507dc0f3d694b49b4fce6ef
- SHA512
  
  2bf999073f35df968d2c9bfc2189dbba163487c7287d1475dde998379bd20969d5140fbff7b6c01f9e7031871342a57ab1b215172bfd15dfac15b025dee0954c
- SSDEEP
  
  192:03WKyDozynM11XvrKclkpZmGnloYk4ONIDLR7fV0ovpptwiA:03WvooMnXvrKcl+y4u+LR7Zxp6iA
Score

1^/10
behavioral13 behavioral14
- Target
  
  NingaliNET 1.0.2.1/Plugins/dlnormal.bin
- Size
  
  11KB
- MD5
  
  2b53e572879a63aaa6ab032221a24d99
- SHA1
  
  cecfb4dad0d128bc78369aba53839828af223ff1
- SHA256
  
  0e36c6fbbc68953d2702c3d5f84eeb35912ce9a53aadf467f8df60faf51a7f5e
- SHA512
  
  327d26775f38f29f462c8a3a9d921ab0d89cf80527acb2ddd539d0842988f93c2cbf335a865cea893ab2a81915a95683cdfd8033f9a357aacbf0b8d3360e8188
- SSDEEP
  
  192:3d3WKytoFQldQKDFdzG1nvlldKXZmGnloYk46NIDLRKQVuYvpxGBA:N3Wuy7FBGJvl7KJy4q+LRK6lx8A
Score

1^/10
behavioral15 behavioral16
- Target
  
  NingaliNET 1.0.2.1/Res/res.exe
- Size
  
  861KB
- MD5
  
  66064dbdb70a5eb15ebf3bf65aba254b
- SHA1
  
  0284fd320f99f62aca800fb1251eff4c31ec4ed7
- SHA256
  
  6a94dbda2dd1edcff2331061d65e1baf09d4861cc7ba590c5ec754f3ac96a795
- SHA512
  
  b05c6c09ae7372c381fba591c3cb13a69a2451b9d38da1a95aac89413d7438083475d06796acb5440cd6ec65b030c9fa6cbdaa0d2fe91a926bae6499c360f17f
- SSDEEP
  
  24576:o0ESdQpglO1CxDyawn27h+9hrlgKQY9SGcZwCdTp:o0RIglO1CuL9VNcaCd9
Score

1^/10
behavioral17 behavioral18
- Target
  
  NingaliNET 1.0.2.1/Server.exe
- Size
  
  149KB
- MD5
  
  23886459c4790697a4f0bf60b8d9235f
- SHA1
  
  072e005df5322bb3b094be6fc5366ba223bf3849
- SHA256
  
  de60420ce7dfbf87168d5124dfd82c16c2d5f54362d2775ec8136a17acb6ab76
- SHA512
  
  a6ef16716a755d419a1ad9fbb584256c1e6d3e1aed50b2732ff9b84dfe21d1a1d2aed6d4b8c7aea026e864a1397595b5e66517944a624cf5c68b26910d6aaa12
- SSDEEP
  
  3072:q/yjqpkbQBYYppJT3UJwi7RA7tkHIO6AtDbbTU0P7tepGgvJbVf:qp7T3UJwipHIVAFbTBP7tepG8R
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral19 behavioral20
- Target
  
  NingaliNET 1.0.2.1/SocketServer.dll
- Size
  
  15KB
- MD5
  
  7f57ffb2f3def9388705e078c05f9818
- SHA1
  
  1632a47a3f5d130d739be02c78cc5a127c2bdde7
- SHA256
  
  1102f0cb41a876632c5c516da1645973867c77f1cf25ab18a705b33d4f7d1d99
- SHA512
  
  c25f300838475482f02d1223fd312d1a6f6d42591af8024e9a00f80e9a02621b74fa368ed8db3da08e59bb6c015b86820de0dc14c45a2db8fdaf3dbc438bdda6
- SSDEEP
  
  384:TdLY3cAoBc+R6V6j5qj1G+LTvYAtKt3rRP:JY36Bc+RzjnA8JrR
Score

1^/10
behavioral21 behavioral22
- Target
  
  NingaliNET 1.0.2.1/Users/SERVER_IE11WIN7_IEUser_5612398/Logger.rtf
- Size
  
  1B
- MD5
  
  68b329da9893e34099c7d8ad5cb9c940
- SHA1
  
  adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
- SHA256
  
  01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
- SHA512
  
  be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09
Score

1^/10
behavioral23 behavioral24
- Target
  
  NingaliNET 1.0.2.1/upnp.dll
- Size
  
  11KB
- MD5
  
  ca53e14184fb09ef3294cc4c51e21e04
- SHA1
  
  0917bb5e295c9bd59ad3b0929bf1ad1f08122a86
- SHA256
  
  7a915097caf17b3daa528e90d44972306fdfb0f7b46089b4b6332bfb70dcf1ae
- SHA512
  
  3ee019448aeb0e47ead9395d4edc53573705c95592bb36b26f688e07810f9eab85f551ca8b41048c8e2bea681831dd1d64b368f71023e4d0f423c8632fcb2167
- SSDEEP
  
  192:hKATtBzEToGAnDZVenlYJL/ertIuLROw6OW+Wv:hKEBQc5t9qBzLR2O1Wv
Score

1^/10
behavioral25 behavioral26

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Drops startup file

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26