5b4851e5adb30a0574d3e136512c3268962b0156e12dc4d607229b63f758e932

Sharing

Copy URL

Twitter E-mail

General

Target

2296bdfee952e35529c819e3427b5ecc_JaffaCakes118
Size

2.5MB
Sample

240508-bs2ypaba5t
MD5

2296bdfee952e35529c819e3427b5ecc
SHA1

e04feb2726117f4977c92ad3589de73fc3aebe57
SHA256

5b4851e5adb30a0574d3e136512c3268962b0156e12dc4d607229b63f758e932
SHA512

d3fc1cbff5770c6cffd3d637ffb1faa924bcaa595de23d3ec7eb9712c9208f9217395f8abed00355756a23804bb6ab0f9969ad865e7b961799d6914ef671fe09
SSDEEP

49152:+uT/XoN9NtqUh/wL8w0Pelu8G5UoafpbswJNPpJ6Qmub1F1ZA3:+c/oNJqPuPeoVOoafpL/BcQDbNZU

Score

8^/10

persistence upx

Malware Config

Targets

- Target
  
  2296bdfee952e35529c819e3427b5ecc_JaffaCakes118
- Size
  
  2.5MB
- MD5
  
  2296bdfee952e35529c819e3427b5ecc
- SHA1
  
  e04feb2726117f4977c92ad3589de73fc3aebe57
- SHA256
  
  5b4851e5adb30a0574d3e136512c3268962b0156e12dc4d607229b63f758e932
- SHA512
  
  d3fc1cbff5770c6cffd3d637ffb1faa924bcaa595de23d3ec7eb9712c9208f9217395f8abed00355756a23804bb6ab0f9969ad865e7b961799d6914ef671fe09
- SSDEEP
  
  49152:+uT/XoN9NtqUh/wL8w0Pelu8G5UoafpbswJNPpJ6Qmub1F1ZA3:+c/oNJqPuPeoVOoafpL/BcQDbNZU
Score

8^/10

upx
- Blocklisted process makes network request
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/ShellExecAsUser.dll
- Size
  
  89KB
- MD5
  
  42865be4950639e871fed3a55b790d7b
- SHA1
  
  c6f52d75dec3e215ff0ed3f9ffd4a2e05e3a31c4
- SHA256
  
  c2c32ec71d26b8b4c451401eea1b00fb110ae6f530301605f8d5f71fb7bd738e
- SHA512
  
  2bf28f0b39d4b10325b7038b71519819f6923ba11fcbf510c6be2e02291741ec3d79f4be651df9e0fe1ce4227498a1449463407622dfdd924b81e8681fe6bb67
- SSDEEP
  
  1536:nZUcH87dl2uUVzmk1zaOvSTamTa4Uyf/fhcQYDZZsWjcdojmV/1Boq:2BZlWVzmupvADrymojmV/Eq
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  4206ac12a66dd61b2913f158488db070
- SHA1
  
  589a65a8f2b40d9e821e47bc66fd5bb3848d6f77
- SHA256
  
  4b722e1b2445fe8030194ba2ae1f573bc8e13dc3c028ce22312ea9848c584449
- SHA512
  
  a6a1bd423f222dd28277831eb01a14179ea67fb4d7c2b498cf0684185caf7d44a1378faf3a3933a6ce5bed5f5824d011b4a0f6558c3b5d8e84cb5a2bfe455a67
- SSDEEP
  
  96:o8dPIKJhMuhik+CfoEwknt6io8zv+qy5/utta/P3lkCTcaqHCI:1ZIKXgk+cx6QYFkAvlncviI
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  3e6bf00b3ac976122f982ae2aadb1c51
- SHA1
  
  caab188f7fdc84d3fdcb2922edeeb5ed576bd31d
- SHA256
  
  4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe
- SHA512
  
  1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706
- SSDEEP
  
  192:eP24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlbSl:T8QIl975eXqlWBrz7YLOlb
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/md5dll.dll
- Size
  
  6KB
- MD5
  
  7059f133ea2316b9e7e39094a52a8c34
- SHA1
  
  ee9f1487c8152d8c42fecf2efb8ed1db68395802
- SHA256
  
  32c3d36f38e7e8a8bafd4a53663203ef24a10431bda16af9e353c7d5d108610f
- SHA512
  
  9115986754a74d3084dd18018e757d3b281a2c2fde48c73b71dba882e13bd9b2ded0e6e7f45dc5b019e6d53d086090ccb06e18e6efeec091f655a128510cbe51
- SSDEEP
  
  96:5mArJv6F3TqDmgK4ghEin1US36eHQZDUDgGogZcko5Nt4AMP:5XJ63LhR6inZ6dsgZkKQT
Score

7^/10

upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  dbdbf4017ff91c9de328697b5fd2e10a
- SHA1
  
  b597a5e9a8a0b252770933feed51169b5060a09f
- SHA256
  
  be60a00f32924ccbe03f9914e33b8e1ad8c8a1ca442263a69896efba74925b36
- SHA512
  
  3befc15aab0a5dbe7fde96155b0499d385f2799b1a2d47ce04f37b5804006b1c6c4fff93d3cedb56a2a8172b23752b6f9dc6168cfce3596b91def3247836cf10
- SSDEEP
  
  96:33YnIxFkDUGZpKSmktse3GpmD8pevbE9cxSgB5PKtAtYE9v5E9KntrmfVEB3YdkS:33YIvGZDdtP8pevbg0PuAYK56NyoIFI
Score

3^/10
behavioral11 behavioral12
- Target
  
  $TEMP/$_83_/ists.dll
- Size
  
  365KB
- MD5
  
  35e2b49159b6619ee1ae8f6d1790e721
- SHA1
  
  f61ff5c95978ad46f0a13d1f12ec1dc4b4308648
- SHA256
  
  a0d3936b3f124fd60aed8aa9c34bddf91054c909172bccfbfa21d37ff95cea97
- SHA512
  
  a4eb71ca89fbb6d615ed8c370da1b7aac998d15db7309779856d86d6b78100d31dcfbffa5d46e9a77990e97e38f4179ce5748e68c873672cc07238c60a493b69
- SSDEEP
  
  6144:MlFGXVkkMn3UYsSV2uOU66T80WT0AURyWo3IRSie35iOLHenlDLS:MqmHkYFVOx6w0WT0zsgc9GLS
Score

1^/10
behavioral13 behavioral14
- Target
  
  GamesBot.exe
- Size
  
  304KB
- MD5
  
  e7030b9f2fff58ddd8698a438425b72a
- SHA1
  
  13974e7e2000a1b12936d56d4122ebeb1ee1a8db
- SHA256
  
  e9abce41317b14a2cb2128d4e211b955da6674bb8fadcad52f8c8c3cf7095e65
- SHA512
  
  8a45fe42605d3c05890dea276a7b2d7b99ead90d7e04a8eaba21a8d4993ef45affca7e9cb650f7c5a2ffaf9e783d32931d0e565d963434021aa2075c98ebb990
- SSDEEP
  
  6144:Oswhaca6wXsdxbc6MXq2b9DMsEytp/jrxDkzQScRaYRW1ZG:nwNwXatcMY1pt9ZkZj2W1g
Score

6^/10

persistence
- Adds Run key to start application
  persistence
behavioral15 behavioral16
- Target
  
  GamesBotSvc.exe
- Size
  
  52KB
- MD5
  
  03a45804aafd6067a5dab448b455a8f7
- SHA1
  
  eabb27c7ee7e7fceb84860ba30c05a4ca679af1e
- SHA256
  
  dd7d4ee4c04e574e348a965fb959d372fd6e8fff59b027aa89e2d45fa7379dc1
- SHA512
  
  c29abf43f843a52414fb7ea67955b0322f3b1b2d8a12a2641ab161da79262a9a6f4f4b960fad7eb79a81759502cc83d243f495f5890f037f2cfbf01ab235010d
- SSDEEP
  
  1536:9TLslMp+Li9o58qYSHw2rJvSKftwVU+iKu/Z8hFS3iK:5gq+z58qYurJvSK1wVPBuh8OD
Score

1^/10
behavioral17 behavioral18
- Target
  
  Modules/7z.dll
- Size
  
  893KB
- MD5
  
  04ad4b80880b32c94be8d0886482c774
- SHA1
  
  344faf61c3eb76f4a2fb6452e83ed16c9cce73e0
- SHA256
  
  a1e1d1f0fff4fcccfbdfa313f3bdfea4d3dfe2c2d9174a615bbc39a0a6929338
- SHA512
  
  3e3aaf01b769471b18126e443a721c9e9a0269e9f5e48d0a10251bc1ee309855bd71ede266caa6828b007359b21ba562c2a5a3469078760f564fb7bd43acabfb
- SSDEEP
  
  24576:TW+wsDaQw6DDz3qRyPnmGfrnvVUKueY8RmneWtJ:TasY6DwOBfrnvV7UeWt
Score

3^/10
behavioral19 behavioral20
- Target
  
  Modules/Base.dll
- Size
  
  106KB
- MD5
  
  7d63f84e8eee565909a5bce8ef32d82d
- SHA1
  
  71075288adec88bcbe5b52ca589a5850cf50e74a
- SHA256
  
  92e6fc427b11979f802578ffae1b2a3653a318692c98eac12c73c532eff5e3dd
- SHA512
  
  9cec661adffcff2605fcd924be91fc57a5b971da59176aed2ac874f3d9ed21ca5eaa37f549e09fe7a900c935c8f31b67697c7acdcdcf50e7bce24b54d008b2de
- SSDEEP
  
  3072:cI6YCV7JGhaLWXg91eTzN1q/9va8I/+/VZM4v60:cI6YCjFSXgzedOJa8I/+/VZM4vp
Score

1^/10
behavioral21 behavioral22
- Target
  
  Modules/alzm.dll
- Size
  
  38KB
- MD5
  
  047b5a32e343b4a8df9f6821dec4c674
- SHA1
  
  bc22b028ad521a0b51c40d35f8c59a10772ba8f2
- SHA256
  
  225dc7f37231995e75617d21b5efbe2275c8613a673bea3e86262155e09ed32a
- SHA512
  
  2da78aee56804d457da8cc4989cb6d141c39fa09b2192c48e63c364bbaeede6a83cb2224b498072028686b1b4ce86c1ec93077a7c9c1403c57c697e3b990fa1d
- SSDEEP
  
  768:d/PidxjnQyslT/PeKFHYzNjMLwpruFScci1:JPidtnPgrPqzNoMpSFS3i1
Score

1^/10
behavioral23 behavioral24
- Target
  
  Modules/brs.dll
- Size
  
  114KB
- MD5
  
  e69cb3796f9a8a755aeea5b3ce64f009
- SHA1
  
  891d0628ca67d2b71c675ae575cd0ddea1dfb085
- SHA256
  
  a9c2057e254136f2c9e53ab8638cfb051b109781ec3ca5c8b9b698449e053d5d
- SHA512
  
  1e343fb5ebb0e898daaa07b22b574f0af584f47a7d7bb2d76b8aa84034db865209456aac8dce9e78714a3700b77d6c58143eb6967dfa38ceb1318350fdc4a20d
- SSDEEP
  
  3072:YmephjIKFKAJ6ewg9u5fvkBIugPdqWMgd2/IMy9H:qphj7KA1wgkppF1/d2/IVd
Score

1^/10
behavioral25 behavioral26
- Target
  
  Modules/cmd.dll
- Size
  
  88KB
- MD5
  
  73190f945039cdeaa282390970539e93
- SHA1
  
  3dfe628b037b4e16d0a219d8292929e5dd1808e0
- SHA256
  
  5674d539d96ab730f73bdb8592644e84a2471b5e0af2dcc07f27edcbdd6d6c38
- SHA512
  
  c484aba20c0edf4014f2df4bb61d7365bfc8950432889f43e733ac6cd4cabd0c34a7bdb67bd6e64440c7ac5bb312f3f514e96080402f999b86ba66985fd5226a
- SSDEEP
  
  1536:OF9wEsSY0L/fYnXF1MDvyPedm8Y9LSiVRpdNo2F8ZueW/M3NIYO8FS3iLY:AWMgnX7MDvymdmllRpo2F8ZpW/M3NIYi
Score

1^/10
behavioral27 behavioral28
- Target
  
  Modules/inws.dll
- Size
  
  40KB
- MD5
  
  0667cbc535d6bc2ba700e5c240af0004
- SHA1
  
  bff296b110ed94956a79ad63cd0cf26018e6ba96
- SHA256
  
  0063671dba22693d184006f9529d816f20840fca96d1546061d6ae31ec73f83f
- SHA512
  
  48db6959d43b9cbdc40702e712f11cde9faa2319e76a2a61576cb7e18066946663f38e431c0d2e9eeefa3057ab107b0776c5db8e6c5a3f7c8c28269989ade320
- SSDEEP
  
  768:QS1u5ZX/DLepH32aKx96VEyAe8Pk1TnNtL41UFSccivL:QR/Opw6CC8WTnNN4mFS3ij
Score

1^/10
behavioral29 behavioral30
- Target
  
  Modules/ists.dll
- Size
  
  365KB
- MD5
  
  35e2b49159b6619ee1ae8f6d1790e721
- SHA1
  
  f61ff5c95978ad46f0a13d1f12ec1dc4b4308648
- SHA256
  
  a0d3936b3f124fd60aed8aa9c34bddf91054c909172bccfbfa21d37ff95cea97
- SHA512
  
  a4eb71ca89fbb6d615ed8c370da1b7aac998d15db7309779856d86d6b78100d31dcfbffa5d46e9a77990e97e38f4179ce5748e68c873672cc07238c60a493b69
- SSDEEP
  
  6144:MlFGXVkkMn3UYsSV2uOU66T80WT0AURyWo3IRSie35iOLHenlDLS:MqmHkYFVOx6w0WT0zsgc9GLS
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Blocklisted process makes network request

ACProtect 1.3x - 1.4x DLL software

Loads dropped DLL

UPX packed file

Maps connected drives based on registry

ACProtect 1.3x - 1.4x DLL software

UPX packed file

Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32