Overview

overview

9

Static

static

7

342b6eafbc...18.exe

windows7-x64

7

342b6eafbc...18.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...on.dll

windows7-x64

7

$PLUGINSDI...on.dll

windows10-2004-x64

7

DriverAssist.exe

windows7-x64

9

DriverAssist.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    342b6eafbc9f18889a492925a33a2cc5_JaffaCakes118

  • Size

    18.1MB

  • Sample

    240511-mrr8msfg35

  • MD5

    342b6eafbc9f18889a492925a33a2cc5

  • SHA1

    041fcba34d990603fd63074394c40243312a4dfe

  • SHA256

    90263f5e0ceee73af6ee6ca4dac8e6441c1f5c39607512a954e42887a5a0bb3a

  • SHA512

    d58819cad03fb0625129dd3a7fc3846ead1e028944b6516af8f3ca0261c2619ebda78be0a6f3d4cf87b03556fd10d5d49f695ce829997128d0eee115ebec4da7

  • SSDEEP

    393216:Xm4I12ZQV+9llWqi0a2jVbHp5hAK0w5sXQr+xP9fPACdObQvnQ9ScGnCRByGz/O3:Xm4IcZMQWqzVbpb0IsXQ89npOE1crzm3

Score
9/10
agilenetdiscoveryevasionupx

Malware Config

Targets

    • Target

      342b6eafbc9f18889a492925a33a2cc5_JaffaCakes118

    • Size

      18.1MB

    • MD5

      342b6eafbc9f18889a492925a33a2cc5

    • SHA1

      041fcba34d990603fd63074394c40243312a4dfe

    • SHA256

      90263f5e0ceee73af6ee6ca4dac8e6441c1f5c39607512a954e42887a5a0bb3a

    • SHA512

      d58819cad03fb0625129dd3a7fc3846ead1e028944b6516af8f3ca0261c2619ebda78be0a6f3d4cf87b03556fd10d5d49f695ce829997128d0eee115ebec4da7

    • SSDEEP

      393216:Xm4I12ZQV+9llWqi0a2jVbHp5hAK0w5sXQr+xP9fPACdObQvnQ9ScGnCRByGz/O3:Xm4IcZMQWqzVbpb0IsXQ89npOE1crzm3

    Score
    7/10
    agilenetdiscoveryupx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      7399323923e3946fe9140132ac388132

    • SHA1

      728257d06c452449b1241769b459f091aabcffc5

    • SHA256

      5a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3

    • SHA512

      d6f28ba761351f374ae007c780be27758aea7b9f998e2a88a542eede459d18700adffe71abcb52b8a8c00695efb7ccc280175b5eeb57ca9a645542edfabb64f1

    • SSDEEP

      192:eF2HS5ih/7i00dWz9T7PH6lOFcQMI5+Vw+bPFomi7dJWsP:rSUmlw9T7DmnI5+N273FP

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      9301577ff4d229347fe33259b43ef3b2

    • SHA1

      5e39eb4f99920005a4b2303c8089d77f589c133d

    • SHA256

      090c4bc8dc534e97b3877bd5115eb58b3e181495f29f231479f540bab5c01edc

    • SHA512

      77dc7a1dedaeb1fb2ccefaba0a526b8d40ea64b9b37af53c056b9428159b67d552e5e3861cbffc2149ec646fdfe9ce94f4fdca51703f79c93e5f45c085e52c79

    Score
    3/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/nsisdl.dll

    • Size

      15KB

    • MD5

      5fadae311a0c96a8314f463520a08bf3

    • SHA1

      7c4445bd00985050546b473f1892e5e917fbb058

    • SHA256

      93d03b5b15484e37315f3f0bb1d60a38e666fe714a9a0a28f831f6228c587562

    • SHA512

      045d1bbf9802b204354757c94d0b90fc3b9f490dc3d68b12ec0fc83e127c3544c123df3cabb9a4285742d38fa9bcfaf376c800ba3cbbfd84ac624dc89a1dc4b9

    • SSDEEP

      384:dhyd8Y6pu8ZaLf6Uksnw1g8BUcyHisUOb:dhyd8Y67WGg8B/Eie

    Score
    3/10
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/version.dll

    • Size

      22KB

    • MD5

      fbe588b15eb1bd86defade69f796b56f

    • SHA1

      2f63cf44039addddb22c2c0497673b49e6b3ad7a

    • SHA256

      31144e8b156fe87317073c48a09abcb033fda8dbdd96986c4abea8c00c00355f

    • SHA512

      e1a9e29e4c62e77a2ec2c539344f0b5a8cd67ca3fd8dfefb0b0666a992eb2fabadb0034d439c4adbbdffd9c9439f23ee5757fac0ed669d3c9db48f50c677143d

    • SSDEEP

      384:6Qx38r8QfiLpVjOXf4Rrd2IpZn8LI2EdGZ5D6PDo3rsyfyC8n:6Qx38r8Qgp1OvYd2zqGZ5D6PDmXf98

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral10behavioral9

    • Target

      DriverAssist.exe

    • Size

      14.8MB

    • MD5

      a705d4503c5d46b58f9c62ff101a4493

    • SHA1

      7df14bdda16ecbd268566d812bd43963b7b866b0

    • SHA256

      e71e9ad7ebebc5b65dcd3a5f6e90041aaf31896fb7733c984b6a603b79f721f4

    • SHA512

      ba47a299e9fa9fe781b09c9e8bd78143dca86af239c1525de70a57eef38736fa7e1934314d81618a7340f6f24ba33383f7e388fa5368274e8885bce1134d8960

    • SSDEEP

      196608:eTXEzqkShkYHM6bETH24CIj88o5JvqN2ud4nLKr4RElS9OK:e6qk+M6b224CA88ojvwBqKrD+7

    Score
    9/10
    agilenetevasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral11behavioral12

MITRE ATT&CK Enterprise v15

Tasks