Overview

overview

9

Static

static

9

399d264c0a...18.exe

windows7-x64

7

399d264c0a...18.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

DuiLib.dll

windows7-x64

3

DuiLib.dll

windows10-2004-x64

3

DuiLib_u.dll

windows7-x64

3

DuiLib_u.dll

windows10-2004-x64

3

MeMeLiveShow.exe

windows7-x64

1

MeMeLiveShow.exe

windows10-2004-x64

1

UninstallMeMeLive.exe

windows7-x64

7

UninstallMeMeLive.exe

windows10-2004-x64

7

installstat.exe

windows7-x64

1

installstat.exe

windows10-2004-x64

1

plugins/NP...09.dll

windows7-x64

1

plugins/NP...09.dll

windows10-2004-x64

1

update.exe

windows7-x64

1

update.exe

windows10-2004-x64

1

wke.dll

windows7-x64

1

wke.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    399d264c0aa7a682451fb3f6cc3cd38a_JaffaCakes118

  • Size

    11.5MB

  • Sample

    240512-mdwnxabb6v

  • MD5

    399d264c0aa7a682451fb3f6cc3cd38a

  • SHA1

    8065558ba13e129dd5d60e7caae3b7c6ddd3c63a

  • SHA256

    211c37d00b6555ca57c72c779220f31fdb21394436066991149c604487b44991

  • SHA512

    3917e2e008e8af0f928d4e5848fecf80e154d76342d6ec4bf9028ef439c4551aa764f6cc2a928eceecfc720723a381882eacc4950d1b752f6f6f49395bc2a92f

  • SSDEEP

    196608:SsqspL1md8bNAL1OG7mFtE0dXxU6QgWKkgo5mIOE03hQAJ9DAfx8E:SipL1md8JAL1OGCnE6U6WKsvf0RdJlAL

Score
9/10
cryptonediscoverypacker

Malware Config

Targets

    • Target

      399d264c0aa7a682451fb3f6cc3cd38a_JaffaCakes118

    • Size

      11.5MB

    • MD5

      399d264c0aa7a682451fb3f6cc3cd38a

    • SHA1

      8065558ba13e129dd5d60e7caae3b7c6ddd3c63a

    • SHA256

      211c37d00b6555ca57c72c779220f31fdb21394436066991149c604487b44991

    • SHA512

      3917e2e008e8af0f928d4e5848fecf80e154d76342d6ec4bf9028ef439c4551aa764f6cc2a928eceecfc720723a381882eacc4950d1b752f6f6f49395bc2a92f

    • SSDEEP

      196608:SsqspL1md8bNAL1OG7mFtE0dXxU6QgWKkgo5mIOE03hQAJ9DAfx8E:SipL1md8JAL1OGCnE6U6WKsvf0RdJlAL

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      375e8a08471dc6f85f3828488b1147b3

    • SHA1

      1941484ac710fc301a7d31d6f1345e32a21546af

    • SHA256

      4c86b238e64ecfaabe322a70fd78db229a663ccc209920f3385596a6e3205f78

    • SHA512

      5ba29db13723ddf27b265a4548606274b850d076ae1f050c64044f8ccd020585ad766c85c3e20003a22f356875f76fb3679c89547b0962580d8e5a42b082b9a8

    • SSDEEP

      192:MPtkumJX7zB22kGwfy0mtVgkCPOs91un:9702k5qpds9Qn

    Score
    3/10
    behavioral3behavioral4

    • Target

      DuiLib.dll

    • Size

      945KB

    • MD5

      753a6bad1d1496933feae090b79c8658

    • SHA1

      3363a1aef6650b156191d2cf4d6270715d142000

    • SHA256

      c0385fa6e91efc54c7fdfb05010f468eb1adff21b9dec367b21582d4cb07452d

    • SHA512

      3ec3e063cbc54783eac9cb9d5f6f9e5e797d63389367cb5a6c745394cb8ae1022e188bf6e5706d872d6948028d646fbe905adebffb20599784264451ec165607

    • SSDEEP

      12288:MfYVWYM85wseVM1KRb7hiGHEWrF8nm6S9ZGGFt/PKS6pWTJJJ:MftkmMY7PEiF8FS9ZGgt/v6mLJ

    Score
    3/10
    behavioral5behavioral6

    • Target

      DuiLib_u.dll

    • Size

      572KB

    • MD5

      caf665bd2b042b8e9e7b8accc8dfa780

    • SHA1

      6d223693e8bd004ab9124183515089e5bf28018e

    • SHA256

      1834e678ae69b5a25b17b3947e8057b7530f8c4fbd897621369ac2d5bad01319

    • SHA512

      3278c666aaca7b51b7691cad4bbbc85a6e1b61f1cecc878f58cdb326e0547d3feb8617d604d7f371ace7248a5e61f0a08c8da0a915ee6b7d7c16ee3cbc01e524

    • SSDEEP

      12288:eRAVI8gONH2qjuunmuapwf+JxSbjIOk+Nn7ReycIszH3z/:4AK8gduapGIxMO/

    Score
    3/10
    behavioral7behavioral8

    • Target

      MeMeLiveShow.exe

    • Size

      992KB

    • MD5

      f8c15dc56faffdc96995129c1a30c794

    • SHA1

      cbe00d7f50b596b9c958fc951b64da30e283d6e6

    • SHA256

      f85049ff4a1acde8021902fa51b7d7f3bd42df8ce9b8c3be49362516cbe7a2b5

    • SHA512

      45ae09c9b604a9c6d9ba3afdf5f145ff2c73a9f96f7e2cdf7c9832a3629f93e1086bfec98d8c4001a8c7be3f39977b62178ce08baa05db9ca0b5f3f18b68be0b

    • SSDEEP

      12288:Ol3ijfv4KJukIisIqt+Rc6Da0y38weB2hynO:Ol36X4Kv58+Rc6Ds3UBtO

    Score
    1/10
    behavioral10behavioral9

    • Target

      UninstallMeMeLive.exe

    • Size

      394KB

    • MD5

      5b4c0f4589753cf28114c0cf73a729a8

    • SHA1

      aeaa96eff6b4a43c0761b418119fb0fb96aa5073

    • SHA256

      a186be7d61b6ac54de13410110086f81fdded6987182d15867cb45a104c236cc

    • SHA512

      c343835c4cc5d9f6a3b4cea080e4d592f83563966b65e978aed5c93a5b9891eb97a246b1b36e68ec911142a903f8156d2f8340c6a1c50a7294b61eaf5e14d8a4

    • SSDEEP

      1536:ZPzUmdx2gahvwPBW7rfoOcZ1VBBUY5zQVmp2A:ZPzUQ2gyYqrf5cZ1bBPtUmpp

    Score
    7/10

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral11behavioral12

    • Target

      installstat.exe

    • Size

      143KB

    • MD5

      3b33ffd1ef0c8f6e10faea3ed9cf7bc2

    • SHA1

      1229b115c2ef007bc6e02ec38bd8cb3a3435503c

    • SHA256

      dbf89b2db9cdcbfbbe372eb36acd2627184cea76210292c8033e359d5d98ad37

    • SHA512

      035b7530a6ade7956d1db671ff4f3364c238efdf60e28a0948976523703d63a6883235650659a7364f87457f92b0b23afe150b4f26aaddc98631d7fa8e5ad717

    • SSDEEP

      3072:5qQMI3Icqr/NhlKiIIcqfkm+f0dBcXwhv4:5qQMIYxrNKiIhCttEag

    Score
    1/10
    behavioral13behavioral14

    • Target

      plugins/NPSWF32_18_0_0_209.dll

    • Size

      16.6MB

    • MD5

      fd82108fd60b63010325d9af6f00af99

    • SHA1

      a8a3a53e7b0e5713e93acbcf27d4657c324726c4

    • SHA256

      819cc0414074d329025ebfef2079cd277ef9e5beedb8cbbebe6d646825de85bf

    • SHA512

      8d0fcbe5948aa61e434260fd38b50eb79272a7532a20271333dbf1f507aff4a4f48edf414bab031321d9ab8540b2b8769a54eb013f8508edb0408e9fc9c80b0c

    • SSDEEP

      393216:bjzPNjLES4YLhP65DvA/sG0kHPwuajnin9N7W3HuopBws4Pgr7X:bjzPNvES4YLhku97W3ES7X

    Score
    1/10
    behavioral15behavioral16

    • Target

      update.exe

    • Size

      434KB

    • MD5

      aed5f5fefbf6754de7093fdccbd93f33

    • SHA1

      6fe13f90a3e13b0b5c52c7af75bca322b1874738

    • SHA256

      d45b8e23ff646739766076125d9b57737ab3837f0e47d7d631b6cc30d8adaf51

    • SHA512

      289319de0c2d1368982a5217d53a63dceecee987f908bdf52713cccb92ca95957f00f48f1487f3feb961a6dece26119e32e650e26bfd8575fb5fdddac33b742e

    • SSDEEP

      6144:n6z/WinQf4ihh47bn3z1a26cLawMqskQZeATc8cP5/kBp7HQkYD:6zuSihAz3zvkYD

    Score
    1/10
    behavioral17behavioral18

    • Target

      wke.dll

    • Size

      11.2MB

    • MD5

      da51b7b21ec3208b36a7b3e8bcf8a88d

    • SHA1

      53393c21ea8b1d30e3308acc50c23f055c631cc5

    • SHA256

      c21c88944d30d2b4396586bb78d65a7d2c0aa0e9049b5a1b622d3d57cb94bc22

    • SHA512

      7d4d93ef684cfafba5c90624ebbd739d8314a933a16aec6bb27f42226ede3428ca48849765d8a34d59b98c76a8a5993840c04a6b8fa2a18797bb44e35572921c

    • SSDEEP

      98304:br4A7YGSECByCszjrweVwSpuPgv4EslTXh8dekEAB1zBuhEsnIUTWgp8e:br4A8GHCc/yhEslTXh8vEZnNTW

    Score
    3/10
    behavioral19behavioral20

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks