211c37d00b6555ca57c72c779220f31fdb21394436066991149c604487b44991

Sharing

Copy URL

Twitter E-mail

General

Target

399d264c0aa7a682451fb3f6cc3cd38a_JaffaCakes118
Size

11.5MB
Sample

240512-mdwnxabb6v
MD5

399d264c0aa7a682451fb3f6cc3cd38a
SHA1

8065558ba13e129dd5d60e7caae3b7c6ddd3c63a
SHA256

211c37d00b6555ca57c72c779220f31fdb21394436066991149c604487b44991
SHA512

3917e2e008e8af0f928d4e5848fecf80e154d76342d6ec4bf9028ef439c4551aa764f6cc2a928eceecfc720723a381882eacc4950d1b752f6f6f49395bc2a92f
SSDEEP

196608:SsqspL1md8bNAL1OG7mFtE0dXxU6QgWKkgo5mIOE03hQAJ9DAfx8E:SipL1md8JAL1OGCnE6U6WKsvf0RdJlAL

Score

9^/10

Malware Config

Targets

- Target
  
  399d264c0aa7a682451fb3f6cc3cd38a_JaffaCakes118
- Size
  
  11.5MB
- MD5
  
  399d264c0aa7a682451fb3f6cc3cd38a
- SHA1
  
  8065558ba13e129dd5d60e7caae3b7c6ddd3c63a
- SHA256
  
  211c37d00b6555ca57c72c779220f31fdb21394436066991149c604487b44991
- SHA512
  
  3917e2e008e8af0f928d4e5848fecf80e154d76342d6ec4bf9028ef439c4551aa764f6cc2a928eceecfc720723a381882eacc4950d1b752f6f6f49395bc2a92f
- SSDEEP
  
  196608:SsqspL1md8bNAL1OG7mFtE0dXxU6QgWKkgo5mIOE03hQAJ9DAfx8E:SipL1md8JAL1OGCnE6U6WKsvf0RdJlAL
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  375e8a08471dc6f85f3828488b1147b3
- SHA1
  
  1941484ac710fc301a7d31d6f1345e32a21546af
- SHA256
  
  4c86b238e64ecfaabe322a70fd78db229a663ccc209920f3385596a6e3205f78
- SHA512
  
  5ba29db13723ddf27b265a4548606274b850d076ae1f050c64044f8ccd020585ad766c85c3e20003a22f356875f76fb3679c89547b0962580d8e5a42b082b9a8
- SSDEEP
  
  192:MPtkumJX7zB22kGwfy0mtVgkCPOs91un:9702k5qpds9Qn
Score

3^/10
behavioral3 behavioral4
- Target
  
  DuiLib.dll
- Size
  
  945KB
- MD5
  
  753a6bad1d1496933feae090b79c8658
- SHA1
  
  3363a1aef6650b156191d2cf4d6270715d142000
- SHA256
  
  c0385fa6e91efc54c7fdfb05010f468eb1adff21b9dec367b21582d4cb07452d
- SHA512
  
  3ec3e063cbc54783eac9cb9d5f6f9e5e797d63389367cb5a6c745394cb8ae1022e188bf6e5706d872d6948028d646fbe905adebffb20599784264451ec165607
- SSDEEP
  
  12288:MfYVWYM85wseVM1KRb7hiGHEWrF8nm6S9ZGGFt/PKS6pWTJJJ:MftkmMY7PEiF8FS9ZGgt/v6mLJ
Score

3^/10
behavioral5 behavioral6
- Target
  
  DuiLib_u.dll
- Size
  
  572KB
- MD5
  
  caf665bd2b042b8e9e7b8accc8dfa780
- SHA1
  
  6d223693e8bd004ab9124183515089e5bf28018e
- SHA256
  
  1834e678ae69b5a25b17b3947e8057b7530f8c4fbd897621369ac2d5bad01319
- SHA512
  
  3278c666aaca7b51b7691cad4bbbc85a6e1b61f1cecc878f58cdb326e0547d3feb8617d604d7f371ace7248a5e61f0a08c8da0a915ee6b7d7c16ee3cbc01e524
- SSDEEP
  
  12288:eRAVI8gONH2qjuunmuapwf+JxSbjIOk+Nn7ReycIszH3z/:4AK8gduapGIxMO/
Score

3^/10
behavioral7 behavioral8
- Target
  
  MeMeLiveShow.exe
- Size
  
  992KB
- MD5
  
  f8c15dc56faffdc96995129c1a30c794
- SHA1
  
  cbe00d7f50b596b9c958fc951b64da30e283d6e6
- SHA256
  
  f85049ff4a1acde8021902fa51b7d7f3bd42df8ce9b8c3be49362516cbe7a2b5
- SHA512
  
  45ae09c9b604a9c6d9ba3afdf5f145ff2c73a9f96f7e2cdf7c9832a3629f93e1086bfec98d8c4001a8c7be3f39977b62178ce08baa05db9ca0b5f3f18b68be0b
- SSDEEP
  
  12288:Ol3ijfv4KJukIisIqt+Rc6Da0y38weB2hynO:Ol36X4Kv58+Rc6Ds3UBtO
Score

1^/10
behavioral10 behavioral9
- Target
  
  UninstallMeMeLive.exe
- Size
  
  394KB
- MD5
  
  5b4c0f4589753cf28114c0cf73a729a8
- SHA1
  
  aeaa96eff6b4a43c0761b418119fb0fb96aa5073
- SHA256
  
  a186be7d61b6ac54de13410110086f81fdded6987182d15867cb45a104c236cc
- SHA512
  
  c343835c4cc5d9f6a3b4cea080e4d592f83563966b65e978aed5c93a5b9891eb97a246b1b36e68ec911142a903f8156d2f8340c6a1c50a7294b61eaf5e14d8a4
- SSDEEP
  
  1536:ZPzUmdx2gahvwPBW7rfoOcZ1VBBUY5zQVmp2A:ZPzUQ2gyYqrf5cZ1bBPtUmpp
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral11 behavioral12
- Target
  
  installstat.exe
- Size
  
  143KB
- MD5
  
  3b33ffd1ef0c8f6e10faea3ed9cf7bc2
- SHA1
  
  1229b115c2ef007bc6e02ec38bd8cb3a3435503c
- SHA256
  
  dbf89b2db9cdcbfbbe372eb36acd2627184cea76210292c8033e359d5d98ad37
- SHA512
  
  035b7530a6ade7956d1db671ff4f3364c238efdf60e28a0948976523703d63a6883235650659a7364f87457f92b0b23afe150b4f26aaddc98631d7fa8e5ad717
- SSDEEP
  
  3072:5qQMI3Icqr/NhlKiIIcqfkm+f0dBcXwhv4:5qQMIYxrNKiIhCttEag
Score

1^/10
behavioral13 behavioral14
- Target
  
  plugins/NPSWF32_18_0_0_209.dll
- Size
  
  16.6MB
- MD5
  
  fd82108fd60b63010325d9af6f00af99
- SHA1
  
  a8a3a53e7b0e5713e93acbcf27d4657c324726c4
- SHA256
  
  819cc0414074d329025ebfef2079cd277ef9e5beedb8cbbebe6d646825de85bf
- SHA512
  
  8d0fcbe5948aa61e434260fd38b50eb79272a7532a20271333dbf1f507aff4a4f48edf414bab031321d9ab8540b2b8769a54eb013f8508edb0408e9fc9c80b0c
- SSDEEP
  
  393216:bjzPNjLES4YLhP65DvA/sG0kHPwuajnin9N7W3HuopBws4Pgr7X:bjzPNvES4YLhku97W3ES7X
Score

1^/10
behavioral15 behavioral16
- Target
  
  update.exe
- Size
  
  434KB
- MD5
  
  aed5f5fefbf6754de7093fdccbd93f33
- SHA1
  
  6fe13f90a3e13b0b5c52c7af75bca322b1874738
- SHA256
  
  d45b8e23ff646739766076125d9b57737ab3837f0e47d7d631b6cc30d8adaf51
- SHA512
  
  289319de0c2d1368982a5217d53a63dceecee987f908bdf52713cccb92ca95957f00f48f1487f3feb961a6dece26119e32e650e26bfd8575fb5fdddac33b742e
- SSDEEP
  
  6144:n6z/WinQf4ihh47bn3z1a26cLawMqskQZeATc8cP5/kBp7HQkYD:6zuSihAz3zvkYD
Score

1^/10
behavioral17 behavioral18
- Target
  
  wke.dll
- Size
  
  11.2MB
- MD5
  
  da51b7b21ec3208b36a7b3e8bcf8a88d
- SHA1
  
  53393c21ea8b1d30e3308acc50c23f055c631cc5
- SHA256
  
  c21c88944d30d2b4396586bb78d65a7d2c0aa0e9049b5a1b622d3d57cb94bc22
- SHA512
  
  7d4d93ef684cfafba5c90624ebbd739d8314a933a16aec6bb27f42226ede3428ca48849765d8a34d59b98c76a8a5993840c04a6b8fa2a18797bb44e35572921c
- SSDEEP
  
  98304:br4A7YGSECByCszjrweVwSpuPgv4EslTXh8dekEAB1zBuhEsnIUTWgp8e:br4A8GHCc/yhEslTXh8vEZnNTW
Score

3^/10
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Deletes itself

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20