Overview

overview

3

Static

static

1

EditedAllD...st.ps1

windows7-x64

3

EditedAllD...st.ps1

windows10-2004-x64

3

EditedAllD...min.js

windows7-x64

3

EditedAllD...min.js

windows10-2004-x64

3

EditedAllD...min.js

windows7-x64

3

EditedAllD...min.js

windows10-2004-x64

3

EditedAllD...min.js

windows7-x64

3

EditedAllD...min.js

windows10-2004-x64

3

EditedAllD...min.js

windows7-x64

3

EditedAllD...min.js

windows10-2004-x64

3

EditedAllD...min.js

windows7-x64

3

EditedAllD...min.js

windows10-2004-x64

3

EditedAllD.../ui.js

windows7-x64

3

EditedAllD.../ui.js

windows10-2004-x64

3

EditedAllD...ord.js

windows7-x64

3

EditedAllD...ord.js

windows10-2004-x64

3

EditedAllD...ck.ps1

windows7-x64

3

EditedAllD...ck.ps1

windows10-2004-x64

3

EditedAllD...one.js

windows7-x64

3

EditedAllD...one.js

windows10-2004-x64

3

EditedAllD...n.html

windows7-x64

1

EditedAllD...n.html

windows10-2004-x64

1

EditedAllD...gin.js

windows7-x64

3

EditedAllD...gin.js

windows10-2004-x64

3

EditedAllD...in2.js

windows7-x64

3

EditedAllD...in2.js

windows10-2004-x64

3

EditedAllD...ess.js

windows7-x64

3

EditedAllD...ess.js

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    40e99fc0986f87295da7d3a38d3e5dd9_JaffaCakes118

  • Size

    222KB

  • Sample

    240514-kr22qshf97

  • MD5

    40e99fc0986f87295da7d3a38d3e5dd9

  • SHA1

    8918cfeab03030b16916248a983e50bfff43b310

  • SHA256

    d3a448a33527f27f2d7b7318a22d538690026ece92d4514cf7145b1f2b1f90ed

  • SHA512

    c4cb9ff39ee4865712a5f88cf9f61a5cb67bf3be5df94a59bdcd28f5b7664cf609c3a3982052c7934ce1df30a6cba21631d00bb04b5e36d8f66ea47311364a5c

  • SSDEEP

    6144:PQov2K8aGU4tlPhbSG0wD5To+4FvkblyNXM7xlu543Zec4WBvWjS2z6Q:PQPS4txsG0Fd4xAOBee2eQ

Score
3/10
execution

Malware Config

Targets

    • Target

      EditedAllDomainNew2018/EditedAllDomain/BlackList.php

    • Size

      1KB

    • MD5

      d7a8ec808175f697f74fff16c97e2b11

    • SHA1

      102742cdeecb33034b74b24851c80570dbc2aa29

    • SHA256

      ac36b1a1ca21690705c69784f249175dee7355ee535d35913e8e46b6794454af

    • SHA512

      205cd939ef9aae19c60e5378b7b50ee84d78a23e22b6450e7b4b604f182c276571568a651223267d8ec442e5e4b29ae984572b83f6fdd89956a021d29ee1ca7e

    Score
    3/10
    execution
    behavioral1behavioral2

    • Target

      EditedAllDomainNew2018/EditedAllDomain/FILES/app.min.js

    • Size

      128KB

    • MD5

      e82645b490bd662e364e6178bb5af9bf

    • SHA1

      e234673d8b11e9c9ecc5a3353cd3bb76fbad219b

    • SHA256

      f3ffb0e895c8503c8ae77b9ab28700f88c7fc5d966882634c059042f94dc3f85

    • SHA512

      c82dca272af518634ff2bce9af7e8e4fbbfcf36039624935b7a0d1923c78ddeb2becb953e5b73bb915a5b3f7f1ed99f84153aa6dab5f758c6dfd222404b8fef5

    • SSDEEP

      1536:GnVvudFjKFlD8buoXzr+K67hQRjacPDtYE9hI3cEoyTJrCqsw+NVJnoxvQaR6vNZ:GVvuqTtGrJ6cSEI7KPaw9IqJMrA

    Score
    3/10
    execution
    behavioral3behavioral4

    • Target

      EditedAllDomainNew2018/EditedAllDomain/FILES/common.min.js

    • Size

      12KB

    • MD5

      febc6dbd0cc54af89f6af27c320a42e6

    • SHA1

      196816e183554e2e838bf6d51dd835803f046a8b

    • SHA256

      32f59f8128d42dda46d1e3234d326574d25659bda0cd5762021e619c1a738ea6

    • SHA512

      5fe325dfcaba6ebd56c3b435df25f67f8d3ae8fb6074f6e7d9a3ed8333ee99df89a09571a94bed5f9714bd7187c60b78ce908733de87190d368ffef894e8d380

    • SSDEEP

      192:kbcF4Xt2LAelJ/h1FF0+Ley3NsiM4WERmsjL1qreA/GOtiIvm:49XtAAohFF0Ge0WQmjrz5vm

    Score
    3/10
    execution
    behavioral5behavioral6

    • Target

      EditedAllDomainNew2018/EditedAllDomain/FILES/jquery-ui-1.9.2.custom.min.js

    • Size

      231KB

    • MD5

      2e71daa2a4a9d78e76d0aafbc1ca4ccf

    • SHA1

      4726c1eaef1ef945ff53d25685f418be7638808d

    • SHA256

      f63ffa752044f857838b22cab1b1098dfab0701184ab6fcbf447c63e829660f5

    • SHA512

      610f1db27fb79a0024d70ba9afbb511f9ea9201a6590687b9f079ab4886b906ecde3f400c49f66baa3c650cfeffbc8d01ffb14fc6d8ae9d6ca3bf0a7f76198c1

    • SSDEEP

      3072:foCqEpQ52EiXO3/g3m/nY56QA+W+TpycF2MBDQM5q65gyE8BK:fQL2de7/n5+fTptFNDjE

    Score
    3/10
    execution
    behavioral7behavioral8

    • Target

      EditedAllDomainNew2018/EditedAllDomain/FILES/jquery.min.js

    • Size

      94KB

    • MD5

      8fc25e27d42774aeae6edbc0a18b72aa

    • SHA1

      b66ed708717bf0b4a005a4d0113af8843ef3b8ff

    • SHA256

      b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682

    • SHA512

      87d90a665c15d71ac872bd8bc003d9863964c7ec7ada6370b902b93c0bbd7770fe25730d946c7c6a465baa95efa74bc0e78af3f83aea615af35060cc8702a6c1

    • SSDEEP

      1536:EPpEy5BMibZGOj/bEe8v+/UWf4IhvAuCh/jqkODZ2D5N9Rag0MOIdSZAgtgoX5Yn:bIO/e2D5c4LgtImLja98HrK

    Score
    3/10
    execution
    behavioral10behavioral9

    • Target

      EditedAllDomainNew2018/EditedAllDomain/FILES/jstz.min.js

    • Size

      5KB

    • MD5

      c7f98590427e8461e59e7e612eb111f2

    • SHA1

      c031636ea0b551aea8f6e3f1e160fa672f1c8891

    • SHA256

      2d7f43c7ddda4bc107c80e268023650196b790f2b9ebc4b73e8908af1787d4f5

    • SHA512

      a6ac90b405ab4812187650c95f3777ee2bce12b664883c132f6e56dbea255b4be97cc7966abc645cfb478ac86ac67ddc8363600c252c8c8a2944c1a738a01f6f

    • SSDEEP

      96:csLDbYBvd0TDZAEc8ox/ZcxjeWxn/oqDiuBfJqbohWA4tjRSVJm/IK8249rz1O:cWPYQDho5e5DXBfQbsWA4tlSVJm/3UDO

    Score
    3/10
    execution
    behavioral11behavioral12

    • Target

      EditedAllDomainNew2018/EditedAllDomain/FILES/ui.js

    • Size

      33KB

    • MD5

      ee701c564d3e5852e8fa0b426b6f0671

    • SHA1

      89c19a43d4c1d88dc7daeb1f53a21a9e890c4ae1

    • SHA256

      e4048613475c00b1a77c90d3f7a8f9c0986cc710eff9ad990db9701d2e9995c4

    • SHA512

      7c861aa5e830c3b5e67668524b55487660d8bab27d09751a661e309f2324ca819aeb56786e3b27ff78d74232d1645dbd6d9799cae7b9888ab46455472c5741b0

    • SSDEEP

      384:IxBgXUweyBaiF9dD9piACqfi/7gp8jcNaZcc1Dc/nSZ0iGR6KiglTWadMtWiAUx/:IzsUDy4M9dD3u7gkOaZcu5UUaV0Z

    Score
    3/10
    execution
    behavioral13behavioral14

    • Target

      EditedAllDomainNew2018/EditedAllDomain/MaskedPassword.js

    • Size

      16KB

    • MD5

      093b948a3133ccde7091158531d5d63e

    • SHA1

      9c704980cfe00a2f4f8fd29b7aa383a92cc31983

    • SHA256

      2cfdb08c07395b0be65df154f068ade61c1bfad7e3e3e2d0e40b85319fa95825

    • SHA512

      df9eec262f8d49888d3e892affb0e87fa7af1f5373d1ae017350397d61e04dae99b5703231d2128e933b1ef790ee6521f05bcf6da62dd71407a6245d1ec0e886

    • SSDEEP

      192:UI/YiZWCBDsJJuW5Jyb3O1V+4CNJOnUkVv3iC9kqIkqo5gDFbT5Bv:UIDZHb3O1VhgZktiF7kT4

    Score
    3/10
    execution
    behavioral15behavioral16

    • Target

      EditedAllDomainNew2018/EditedAllDomain/block.php

    • Size

      1KB

    • MD5

      5116adad80c341b85d93671a323a55af

    • SHA1

      59918eb53b6d37cd6052f33812fca9a05fdf883e

    • SHA256

      b7121cded6b3c0d4ce457605b757087545bbb0e9339101e86ee46530c496d170

    • SHA512

      471948ccbffbe950dc04cae1c4ce8648cdc5321568ee4102426fc086a20452294dd3fd3c56e79c384ffe20d40962da2b1a12f6f2e5ffc1929ae9803362b3fa8f

    Score
    3/10
    execution
    behavioral17behavioral18

    • Target

      EditedAllDomainNew2018/EditedAllDomain/connect_phone.php

    • Size

      8KB

    • MD5

      4ff29aa22bbfc8b7b4e990ea204271d9

    • SHA1

      f1e4e4dfedf2b774679c859273134d765e44513a

    • SHA256

      fd6d3db7342c6c82a9c1339a7facb4c50d0fe9f3cb4de54b8eaacbc1713bfc4f

    • SHA512

      00deb2079e6073d8a9979cabee0fa80f546ad616b11234386c8a50a40977cb0633a22cb2f3cf66c94b6e4aff3d037544a1486d9f9c4668e5d2dad482f92ebb14

    • SSDEEP

      192:KzbaHEo5YzA2ATKvhEG0a+/Ug0ZCeELx1uGHQ:KzbaHE+YzA2PMcB

    Score
    3/10
    execution
    behavioral19behavioral20

    • Target

      EditedAllDomainNew2018/EditedAllDomain/l0gin.html

    • Size

      8KB

    • MD5

      da719ae5af31edd71a54c5ccda21ffb4

    • SHA1

      b56c29edae130766fe395621f9e70547448da2ab

    • SHA256

      dfd103252069a019501dac0c445801c3cedd30a2cd3619c1013c32e947d419dd

    • SHA512

      ef0b67752f100cb097c32e64bed50f1e7935b1c8fe603232a5d7f017ef762a1d37f0fec7216075cd898cb43169dd2e87516ca182777f9dc0d738fe1e77be4f4a

    • SSDEEP

      192:TzbaPEo5YzA2ATKvhEG0Q0ZCeELx1uGHcHwx94:TzbaPE+YzA2P/EHw/4

    Score
    1/10
    behavioral21behavioral22

    • Target

      EditedAllDomainNew2018/EditedAllDomain/l0gin.php

    • Size

      8KB

    • MD5

      c918790440df3bfbd4b95c35445a42ac

    • SHA1

      873b1b11b0d0f9ef4f153cdb0a284ad649ddd42b

    • SHA256

      427d6da81f4d9fe99a4d38b2afe32227387fc4a53bd4871847746a15ec89c0a3

    • SHA512

      f1ed2363a50e7636743aa2e636d297538f64c53e52d201feb89522ee08ae740c7c830e48acfebf4a99a7f1fb4130c1be9a56703bf755d6620c46e661320dac89

    • SSDEEP

      192:8zbaPNU5YzA2ATKvhEG0cjZCeELx1uGHcHwx94:8zbaPNiYzA2PJHHw/4

    Score
    3/10
    execution
    behavioral23behavioral24

    • Target

      EditedAllDomainNew2018/EditedAllDomain/l0gin2.php

    • Size

      8KB

    • MD5

      63f4d8b33c5ac15e625c946eaacce983

    • SHA1

      8404f238608ee1205ec6131f1b24adf8ca7b4afd

    • SHA256

      5680c4a02c742aaecfb076664a16cd3b528d1247e45ba1fcd3ecc758d611455f

    • SHA512

      740002b6044b45202509c4eb38c88d1410965afd2ddf9c7e074c7806898530f1ec97c9aee78f92d0cac9047b63e456b9e43ada48ed60e217c87fc3e7d49e891c

    • SSDEEP

      192:8zbaPNU5YzA2ATKvhEG0c4oZCeELx1uGHcHwx94:8zbaPNiYzA2PowHw/4

    Score
    3/10
    execution
    behavioral25behavioral26

    • Target

      EditedAllDomainNew2018/EditedAllDomain/success.php

    • Size

      6KB

    • MD5

      eb821930f605ebd2fdbca7a8b23c9bb3

    • SHA1

      cf1da8736f17ee2a74e5972093b338ba22589f8e

    • SHA256

      40c2868875c5bbda1c16b3cdbfd74caacaf766120ce57735db28a8e9834fedca

    • SHA512

      be987cba721146144291c019468e2f1fa9af58e14629b61e424415912ebb442c4df8bd7ab8788e1d6c2c7aa87dc89cd18e4509a64e4c6324fcda855ee3457dbe

    • SSDEEP

      96:bgbiUzbav9dwjVVM2ZVq01eglDGIJmr2bcVODzSlsLZCeELx1uGHDE:AzbaHw3o0tFG0rck9ZCeELx1uGHQ

    Score
    3/10
    execution
    behavioral27behavioral28

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

13
T1059

PowerShell

2
T1059.001

JavaScript

11
T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

Score
1/10

behavioral1

execution
Score
3/10

behavioral2

execution
Score
3/10

behavioral3

execution
Score
3/10

behavioral4

execution
Score
3/10

behavioral5

execution
Score
3/10

behavioral6

execution
Score
3/10

behavioral7

execution
Score
3/10

behavioral8

execution
Score
3/10

behavioral9

execution
Score
3/10

behavioral10

execution
Score
3/10

behavioral11

execution
Score
3/10

behavioral12

execution
Score
3/10

behavioral13

execution
Score
3/10

behavioral14

execution
Score
3/10

behavioral15

execution
Score
3/10

behavioral16

execution
Score
3/10

behavioral17

execution
Score
3/10

behavioral18

execution
Score
3/10

behavioral19

execution
Score
3/10

behavioral20

execution
Score
3/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

execution
Score
3/10

behavioral24

execution
Score
3/10

behavioral25

execution
Score
3/10

behavioral26

execution
Score
3/10

behavioral27

execution
Score
3/10

behavioral28

execution
Score
3/10