Overview

overview

7

Static

static

7

Sava Explo...432.js

windows7-x64

3

Sava Explo...432.js

windows10-2004-x64

3

Sava Explo...34.jar

windows7-x64

1

Sava Explo...34.jar

windows10-2004-x64

7

Sava Explo...x.html

windows7-x64

1

Sava Explo...x.html

windows10-2004-x64

1

Sava Explo...AO.jar

windows7-x64

1

Sava Explo...AO.jar

windows10-2004-x64

7

Sava Explo...et.jar

windows7-x64

1

Sava Explo...et.jar

windows10-2004-x64

7

Bol Downloader.dll

windows7-x64

1

Bol Downloader.dll

windows10-2004-x64

1

Sava Explo...nt.jar

windows7-x64

1

Sava Explo...nt.jar

windows10-2004-x64

7

Sava Explo...x.html

windows7-x64

1

Sava Explo...x.html

windows10-2004-x64

1

DownloaderActiveX.dll

windows7-x64

7

DownloaderActiveX.dll

windows10-2004-x64

7

Sava Explo...F4.dll

windows7-x64

1

Sava Explo...F4.dll

windows10-2004-x64

1

Sava Explo....1.exe

windows7-x64

1

Sava Explo....1.exe

windows10-2004-x64

1

Sava Explo...er.jar

windows7-x64

1

Sava Explo...er.jar

windows10-2004-x64

1

Sava Explo...x.html

windows7-x64

1

Sava Explo...x.html

windows10-2004-x64

1

Sava Explo...ax.jar

windows7-x64

1

Sava Explo...ax.jar

windows10-2004-x64

7

Sava Explo...x.html

windows7-x64

1

Sava Explo...x.html

windows10-2004-x64

1

HHCTRL.dll

windows7-x64

1

HHCTRL.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4105bb63e3ce12277e55bdeca60a04ae_JaffaCakes118

  • Size

    5.3MB

  • Sample

    240514-lh58gaad4t

  • MD5

    4105bb63e3ce12277e55bdeca60a04ae

  • SHA1

    4ac0bc70262bb774635d4fd2c3b49e6cf8c82e18

  • SHA256

    54218d4bbeffa46d2dfb6f24d7d5aafe817e2fbb8e56f863cbb388dbc6a78625

  • SHA512

    2d41ba46f562cf5c1cb2b5c4addadf5b505296398d7fd485b7a90d118429f56b160bea962ebc1e1d9360a431c172cd3ac592a32f5dd000015cdb989b557a55ff

  • SSDEEP

    98304:mYinWs36gaIPVMlttHe3wyLjPBO76a6P0W1jjTwGBn3MU1X1FfSg5PB6WNMSvPbJ:DiWA6vl7He8+z0W1HkG2U1DfP556WzbJ

Score
7/10
discoveryexecutionjavascriptpdfupx

Malware Config

Targets

    • Target

      Sava Exploits Pack/432.js

    • Size

      333B

    • MD5

      08f8488f1122f2388a0fd65976b9becd

    • SHA1

      75d7fc493a64c4fc401d2a1517dadc77d00226f1

    • SHA256

      058de40ea0a8a485e9f36a4b7bedced569545c2fe4a7d65a8688c831d14f9472

    • SHA512

      a452eabfa404ffe5202e0f00251a92da7c4b9b7861a1192ae7f33a7b7a29eadfe2eebfd300b41cb567b055096d7046eeff30bec0994a13fb944d4516d3ebf19e

    Score
    3/10
    execution
    behavioral1behavioral2

    • Target

      Sava Exploits Pack/5734.jar

    • Size

      14KB

    • MD5

      f65f3b9b809ebf221e73502480ab6ea7

    • SHA1

      a7be05d0e39e6249e154ba9e31d292e4c389d69f

    • SHA256

      510f218244c22f6a101e8461f6b0ff2af849d9d89e5725c3032a033313249de7

    • SHA512

      2ec8e4e488f106f826a96ba7f716a67d80e316cd759af62a9a92ff6c914040c290a9ed77a7d30c8668b61dd7e314760c4dadd38ee85dd0d0e4261740515b9c64

    • SSDEEP

      384:6iBVIJXgmcfd4rl1HQjJXvdllmPuYo8psMh3kAVO:6mGXMf8OXvdllmGApJBkAVO

    Score
    7/10
    discovery
    behavioral3behavioral4

    • Target

      Sava Exploits Pack/5734/index.html

    • Size

      195B

    • MD5

      262e8959f3677c1f8ecb58d0ea638ce9

    • SHA1

      5d5726702345f6291955bf674a0438b49cff41fd

    • SHA256

      0fd7833b62f550770ff80ed32dca389a861dd43dca7c4672af2947bd43516be3

    • SHA512

      e3325a7210dad57673d27447831342a9edf827cd9024a7735db3cbb51a26176c0428b07dbf05aba89666c3948066b1e30c449ba3fb2cd0aeb7c536ececcd7835

    Score
    1/10
    behavioral5behavioral6

    • Target

      Sava Exploits Pack/6sRR0EYb853b04nWTlUAgCIp5qyRv8AO.jar

    • Size

      6KB

    • MD5

      7b73ea0899bc9998beccbfddfcaf153b

    • SHA1

      6412c0b7d81e5f17f1dea0c847c4d35659427c4c

    • SHA256

      4947e42e4afa8b4c661107547ce658518a85efbbdf174088c589e2cfa42ff3b4

    • SHA512

      9e617688ac383945a362b4a0251da4fe4e4590a791819b93e2d1582640a0e10812fd50cbb80fa169f5eb6cbda27915edfec4b5d781308c33ae84d20f35ac3ba3

    • SSDEEP

      96:b/4bXAB3qeq4rM7SDZ/I09Da01l+gmkyTt6Hk8nT+RSz89FJEj6GZYyIxwh8/:eu3trmSDS0tKg9E05T9zInlyMJ/

    Score
    7/10
    discovery
    behavioral7behavioral8

    • Target

      Sava Exploits Pack/Applet.jar

    • Size

      6KB

    • MD5

      76b84b821dedd652e02a811e84a78762

    • SHA1

      e5c446ebe1efec6b5784054768c2960b0033b3bf

    • SHA256

      3e28f48705015a47be64f6f7900db4eb26c1e2a7f6762aa0a92114e267cbbf3c

    • SHA512

      662278eb93964d7423e5450c39f4c0abd675b29784e66419b832e21f3677e5fb8272295da65e2a03a4740b3bec6947cfb8a64ced4e66828f555341307b699360

    • SSDEEP

      96:sbTmCMNuAHeIpvPP70ipKSdVJ/mFjw3OeJ6cov5odIA++QQvQmcEJlPxzEpw:iqNuoFP70ipNTAFzvcEf/+fvjcEJlJ1

    Score
    7/10
    discovery
    behavioral10behavioral9

    • Target

      Bol Downloader.ocx

    • Size

      278KB

    • MD5

      77927f4395506eebbf18169671fc4938

    • SHA1

      5a3ab2e0721fd8222001acf5fbc82a7ed5cb4052

    • SHA256

      e8c698557eb9dd0ba618055f6ba4915627679e8ac5eb4b7eda63f9abbe1f1ff7

    • SHA512

      21bc9a8f9951ed4206cbe79ad3567f6c151bc016a23c37e29f9f258e6a2994843330a2195891be03086d5cd6ec73ddeda37b89e1cea35c2d2eb09f1f12658011

    • SSDEEP

      3072:mHtqGCbviHRz6Layf5XO9+Snr+FChcAdbms2K6vEroAUN79IZp9TsRJyo1EdK+Nz:IqJbiRz6/hXq3HhcG7tg9IZeeK+N

    Score
    1/10
    behavioral11behavioral12

    • Target

      Sava Exploits Pack/Client.jar

    • Size

      2KB

    • MD5

      a6091a6335ec1fd34e8358010c044270

    • SHA1

      126beed0fce70142207de46d58c69aadff71645c

    • SHA256

      160d60c071f7a5e691c9b2537fcfa926eb9a80537d594b2e7382309e2ecd5f41

    • SHA512

      ec422053d1852a1fd575485c8c8bfdf51c35347ebfed92a0a613854717eee5933c6520936d7ce5faa67b60a31ddc0d09f1b167efa975d2cd9d814b51d09ab46d

    Score
    7/10
    discovery
    behavioral13behavioral14

    • Target

      Sava Exploits Pack/Client/index.html

    • Size

      195B

    • MD5

      262e8959f3677c1f8ecb58d0ea638ce9

    • SHA1

      5d5726702345f6291955bf674a0438b49cff41fd

    • SHA256

      0fd7833b62f550770ff80ed32dca389a861dd43dca7c4672af2947bd43516be3

    • SHA512

      e3325a7210dad57673d27447831342a9edf827cd9024a7735db3cbb51a26176c0428b07dbf05aba89666c3948066b1e30c449ba3fb2cd0aeb7c536ececcd7835

    Score
    1/10
    behavioral15behavioral16

    • Target

      DownloaderActiveX.ocx

    • Size

      79KB

    • MD5

      e2b5926c917182788b6bb8f2cbbfc287

    • SHA1

      121d15bee70dfb435e14f0b60fc6d97af314df8d

    • SHA256

      0efa625aa3e66c7881e114eb4c2c7447080c0e508e3c7bb43d292a442fabe880

    • SHA512

      6813d5bab2a134926f722ca9a33b803560e3cc295dd3a9bbecc433a620722263e94fd5bfa33d4c5ea106cd0bc61718e36d95aaae168bd910c8d7261dec6d53b1

    • SSDEEP

      1536:p8XCGD7ZXtDphiuV6YbXaeWaSNapVnFyDAlZwcyamqMxzxDETucB:sRXxphiuQ4SNaPFOcfHOzKucB

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral17behavioral18

    • Target

      Sava Exploits Pack/FF4.dll

    • Size

      76KB

    • MD5

      51ce553666c8a44f17cb0a219e83aeef

    • SHA1

      87210882bb80c60bae3ff147cb16b61b35e320f0

    • SHA256

      3bc239932e1a55664c2c15bec1c5fc7778fd0f1f73a48aad340c0b1040cbe617

    • SHA512

      bc036cc15d531e0f8b2199c36901d97af13240aabadb1befd7384bf2effd52e8523a97697103e19e2624c19ab0d556b1052d02f461218f9eb42f8e046b77ae71

    • SSDEEP

      768:5wjRyiY6WVJrt1n9qvkWg0KR3m/d35oneDdU2y2zucDYvXObrd7:atP27pBv0KR3m/15jdUiavXOb

    Score
    1/10
    behavioral19behavioral20

    • Target

      Sava Exploits Pack/Flash_Player_10.2.160.1.exe

    • Size

      2KB

    • MD5

      9efb6983994d242e3acdcc441ff0f1d2

    • SHA1

      2b03f45b66f9d01fe19380cc1d3e2c5f77a6d941

    • SHA256

      5287e8dcd42dd7da2414b020ba22f32462fdbe9bcec38aed0711c2a3d57a0a34

    • SHA512

      747c047b068e013b33b5bfbf77fa7ec83106f78fc1924a72923b3c32c3032a2031d337a7ae8bdc61c04f986148227dc75fb812786004344c33a53a7eda9c35e4

    Score
    1/10
    behavioral21behavioral22

    • Target

      Sava Exploits Pack/Gallery_Viewer.jar

    • Size

      3KB

    • MD5

      fe054620594aa13a8296a44bf7f6950a

    • SHA1

      3d08673eac7bf1071b321f7eedcb149ddc674a6f

    • SHA256

      07014460a6483819ba18c278a07a34e81309acbe5f532ac9c72dc1d26af480e0

    • SHA512

      f206d0228e439aa97eee648af799401df6f6b55df14c4fc2aec3fdc0d88ddbfd88531575b3c66b8ff81e6696df068232d392a650a77bb2d23d3c34e3c438eebb

    Score
    1/10
    behavioral23behavioral24

    • Target

      Sava Exploits Pack/Gallery_Viewer/index.html

    • Size

      195B

    • MD5

      262e8959f3677c1f8ecb58d0ea638ce9

    • SHA1

      5d5726702345f6291955bf674a0438b49cff41fd

    • SHA256

      0fd7833b62f550770ff80ed32dca389a861dd43dca7c4672af2947bd43516be3

    • SHA512

      e3325a7210dad57673d27447831342a9edf827cd9024a7735db3cbb51a26176c0428b07dbf05aba89666c3948066b1e30c449ba3fb2cd0aeb7c536ececcd7835

    Score
    1/10
    behavioral25behavioral26

    • Target

      Sava Exploits Pack/GoogleTrax.jar

    • Size

      2KB

    • MD5

      e451f902854b5c7764e61047d589be80

    • SHA1

      b97c7d30f7fc388baefc52e526a7da87244ce673

    • SHA256

      3887a05df87d9bb151808b1a3efafed2fc9f571f8d9ab384bc883154545cfdf4

    • SHA512

      23dabc09272bc0e4e6632e22898fb3cdebc8dbfb2aaa627253c4d710a2e0faaba243f0fe6970f23f786d1a797642d0f616694c5feefc16935c661b2ad4097da8

    Score
    7/10
    discovery
    behavioral27behavioral28

    • Target

      Sava Exploits Pack/GoogleTrax/index.html

    • Size

      195B

    • MD5

      262e8959f3677c1f8ecb58d0ea638ce9

    • SHA1

      5d5726702345f6291955bf674a0438b49cff41fd

    • SHA256

      0fd7833b62f550770ff80ed32dca389a861dd43dca7c4672af2947bd43516be3

    • SHA512

      e3325a7210dad57673d27447831342a9edf827cd9024a7735db3cbb51a26176c0428b07dbf05aba89666c3948066b1e30c449ba3fb2cd0aeb7c536ececcd7835

    Score
    1/10
    behavioral29behavioral30

    • Target

      HHCTRL.OCX

    • Size

      514KB

    • MD5

      13eb1fc2288ddeb2e15b5986224251e7

    • SHA1

      99c218c871a41a622d2e098f385ecec427164b59

    • SHA256

      25a76498d5ee998b5926eeee008ece256144081465479f49e10bc5167b6377f4

    • SHA512

      46d2484a04b0aee92672d3cf4f9e227f09482e8fb50cf4509a4919bd1185426dae0dc27bcb7de22b1af54c1ec2702fffbb4b526bcc0eba7d69706be4f6b2de92

    • SSDEEP

      6144:fmTf+eEha6fPCNox1vZuNjQd2IeN0ZFGu/T4LQh0fqc4L7oQ7uEAxQaEmZ6HbLO6:fwfz+DPPRulUeNo7KOF7oQAx

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

JavaScript

1
T1059.007

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

5
T1222

Modify Registry

5
T1112

Credential Access

Discovery

Query Registry

4
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

pdfjavascriptupx
Score
7/10

behavioral1

execution
Score
3/10

behavioral2

execution
Score
3/10

behavioral3

Score
1/10

behavioral4

discovery
Score
7/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

discovery
Score
7/10

behavioral9

Score
1/10

behavioral10

discovery
Score
7/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

discovery
Score
7/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

upx
Score
7/10

behavioral18

upx
Score
7/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

discovery
Score
7/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10