General

  • Target

    41b93173a8b5583daaf090438fb05004_JaffaCakes118

  • Size

    538KB

  • Sample

    240514-q44zrahf8w

  • MD5

    41b93173a8b5583daaf090438fb05004

  • SHA1

    a0db1a8f024e95fbc5c4c4930a4f6f905bbcab24

  • SHA256

    b87cfba8a4f2329b0b372326a7f169f5896459a6bdae0ad8857b576129722204

  • SHA512

    a770ed85694301daa0b8f9c46dbc25207411b888d6d1a358a816590f0c3bbfad05bd438545554e6c3ce391be6b640acbf69819f38aab0dd235caf2d17962be57

  • SSDEEP

    12288:kNi7Ynlwt1fL+RcGNh25nxXLZmW2PjlyjkvGha:kNk+lwrEcEc5nRLZj2PjlyTa

Malware Config

Targets

    • Target

      41b93173a8b5583daaf090438fb05004_JaffaCakes118

    • Size

      538KB

    • MD5

      41b93173a8b5583daaf090438fb05004

    • SHA1

      a0db1a8f024e95fbc5c4c4930a4f6f905bbcab24

    • SHA256

      b87cfba8a4f2329b0b372326a7f169f5896459a6bdae0ad8857b576129722204

    • SHA512

      a770ed85694301daa0b8f9c46dbc25207411b888d6d1a358a816590f0c3bbfad05bd438545554e6c3ce391be6b640acbf69819f38aab0dd235caf2d17962be57

    • SSDEEP

      12288:kNi7Ynlwt1fL+RcGNh25nxXLZmW2PjlyjkvGha:kNk+lwrEcEc5nRLZj2PjlyTa

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

    • Target

      $APPDATA/9.opends60.dll

    • Size

      51B

    • MD5

      fb839da15dbbcfdb7afe5f082fe605df

    • SHA1

      df238207efd6a81e55ed04498cd6effbe68c9ee0

    • SHA256

      8cc0ad9c334dd6ab129c49c07ce7336f8408c7e8e86e933618ec1ddc459af54f

    • SHA512

      bb3e796ad2810389be8dcdd8cbcbb9fe4d77d3e3e3b9979a88a295cdf3a3aad291ebd6f412926017e8514537722c08b87d6b5006db8e4a14c34441c4023a621d

    Score
    1/10
    • Target

      $APPDATA/matrixkeypad.ko

    • Size

      15KB

    • MD5

      29e9a1abbf95a5eefffab124fac646ba

    • SHA1

      ecf02621d6340858989072a1a8f0866e3464d634

    • SHA256

      18a2a49a4a6bdce6bfe434c4d37ceb614b8fc571b0de5c31dfd7f5afa07a26f3

    • SHA512

      8fe5b339b4a4ba7a5ecfb18c8072719e288c0c60aad90dd68b5a91836e40248021859007be569b7291b32654ae894dedb0e5ac41757e450b7202bdc9933c20cc

    • SSDEEP

      192:bWaLqt1+zFrSdxl2+1yyWDg0THUkdJLB0WQuP5JfGMKolBjWO:iEaemxlffW1rUoTJKmjWO

    Score
    1/10
    • Target

      $APPDATA/season/INDEXTYPE/emailAddress/directory/48.opends60.dll

    • Size

      50B

    • MD5

      9ac46906870e0f9527d5aceb32ae5abf

    • SHA1

      0861872473608c0736949146218e92156ce21a6a

    • SHA256

      408e73727c6d0131d371b459495102fb752c772a2335ff69a9237d0921fd3bbc

    • SHA512

      f641b778b54c740c43b9dd8ea3354eddf07572aa4d430790cafee7e312ff547ea362d23a5b95d15fff13ef408fa1ac874bf1e23d1cd707926bbd213ffb9444d3

    Score
    1/10
    • Target

      $APPDATA/season/INDEXTYPE/emailAddress/directory/IEExecRemote.dll

    • Size

      8KB

    • MD5

      0d5fe1c95afe423b214f13e856d0f1a5

    • SHA1

      539727bee5ba21bbf8591a4927807a7a42d9161d

    • SHA256

      46862e0cd12555ac96a76ce1ffca06d6ef250b709e09e5c8441793d4c04e5a38

    • SHA512

      d578184f1f37bca0cbbd893984b1159c4d541b290f7a1339759b9cd870f450edda76807e853fc6bd8da91d6186dd07ad05012218cfcb910cdae07f4180e442ba

    • SSDEEP

      192:azEJySPTVhqQwRGC19x4VIJI13WyNNtrW/:NJySBk9RfNxJI13WyvtrW

    Score
    1/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      0d7ad4f45dc6f5aa87f606d0331c6901

    • SHA1

      48df0911f0484cbe2a8cdd5362140b63c41ee457

    • SHA256

      3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

    • SHA512

      c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

    • SSDEEP

      192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

    Score
    3/10
    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      9eb662f3b5fbda28bffe020e0ab40519

    • SHA1

      0bd28183a9d8dbb98afbcf100fb1f4f6c5fc6c41

    • SHA256

      9aa388c7de8e96885adcb4325af871b470ac50edb60d4b0d876ad43f5332ffd1

    • SHA512

      6c36f7b45efe792c21d8a87d03e63a4b641169fad6d014db1e7d15badd0e283144d746d888232d6123b551612173b2bb42bf05f16e3129b625f5ddba4134b5b8

    Score
    3/10
    • Target

      $TEMP/aspnetwp.exe

    • Size

      29KB

    • MD5

      586677e260d59c0aef4787749bd22e22

    • SHA1

      0362a9f12b333489d0881ad80487a5d70c6f6c53

    • SHA256

      16f9671a4d62b9b6d58339d58cecd1cb1a57fb55b98e449a36520b6ae57fb3a3

    • SHA512

      a7eea5ce32354e4d83a4c83ac743a9fb9a3d345ada34db2366259709e98606b8815cd588ba3c87efd3450d827844983670df10fbe252ea622c9a98d62371e7b4

    • SSDEEP

      768:i2LK/zkfU+wmeQNm+1QNVB77TrfL3d/o+k:i2LKb0DwmeQNmwMpXfR/oB

    Score
    1/10
    • Target

      $TEMP/planula.dll

    • Size

      72KB

    • MD5

      6abeff0d3c52cf017e36e941f035c3e9

    • SHA1

      ba0f193dd98a5502c29c4f5671ed066e2a3ae38c

    • SHA256

      da93766a660b71b43492920bdb0478359fe86a17a3f51a0329cf6ac77e0852b2

    • SHA512

      8b256cc4787c7aee904e36c3772916a5d06c5bde96e9bda3897ca1e7e7e1099d5e46e0d921bed64a1633a91508301ee8568211f02d7dac5dde9f84a57a5ac0a7

    • SSDEEP

      768:RWGCacHgiB4722o+oOc2dIMSWwhC/ox1ozef/coG+izus+9dIt1t7RkUi4e9X:YIVS2o+c2dnSWV/oGe8n329dstlfe

    Score
    4/10

MITRE ATT&CK Enterprise v15

Tasks