37d973a6b74b1919aab1518708fa91d14792b4218dc177d339c51e88d787535c

Sharing

Copy URL

Twitter E-mail

General

Target

45183ce88f648c6b3fc0f7ff86e6bd22_JaffaCakes118
Size

6.0MB
Sample

240515-h8qzpafb49
MD5

45183ce88f648c6b3fc0f7ff86e6bd22
SHA1

df01007565c6f9abcab5514309dffb79a2b0764e
SHA256

37d973a6b74b1919aab1518708fa91d14792b4218dc177d339c51e88d787535c
SHA512

45d214e36cab3809f8b722701822603a7eb6be9c5b58f6803f2dab8be5d923f19f92cb274749d4283f5c98a41f8561c3bc0e34f0288dbc4de85412d84d108e54
SSDEEP

98304:13fWCZEpaxdPBcaSWPVsF4qFyweY7WS5uOWf7GXKMdIY4EdlUflG0G7AGIPlZg:13+oPjPOa4FHyF8WSAP7M5d5CKPWlZg

Score

8^/10

evasion

Malware Config

Targets

- Target
  
  45183ce88f648c6b3fc0f7ff86e6bd22_JaffaCakes118
- Size
  
  6.0MB
- MD5
  
  45183ce88f648c6b3fc0f7ff86e6bd22
- SHA1
  
  df01007565c6f9abcab5514309dffb79a2b0764e
- SHA256
  
  37d973a6b74b1919aab1518708fa91d14792b4218dc177d339c51e88d787535c
- SHA512
  
  45d214e36cab3809f8b722701822603a7eb6be9c5b58f6803f2dab8be5d923f19f92cb274749d4283f5c98a41f8561c3bc0e34f0288dbc4de85412d84d108e54
- SSDEEP
  
  98304:13fWCZEpaxdPBcaSWPVsF4qFyweY7WS5uOWf7GXKMdIY4EdlUflG0G7AGIPlZg:13+oPjPOa4FHyF8WSAP7M5d5CKPWlZg
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/SetupHelper.dll
- Size
  
  1.4MB
- MD5
  
  e4df5c7f58d5e0ccbbe7a6e74fc449ad
- SHA1
  
  d0c92b3b78cd5fa61ce51b770565aeb488610c43
- SHA256
  
  af55cbbbd681182226c5e854470a05ea8ec6242a30d28c61ce9c20b968088db8
- SHA512
  
  5f7456f107df50809bd504e46cd4f5cc43764e683fb14dbcd03c1e6ab5ea5868c0279ed52c8aa5c1795e7928335b9ac07c31c228333dcd44dbb408f04ce2619d
- SSDEEP
  
  12288:9GoXS24JiBgSwIiO/qxP4gjICgR5IF5aDTD3rGIBhwjX5xkOC8hPePDeUGFwyhSu:9LCAliO1gqQNgPCUQSUTYoXJ6AT
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  b9f430f71c7144d8ff4ab94be2785aa6
- SHA1
  
  c5c1e153caff7ad1d221a9acc8bbb831f05ccb05
- SHA256
  
  b496e81a74ce871236abcd096fb9a6b210b456bebaa7464fa844b3241e51a655
- SHA512
  
  c7ce431b6a1493fd7d1fe1b1c823ad22b582c43c8eb2fb6a471c648dd9df9953277c89932c66afd598d43ea36f4a8602e84cd175115266943071cbc8ce204099
- SSDEEP
  
  192:hClej3uzvJwqJMQKN4GbeWZksMI4ETWcEbcBZ8ep2Kra7yOG:hCm2HgN4GbeWmbI4Eybogia7yO
Score

3^/10
behavioral5 behavioral6
- Target
  
  CacheWechatBackup/Plugins/WechatBackup/AndroidAssistHelper.dll
- Size
  
  516KB
- MD5
  
  0c30969e7222c4a9aff2087a1de88b90
- SHA1
  
  7060a8dd172986db7dcfea23d450eb4282c0dce9
- SHA256
  
  fd1ef56de44b98a02f25a14b08818dfb9e0b5915a068b9e28014ac1fd0148a94
- SHA512
  
  11e3d79e4eadade431adbedeca2e57a1d29c5712572cfab51de19202e5e930fdd376099614d861aa4e6510cb4287a1f9330014c2f4cbd5fa52bf7a879f90c6ff
- SSDEEP
  
  12288:047yjn0b96KYyfae60OZNDIAQmOAYc5/QGEBSRnNpLr7LvLTMisIMwRb:0gUM967yfae60OZVxX/QGEBShr7XTM1k
Score

8^/10
- Blocklisted process makes network request
behavioral7 behavioral8
- Target
  
  CacheWechatBackup/Plugins/WechatBackup/ConnectService.exe
- Size
  
  4.5MB
- MD5
  
  bc1d2ace3221b777ce8ce1bce7e45bb5
- SHA1
  
  b5d74e4c5d050c3015b15db33f14338f8b3b3b92
- SHA256
  
  229c60f01ddfc262e0a18e5658ea67e0f0aac1583990009771a6ec63d59b5ae7
- SHA512
  
  91c01f53e46ae0741aaf9ae181ce3bfe0714d01d4aa83d3afd3e7dcac97616e682743af26490aec537f19675e839ccd843fd3445a8db29fb52c13e249ec83cdb
- SSDEEP
  
  98304:2Hy0XTpSonO9/SBrFFjMoYsRf3Ewex0nT7s9t+sqX9Gwpt:PkN5MQBiTSswex+HsqtB
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral10 behavioral9
- Target
  
  CacheWechatBackup/Plugins/WechatBackup/WechatBackup.exe
- Size
  
  1.2MB
- MD5
  
  f74d9bf8be92915257c10d72948e061c
- SHA1
  
  e633f1f956d560740ac6171618ecbc66d331a55a
- SHA256
  
  817252128cdb7adedcbce2713007a0d56eaee5efcaf27719383072fe7a2f62bc
- SHA512
  
  af099f0e4b97a0b4fcf2107fda3730a2a90dd0a96e86ad7fbf981cdf7ec5664c3e943a42460d9b7b7dc041cff59b9fe89a81973a45dc0e38cf3f667dcf4109be
- SSDEEP
  
  24576:hL0+qZn1MePC+INawSWm5Q0BMKUYO5yyb:hzsWO2qBM1Ybyb
Score

1^/10
behavioral11 behavioral12