65b8710598416e9045603ea83259a5536d8bf431689c2955c6986ac2ced62381

Sharing

Copy URL Twitter E-mail

General

Target

4c7eff4f5254672edf1b57061dd3eae9_JaffaCakes118
Size

7.5MB
Sample

240516-xahyraad7t
MD5

4c7eff4f5254672edf1b57061dd3eae9
SHA1

b3596e0d9f18bafd3fa036e2d6a11c449d48a024
SHA256

65b8710598416e9045603ea83259a5536d8bf431689c2955c6986ac2ced62381
SHA512

b34e8eabbf6c8363e793b0f3c197ccfe2fea8161b50da1e48d8f7198853b46c17d486ac475ffc8f555fb8ec9862359a1f2ab0399a6a983f6842edcf08958588d
SSDEEP

196608:8Uc4rJryflfi8WBdzgEZGgcy6suG573miuiKNNRIEQSx4kGcz:tcI2xiFgEsgpuaWinssel

Score

7^/10

Malware Config

Targets

- Target
  
  4c7eff4f5254672edf1b57061dd3eae9_JaffaCakes118
- Size
  
  7.5MB
- MD5
  
  4c7eff4f5254672edf1b57061dd3eae9
- SHA1
  
  b3596e0d9f18bafd3fa036e2d6a11c449d48a024
- SHA256
  
  65b8710598416e9045603ea83259a5536d8bf431689c2955c6986ac2ced62381
- SHA512
  
  b34e8eabbf6c8363e793b0f3c197ccfe2fea8161b50da1e48d8f7198853b46c17d486ac475ffc8f555fb8ec9862359a1f2ab0399a6a983f6842edcf08958588d
- SSDEEP
  
  196608:8Uc4rJryflfi8WBdzgEZGgcy6suG573miuiKNNRIEQSx4kGcz:tcI2xiFgEsgpuaWinssel
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  15KB
- MD5
  
  09d8971beefefffd710030dd167a99e0
- SHA1
  
  a0117786ad77213f3eb48cfdc3819786cb796b7d
- SHA256
  
  caf64a4e9449220ba618a9aa2ae4ed3774c5d0f193bda44be22676c27ae0ec95
- SHA512
  
  3956f0c6bcdf033e4a10ab33872a66e0668da28ec31cb7a2c67ef7266d7c0845998a2a85a6cc25aba1df73909df8104119cf5f1f86c1e91f8fd201765aea49f0
- SSDEEP
  
  384:EhC43tPegZ3eBaRwCPOYY7nNYXC8/Yosa:EoTgZ3eBTCmrnNAI
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  6bd0f48ebada20615976d587933ec18e
- SHA1
  
  c664841af354bf3dfcb56810351b5c8966abacba
- SHA256
  
  40bacf4d323ec800803add519c00075998da102b1fb41340dfe0429707ea1e9c
- SHA512
  
  d25428f7af93863905e17bbcd56c5525ce7f589b347ea981bff043f10cdfffd4d909064ebd7d66c9c3761551b870464a78b0d8e15db6a947f7f8c73b21aec184
- SSDEEP
  
  96:p8dPIKJhMuhik+CfoEwknt6io8zv+qy5/utta/L3lkCTcaqHCI:aZIKXgk+cx6QYFkAblncviI
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  8cf2ac271d7679b1d68eefc1ae0c5618
- SHA1
  
  7cc1caaa747ee16dc894a600a4256f64fa65a9b8
- SHA256
  
  6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba
- SHA512
  
  ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3
- SSDEEP
  
  192:BenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XB9IwL:B8+Qlt70Fj/lQRY/9VjjlL
Score

3^/10
behavioral7 behavioral8
- Target
  
  7zxa.dll
- Size
  
  155KB
- MD5
  
  ad71a5e3a757aef0329aeda567f25a00
- SHA1
  
  97c766d85c9dabfcabd5a983fe165506d227a8ac
- SHA256
  
  f6b9ae6eaaedc55db0e381ec153892c122f1f257ada80cf242a20be8a2f117ef
- SHA512
  
  6852496fb8f59bea3ae46efd507d654ae27306d9f4f2f0dc0db8b03f9f63a3712e075b12f0ebdf6ea88db081fca4dd29be1555584aa70386ccb8297beef886ea
- SSDEEP
  
  3072:0qNymKJ1/fi2YrR4qzoSB6PVx/lhpwp8Gn9XA6kuF:qJ0rR4qmPVvf88uAdm
Score

3^/10
behavioral10 behavioral9
- Target
  
  DLL/libeay32.dll
- Size
  
  1.3MB
- MD5
  
  fa5def992198121d4bb5ff3bde39fdc9
- SHA1
  
  f684152c245cc708fbaf4d1c0472d783b26c5b18
- SHA256
  
  5264a4a478383f501961f2bd9beb1f77a43a487b76090561bba2cbfe951e5305
- SHA512
  
  4589382a71cd3a577b83bab4a0209e72e02f603e7da6ef3175b6a74bd958e70a891091dbdff4be0725baca2d665470594b03f074983b3ed3242e5cd04783fdba
- SSDEEP
  
  24576:RNaU+KpPikndiNfzN4jH3PlMQzMjYpOtJqTp/kqg1:PlUfzN4jH3PlyjYpOLqd/kP1
Score

1^/10
behavioral11 behavioral12
- Target
  
  DLL/libhunspell.dll
- Size
  
  578KB
- MD5
  
  ac2478223d79e405fc1154e19c61f68f
- SHA1
  
  9f899dac2b2501aee4e03381eeca7df34a3b4c47
- SHA256
  
  4fdb1537458441ecfe4a323647091631a1c5cce92bba8bd51619637951f7cb31
- SHA512
  
  6938006994ed0bf210a2143907d741400cb4d1b8afcae101be1d45b5b5e37520fdfdd930a0ef5cbcf3b81f67e107974e294c4232821730f32ca9eaffd0856f56
- SSDEEP
  
  12288:q7O74ZjEMD44/ntRieNYRDGf12jntfUrf/JFAPsByypqSFe1co+:aO74jEMDRYRDG8p0JF3ByKqS4co+
Score

3^/10
behavioral13 behavioral14
- Target
  
  DLL/ssleay32.dll
- Size
  
  330KB
- MD5
  
  2117e31688aef8ecf267978265bfcdcd
- SHA1
  
  e8c3cfd65ed7947f23b1bb0b66185e1e73913cfc
- SHA256
  
  0a4031ab00664cc5e202c8731798800f0475ef76800122cebd71d249655d725f
- SHA512
  
  dd03899429c2d542558e30c84a076d7e5dbde5128495954093a7031854c1df68f8ff8eca4c791144937288b084dd261fbe090c4ff9a3e0768e26f0616b474eca
- SSDEEP
  
  6144:I6MNzVTEz1LgXCpfoaDRQHojjYkARhcPL0U2pHGS5VdQ/TOEzrqArrpA1riT1PiR:I6MNzVgz1LgXCpfoaDqHojjYkARqPL0z
Score

1^/10
behavioral15 behavioral16
- Target
  
  Html/Edit-Default-NoIndent.htm
- Size
  
  893B
- MD5
  
  18c33985ec71eae3b57ece496efa64b7
- SHA1
  
  fe93bca5a80c688e16239ce8695dbdd7f3bd27ad
- SHA256
  
  684219dd47f1ed338aea5ce5d9f5a1bdebec73286e49feec911589f743c4c43d
- SHA512
  
  c44b981ac0a1ee86a9e02bb1a7c1d05ef723ab0ffccb35fa36fba717e3ee925492b2041f484fddec98264efd3214fd895cdc6e807a18f12d74e6f782bf891fb0
Score

1^/10
behavioral17 behavioral18
- Target
  
  Html/Edit-Default.htm
- Size
  
  1022B
- MD5
  
  32c706bddc80926174a8afa10bf78d1d
- SHA1
  
  10d3da9227931345978d04e716dbb7e73a24784e
- SHA256
  
  57433384133da424b462946edb220c114df01070306de11684a295ed12f80bc8
- SHA512
  
  4f68eb41dec514cb0b901f96acf7d6241d3893c230d8eb50e79521f1d59bfb764bfa77da40062ace290d6f317607fcdfd567f17d2595805759cf6fea096cf44d
Score

1^/10
behavioral19 behavioral20
- Target
  
  Html/Edit-Minimal-NoIndent.htm
- Size
  
  298B
- MD5
  
  4091c0be0efda9d64f56a28f8e01b1bd
- SHA1
  
  6b6cca78aadabb9207c5bcf69ca4f67926b217dc
- SHA256
  
  d3b888724092773dd009fa7dfac0da8c85298120a4b74e48a483596fe4a82b22
- SHA512
  
  3be599120ae11e20dfabead3014a34ad5d9d397d02f302bb51473f0440e64660e7344965c90a3de933938c47db13966ff1d27bcf79a0b61dfd97e56e7101c74e
Score

1^/10
behavioral21 behavioral22
- Target
  
  Html/Edit-Minimal.htm
- Size
  
  392B
- MD5
  
  ccc78233a009c3e405fa95f4750d500f
- SHA1
  
  43d0cae4bfe58d2fda06ec8962415598366ab192
- SHA256
  
  457bf34341efb83226be463b3a85ece7233e9e4d06e25830c603bfcce7acc132
- SHA512
  
  4acd54e0382a8b430b41b5667ad496ebfc0757f11287f74986337c9852159d5483be2e250103c7fc54016e9d3fb064af705c4a397bf35d889994b9b1b9372530
Score

1^/10
behavioral23 behavioral24
- Target
  
  Html/Edit-MsgOnly.htm
- Size
  
  248B
- MD5
  
  3904dbda871d2363da995a876de0f403
- SHA1
  
  458761f21943c7f51a84936e9a5c5b988b4f084d
- SHA256
  
  33b857af977d9a76328d7b2eb4dc8b3614db7ede70ac7453a7ff9f2dadc6929d
- SHA512
  
  5512823a8a13f91d3f775e1baf41b9385edf4e886aa57fd20ad5d85633171bea5ce4ca7ccbf1afe4311e5bad9b6704849c2921825457a6a683ebfd78da8a7099
Score

1^/10
behavioral25 behavioral26
- Target
  
  Html/Edit-Old-NoIndent.htm
- Size
  
  982B
- MD5
  
  83deb235ce77087bb7e6774c38251e76
- SHA1
  
  b0563adbea522d3f21bee6ba9bacec49d4d462e7
- SHA256
  
  6016c11725e3abc95b20dfc28cf0790150f1a3443f60659e223a2901abf167b1
- SHA512
  
  0f4bdbe5f94b99379727d25ff2b3988797a8f5f1c2bf94efb12765f3c58ae97bbb079ee2fb04edecf83bcb38ab11731777c54392d4f231ab2b9cc957dfa69f0d
Score

1^/10
behavioral27 behavioral28
- Target
  
  Html/Edit-Old.htm
- Size
  
  1KB
- MD5
  
  a79133e72d959b58729527db300e93b3
- SHA1
  
  e4bb99daa1d1642b1a663dcb169e0a3604dc4104
- SHA256
  
  ac679347b037e5bf3c1f75c52e3c9eb4b5ae754bcafbb7a59abf1f20f0472e41
- SHA512
  
  88d5e157e5e6e313aa7221f565ca4c6f06e05c95e7e365b143c8bb43e75a418eb8371e4ab1bd94d8f7787f4bb2ab302b026ba46e90f26d66d231c64c428b8820
Score

1^/10
behavioral29 behavioral30
- Target
  
  OECRestart.exe
- Size
  
  61KB
- MD5
  
  c89ae23f58aeb5bbf982f3807ad48eee
- SHA1
  
  27919c3782353f8f7c8b1ffa14327aae9fcf0691
- SHA256
  
  621bee663613ca4d67ad887657ab3c467ec3a56c88e43b679d767cb7e34c9b57
- SHA512
  
  23a524332ffe36168c20e7434647940947e040a43d394c242ced07a0d88ca6d5cd8c8993e40038174f2a096cc26703a849833f1edb7974c7a6055f0cfc5b81df
- SSDEEP
  
  1536:y58zms4OfftCs8qRe42X/S5FjKrEiG8GbD6Qu:yazms4OfFVT2PAwrQ
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32