General

  • Target

    4cbc50b0f7d5bd24c6f9ab3139af9e39_JaffaCakes118

  • Size

    14.3MB

  • Sample

    240516-ycqxtada2s

  • MD5

    4cbc50b0f7d5bd24c6f9ab3139af9e39

  • SHA1

    53d1fd3d74c547cfe5af27dc887783cc4b21339b

  • SHA256

    619af4a455d2f08be2d92d5d59fbd3737278b8746a6162d995be1263eea9add2

  • SHA512

    915f5d0073bf853786ae55535e3f4e1df168c2cb9ab8df4e3f7691fbfbb5831fb0edd21eef5442389117292fa982001454a54fb8e4b95c89df160ea0067078ea

  • SSDEEP

    393216:uSgdVRLcqFuq7Oy0o2ZYcfQZgHO5FU+2JNFOwNreA6F915:uFDRLkg0o267GS2JnO0rfq9f

Malware Config

Targets

    • Target

      4cbc50b0f7d5bd24c6f9ab3139af9e39_JaffaCakes118

    • Size

      14.3MB

    • MD5

      4cbc50b0f7d5bd24c6f9ab3139af9e39

    • SHA1

      53d1fd3d74c547cfe5af27dc887783cc4b21339b

    • SHA256

      619af4a455d2f08be2d92d5d59fbd3737278b8746a6162d995be1263eea9add2

    • SHA512

      915f5d0073bf853786ae55535e3f4e1df168c2cb9ab8df4e3f7691fbfbb5831fb0edd21eef5442389117292fa982001454a54fb8e4b95c89df160ea0067078ea

    • SSDEEP

      393216:uSgdVRLcqFuq7Oy0o2ZYcfQZgHO5FU+2JNFOwNreA6F915:uFDRLkg0o267GS2JnO0rfq9f

    • LoaderBot

      LoaderBot is a loader written in .NET downloading and executing miners.

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • LoaderBot executable

    • XMRig Miner payload

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • Target

      $1/1337/Alexandr.exe

    • Size

      3.1MB

    • MD5

      7afcb8667f1ec33f0cc084936a8a4044

    • SHA1

      a2755123f3515fbfcbd5b1ab38c22fa757b8afa8

    • SHA256

      2304cf3b3d0753318d60c2769c535a164d5f56ee0343c59ac616036d95e8ad71

    • SHA512

      bc04b81c01df03b360c225709d2db3078d1fb45fc2a67713f5f5154d050c71e241c2c7590f510d9f7ac3a0a4bc820b3b171d96cb56d23c0496df184e527162b8

    • SSDEEP

      98304:A5aFQWMH0wPoBn1ZPBIjKNMxCSz4Rg4MuykNt:A5aF1MHropPDuhg3z

    Score
    7/10
    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $1/1337/ExtrimHack [free][17.08.2020].exe

    • Size

      11.3MB

    • MD5

      74541b23f5f5c2d86616bea5497db51f

    • SHA1

      34d9f8cfbbe0999dd016e32ac4015cbcd127fbdc

    • SHA256

      20b6d5a91f896f10a868a95adf50c1710c6a44d841a565bd15ec64fad809449c

    • SHA512

      8289d9fba78a9143b8baabde22a083ab1384ff03c36791f80cdd7fac056bcec0ecfd46a7264492b4fce25ba1d2d90784619a1da0f72cb1e759dab806b3286d13

    • SSDEEP

      196608:upuMlcqs/RrpLiCnx6pyC9lkfVxUi5bb4AJyMw5u+KWDt51ZyvVh8tEHtnCY8MxT:CuQcqs/RrpLvnEgC9laDbVr6KM5yVh8E

    Score
    1/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      2ae993a2ffec0c137eb51c8832691bcb

    • SHA1

      98e0b37b7c14890f8a599f35678af5e9435906e1

    • SHA256

      681382f3134de5c6272a49dd13651c8c201b89c247b471191496e7335702fa59

    • SHA512

      2501371eb09c01746119305ba080f3b8c41e64535ff09cee4f51322530366d0bd5322ea5290a466356598027e6cda8ab360caef62dcaf560d630742e2dd9bcd9

    • SSDEEP

      192:vPtkumJX7zB22kGwfy0mtVgkCPOsE1un:k702k5qpdsEQn

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks