General

  • Target

    5b518a9f9d968ff562d860db70623b78_JaffaCakes118

  • Size

    1.5MB

  • Sample

    240519-zatflagd88

  • MD5

    5b518a9f9d968ff562d860db70623b78

  • SHA1

    7a378598a9f3630569f19d5895fafc941aadfedb

  • SHA256

    e723ee615d7a64e918ab185b645324a0cb1b376302d33b54995b54da39be51f3

  • SHA512

    4edc32123b72b7ea6f79fdd98694d68732cfcac7475350aa31ac9f6f051a08e0d283ac5878477498f5dedae5759c56f0727375d70a5430a625f11f0d23af2cb7

  • SSDEEP

    49152:iPhv1CoBZphZwKNvHjdJB6nMhRrkZ54IC:ip9BwKhUnirkZjC

Score
10/10

Malware Config

Targets

    • Target

      AutoPowerOn_windown8/AutoPowerOn/autopoweron.exe

    • Size

      1.8MB

    • MD5

      34c106898919bff9359ce5cf99bf6ade

    • SHA1

      bb986ebef961ece36fccb89345a7139c67794c05

    • SHA256

      43eed68aa81badf0946ddb6cd710fae2bca84c691124e0e1c1609189e56c3978

    • SHA512

      c96998e2cee6ebb3c011b7355e6382e9dfeec5e7a773f49cdad39b8abae3610203c802cd81f80a08ad517494f4a4cbefe415ed229530206ce6672e622e7d0647

    • SSDEEP

      49152:saKc0f6wkRh2DvrwSNMzsl+1FqTe/yUpcNafcMYW4FW:AitGrwSegS4et0MYW4FW

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $PLUGINSDIR/autopoweron.exe

    • Size

      1.6MB

    • MD5

      fc7a668a581fc7a511f54dbea3a2ab0a

    • SHA1

      b5d783f2ef60a53b1168efcd42bb9bf4c4551fc5

    • SHA256

      da4419f3cd770012d0a6be1f7f7330611dad237f156f446887cd6f11827769f9

    • SHA512

      61c6384239324d06c89612eb364aef44b700f346f95eef8d6a07ef43a1ac39b60a73c842aaf5564a5a14480e3be3fc9d3c6ddb76c1dee4d3e5cf02c0f0491244

    • SSDEEP

      49152:60f6wkRh2DvrwSNMzsl+1FqTe/yUpcNafcMYW4FG:gtGrwSegS4et0MYW4FG

    Score
    7/10
    • Loads dropped DLL

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      0dc0cc7a6d9db685bf05a7e5f3ea4781

    • SHA1

      5d8b6268eeec9d8d904bc9d988a4b588b392213f

    • SHA256

      8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c

    • SHA512

      814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0

    • SSDEEP

      192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo

    Score
    3/10
    • Target

      AutoPower.exe

    • Size

      526KB

    • MD5

      0ad902046991b2a1f566247c9276c665

    • SHA1

      5c1e2be6f2ba40ec8dd935b851a4e74a8995b914

    • SHA256

      ae5fdb6c9dece79b53d2140015d49c2063dce3f91194780c5af46ac5bd32ebb7

    • SHA512

      e05d1bbaf2533cd77e5cba96df3bb54b4dee716a94ce4be2ce9f744a8139248058ea4303de3fa2e7a4d049a35087766d8f524e1f5f62818bda17bb82ce77df7f

    • SSDEEP

      12288:Kc2PpRw2RpYfoxr/a7/PbmqPXNwrTFAp4oUHIXt:SxRDYfoxDIBVwrTO5

    Score
    10/10
    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Target

      Help.chm

    • Size

      155KB

    • MD5

      10ab0709e3b1d21ef30601a14e14e558

    • SHA1

      2556e70d17929d41c27e62b7a99b4adbcd7338a2

    • SHA256

      a60d359f8b59fa335e6186c89e28b0b90961a2a83a3b45e48a4c89e616c98642

    • SHA512

      0f35ac2962017892215b30c1014b1005c2a2ff5cbb4c4f1375f95be824e92775cf0ef3144ff5e3767dbe1adb9ff3630b81c784ffa700af1ce705c9ed3bc75a6f

    • SSDEEP

      3072:BrJ9Iq3bGDs4ES3F3oe6TVNRhEMT4HkT0wvMyX0DnazQ67T4Vr9ZKmq7:BrJ91LGD7ESV39Q/bTKwvhCKQ6arHM

    Score
    1/10
    • Target

      RunDLL.dll

    • Size

      90KB

    • MD5

      3f1f6f320c3df5a4494924e9705028ed

    • SHA1

      3b1474939fc2cc4c5396cfb0608fcba364b33f27

    • SHA256

      db030ca1c54781fb0029dbe433bbc9de566350acc633ad3445ae81b56c0f2e8c

    • SHA512

      1b066461a7329dfd54c78cb5c0538b065770abe64917d38f64177710b2bb2320c815f2115d26dfe5f7632cb6ac29da9687f774371e3c2fce04a2bb124d012726

    • SSDEEP

      1536:+GEbOAarrqRAsNdkaHk13rMTHUEBDS8U+CSdr8AB55kDTNGcGHqxNC3Xty:QbOAamAgterMZe8Zr8ABDEoqxNC3k

    Score
    3/10
    • Target

      SASHOOK.dll

    • Size

      65KB

    • MD5

      c278352103ee28bfbabd18254d15a430

    • SHA1

      9db1e8176f02b9c83ba4a7ec69efad35b4d0e37b

    • SHA256

      79b40a60711f5687d20afe695074a535397ed87ca42df2e47ea545f2c0ebc3bf

    • SHA512

      df59ff1b1023edd4d4a40a83a80a5706de74c28f4b04b47a122f1d1335b57e81d0cabe4160246a5b3f5aa38788e248bd9c045c85e0c4477c5078cc3ff3142e4e

    • SSDEEP

      1536:C465M/t+I4qiROQF2huU4VN1y891bXhOrs5SQAGkGzWoc:C4LwvROQF2Y/g8pOriSQ

    Score
    3/10
    • Target

      autoss.exe

    • Size

      2.1MB

    • MD5

      da4e0703a34085c2fa77d86492273381

    • SHA1

      6905a25afa412c21528fa601c121c957d0436248

    • SHA256

      41064f46efbd85824697f4675ff6d70e9b47107891fcc5a966361deb370a70cf

    • SHA512

      98d339c8e915f8d967641eafc22ee14216a9d5dd61e660d0aba557af622667b52eeacb9d54a043b04bae6079937986d4b7ad219077ceea348de328b6520d6327

    • SSDEEP

      24576:IbYUSrlwjSVB9y81hXlEM2Iu9VYRj/1rRiVzC2:Is3zy4u9WD1twzC

    Score
    10/10
    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Target

      disktop.exe

    • Size

      498KB

    • MD5

      6bf4a69d3f938496f36dc3fa2f7dda0b

    • SHA1

      eedc94f5a8df9a4aa5eb58b3fc835448e2825ea5

    • SHA256

      1f73df400d14b85e556a20d94b1e2ae85ce860dabe190c6bdb644c4c354684ad

    • SHA512

      a9e3674a03a2b7c61353281a6c419901f9a9cb7210bf38b05729e2a7b21778b251502bb87f09d39ee89d2f6dd1b2fef8dacc0ab0ecc2345398eb2fb877de311f

    • SSDEEP

      6144:sjrnm1kUXj+SkzpzRCv5HcPIloaxsEdAJqAHVgiTeYuH70KNXfreXH1wOA1yMGIS:srnjUXj+SkxWSEyXC3Yub1qXHrA1hKl

    Score
    1/10
    • Target

      uninst.exe

    • Size

      88KB

    • MD5

      bbc83c95d7a2a93b0f3a24e471f9bfde

    • SHA1

      dff793da5932c33e39b031441149333a9fdb3577

    • SHA256

      46380642a474308abd141b21e4b42b05725da9a6a7be8e33dd5e232f8c7bca32

    • SHA512

      4b2fac36e5bf79694bba6f484f0b87a2fd697151845169fcd19b12c88c7fe834470df21c607e5e2e8ce1add3f69b782ea495e68802ff9da11ea37f0a38beeec5

    • SSDEEP

      1536:FpgpHzb9dZVX9fHMvG0D3XJHgfn5GdujLoHWAEYnt3zM1m:3gXdZt9P6D3XJHCnAEo2APV

    Score
    7/10
    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      AutoPowerOn_windown8/下载说明.htm

    • Size

      3KB

    • MD5

      9bd1ac9ead8eda95e8284f12ddba89e2

    • SHA1

      44ad2b426711da0bc122d500b9117808385bd406

    • SHA256

      54198ae94a082537ca82686954de11084ebb050917b65871fe1639c2c1a308b8

    • SHA512

      e94611639a7396705f684055fa762db261bbaffb2d7b459b1fddbd44d25358b3bb3111ae84a8bc444388f26908193fbfa79c232570f52a38f1c49fb57b322850

    Score
    1/10
    • Target

      AutoPowerOn_windown8/使用帮助(河东软件园).url

    • Size

      216B

    • MD5

      6a29fdd9a578559f631bd0c0919539f2

    • SHA1

      7ba1e243d907b6893f798dbd6169ee057e4845e9

    • SHA256

      6592450b9c9233d6d1a751020b3514bd20512d1224983c774e633ab2dee7b2c9

    • SHA512

      6eee5fe42d1105523e0555ba90f6a98237293983238a80342a62bb7dc1cb1a5b00081a447ae3a0d36f67ace197f288315f816f6da9ea27457753efb625793cc1

    Score
    1/10

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Modify Registry

3
T1112

Discovery

System Information Discovery

4
T1082

Query Registry

1
T1012

Tasks