Overview

overview

7

Static

static

7

68ea0a5cc9...18.exe

windows7-x64

7

68ea0a5cc9...18.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

7

$PLUGINSDI...ll.dll

windows10-2004-x64

7

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$_43_/Modu...oc.dll

windows7-x64

1

$_43_/Modu...oc.dll

windows10-2004-x64

1

$_43_/Modu...es.dll

windows7-x64

1

$_43_/Modu...es.dll

windows10-2004-x64

1

$_43_/Modu...ec.dll

windows7-x64

1

$_43_/Modu...ec.dll

windows10-2004-x64

1

$_43_/RtHelp.exe

windows7-x64

1

$_43_/RtHelp.exe

windows10-2004-x64

1

$_43_/msvcp110.dll

windows7-x64

3

$_43_/msvcp110.dll

windows10-2004-x64

3

$_43_/msvcr110.dll

windows7-x64

3

$_43_/msvcr110.dll

windows10-2004-x64

3

Games Bot.exe

windows7-x64

6

Games Bot.exe

windows10-2004-x64

6

Modules/7z.dll

windows7-x64

1

Modules/7z.dll

windows10-2004-x64

3

Modules/CmdProc.dll

windows7-x64

1

Modules/CmdProc.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    68ea0a5cc92ed3d473f3e403c29e69f0_JaffaCakes118

  • Size

    2.6MB

  • Sample

    240522-2tz4lacb37

  • MD5

    68ea0a5cc92ed3d473f3e403c29e69f0

  • SHA1

    f8979656fc94b89df1ecb586d9aa37e230cd31ef

  • SHA256

    9f5ccf01f1c019da473e81593536aed6ed7cd44e3ce78ce845accebe5ee6dcf9

  • SHA512

    5a32a287317b1afb9c97927710796ef0ed620a66ff2ed8c0b9f178de21c8f0a7fc30e3acce13641c9ed2f89650bd450b2e02db39dc9b5e684cb3976cc45dc7df

  • SSDEEP

    49152:V8MMeHBQlZE7MArHoyDRkQb8CuMeSGO7xLLNPpJ6Qmub1F1ZblhwLRA+asFO6asj:V8MMeHBQFQHph4CutpOlLhBcQDbNZbl2

Score
7/10
persistenceupx

Malware Config

Targets

    • Target

      68ea0a5cc92ed3d473f3e403c29e69f0_JaffaCakes118

    • Size

      2.6MB

    • MD5

      68ea0a5cc92ed3d473f3e403c29e69f0

    • SHA1

      f8979656fc94b89df1ecb586d9aa37e230cd31ef

    • SHA256

      9f5ccf01f1c019da473e81593536aed6ed7cd44e3ce78ce845accebe5ee6dcf9

    • SHA512

      5a32a287317b1afb9c97927710796ef0ed620a66ff2ed8c0b9f178de21c8f0a7fc30e3acce13641c9ed2f89650bd450b2e02db39dc9b5e684cb3976cc45dc7df

    • SSDEEP

      49152:V8MMeHBQlZE7MArHoyDRkQb8CuMeSGO7xLLNPpJ6Qmub1F1ZblhwLRA+asFO6asj:V8MMeHBQFQHph4CutpOlLhBcQDbNZbl2

    Score
    7/10
    upx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/ShellExecAsUser.dll

    • Size

      89KB

    • MD5

      42865be4950639e871fed3a55b790d7b

    • SHA1

      c6f52d75dec3e215ff0ed3f9ffd4a2e05e3a31c4

    • SHA256

      c2c32ec71d26b8b4c451401eea1b00fb110ae6f530301605f8d5f71fb7bd738e

    • SHA512

      2bf28f0b39d4b10325b7038b71519819f6923ba11fcbf510c6be2e02291741ec3d79f4be651df9e0fe1ce4227498a1449463407622dfdd924b81e8681fe6bb67

    • SSDEEP

      1536:nZUcH87dl2uUVzmk1zaOvSTamTa4Uyf/fhcQYDZZsWjcdojmV/1Boq:2BZlWVzmupvADrymojmV/Eq

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/StartMenu.dll

    • Size

      7KB

    • MD5

      4206ac12a66dd61b2913f158488db070

    • SHA1

      589a65a8f2b40d9e821e47bc66fd5bb3848d6f77

    • SHA256

      4b722e1b2445fe8030194ba2ae1f573bc8e13dc3c028ce22312ea9848c584449

    • SHA512

      a6a1bd423f222dd28277831eb01a14179ea67fb4d7c2b498cf0684185caf7d44a1378faf3a3933a6ce5bed5f5824d011b4a0f6558c3b5d8e84cb5a2bfe455a67

    • SSDEEP

      96:o8dPIKJhMuhik+CfoEwknt6io8zv+qy5/utta/P3lkCTcaqHCI:1ZIKXgk+cx6QYFkAvlncviI

    Score
    3/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      3e6bf00b3ac976122f982ae2aadb1c51

    • SHA1

      caab188f7fdc84d3fdcb2922edeeb5ed576bd31d

    • SHA256

      4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe

    • SHA512

      1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706

    • SSDEEP

      192:eP24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlbSl:T8QIl975eXqlWBrz7YLOlb

    Score
    3/10
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/UpdHelper.dll

    • Size

      133KB

    • MD5

      452ce0b8d77359961b7918cbb98a4dba

    • SHA1

      4d14210d41ac4ee0d3644dbdb35822d6bd28c126

    • SHA256

      6e5f58aac49eb4662467f301309fc1b85d588fa71ab281dc8cd57b22850ed7e4

    • SHA512

      d7300aab2ef365310334ccf7781f9e1d0b38709f3f740ac4267215b1a8bfcf5889ae72a83fa986ea0542622ce348982beaa17b3ee3c10a67e8dab32cb9aa8d7c

    • SSDEEP

      1536:zh4urXX51BB1Yha4+Tb9wrCz33zl7e7okmkeIgt2I/j1bE6c+PsWjcdEMh75+8n8:zxXXn1XhwMT90t3MS7EM5+8nxkkC

    Score
    3/10
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/md5dll.dll

    • Size

      6KB

    • MD5

      7059f133ea2316b9e7e39094a52a8c34

    • SHA1

      ee9f1487c8152d8c42fecf2efb8ed1db68395802

    • SHA256

      32c3d36f38e7e8a8bafd4a53663203ef24a10431bda16af9e353c7d5d108610f

    • SHA512

      9115986754a74d3084dd18018e757d3b281a2c2fde48c73b71dba882e13bd9b2ded0e6e7f45dc5b019e6d53d086090ccb06e18e6efeec091f655a128510cbe51

    • SSDEEP

      96:5mArJv6F3TqDmgK4ghEin1US36eHQZDUDgGogZcko5Nt4AMP:5XJ63LhR6inZ6dsgZkKQT

    Score
    7/10
    upx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral11behavioral12

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      dbdbf4017ff91c9de328697b5fd2e10a

    • SHA1

      b597a5e9a8a0b252770933feed51169b5060a09f

    • SHA256

      be60a00f32924ccbe03f9914e33b8e1ad8c8a1ca442263a69896efba74925b36

    • SHA512

      3befc15aab0a5dbe7fde96155b0499d385f2799b1a2d47ce04f37b5804006b1c6c4fff93d3cedb56a2a8172b23752b6f9dc6168cfce3596b91def3247836cf10

    • SSDEEP

      96:33YnIxFkDUGZpKSmktse3GpmD8pevbE9cxSgB5PKtAtYE9v5E9KntrmfVEB3YdkS:33YIvGZDdtP8pevbg0PuAYK56NyoIFI

    Score
    3/10
    behavioral13behavioral14

    • Target

      $_43_/Modules/CmlProc.dll

    • Size

      84KB

    • MD5

      beccdd9df8ec434c9e6eb78fa054363a

    • SHA1

      f690c5eab1c1c39f84b19f3525114a2b3937cedb

    • SHA256

      6f461ce8c1e47844ed11ec53e08d760fa9340a32b04af207a3976cc7f9dd6cef

    • SHA512

      3a6586743f4129c641cb82886225179d218545aebf82546d07f791dbbe270ddb969040fd9a55ad5485678d881e3a3343be27a84ba412d401864edcc581c60f4d

    • SSDEEP

      1536:Kc7u8GA++XdTaQHyC3jNrSonmmJVw2M5wQyg5GBx8nU1+vsJnYlwazs0Q5nl3jtE:/zptaQShImMVw2r9Bxv1+vsWlwazs0Q6

    Score
    1/10
    behavioral15behavioral16

    • Target

      $_43_/Modules/InSes.dll

    • Size

      37KB

    • MD5

      7ad47a04c4bf17d6fec2cb25d6c3d58e

    • SHA1

      3e89bb832ad06cf28b64dce60e657edfcc1cc387

    • SHA256

      6837d7c7050bc16a35824de09c345b70365a5e7f3dff61ef496ddc03d889b39e

    • SHA512

      1ff31b057a940e226e0791844db37d5cb00453814665f5110699987417163e8fc739573be9d8507d38a7c6d6bb1b46838466d7dcd064c8300dae07c212bdb3c1

    • SSDEEP

      768:Af1XICcyTu1zDy181yFO//cTR9RPyVh6/3riBR:01RBl1mA00TJPIh6/3ri/

    Score
    1/10
    behavioral17behavioral18

    • Target

      $_43_/Modules/ManXec.dll

    • Size

      97KB

    • MD5

      95cf944c390c06a45b7a455ebf340173

    • SHA1

      ad2c1b92932a52c04ace29cb921bd06d1ca56e53

    • SHA256

      3a6886badafbf4dad3da593097117e252475f3296c85071c53da51ccb7009a38

    • SHA512

      9bc85c527741a90f554fe82d4735fdf003e1b0a7ca40404b763627ed1fe0fe489b2c0e603c3cd90a96120ebb242d718835733f1f3988629be4b0c516ac3229d6

    • SSDEEP

      3072:XLMhjuktfSPQhoSvwQsVQFMSkx9D4bZ9KIJylsrC6otcTdx1PXQK6aJGTfP9O3ys:7MhjVtq4hoSvwQsVQFMSkx9D4bZ9KIJJ

    Score
    1/10
    behavioral19behavioral20

    • Target

      $_43_/RtHelp.exe

    • Size

      387KB

    • MD5

      f652ea124a7544256e7eb97d879a4ab5

    • SHA1

      0b4d50b0b8afadc8b1921311a11c2f35867f9851

    • SHA256

      2149940c37938dd317c2b09d2a16d00535c493a8a8cfbe82d4b0c5ee1637759e

    • SHA512

      d3f0a7adf58e816e9d0ea03dd528e472697fe65e64cc9ecc299de9cbf6d3d56915af059e2751219b6e9df3dd73e011314f325b221ea7b17e53ca09a1b3092c94

    • SSDEEP

      6144:O12xr5viX/AHL+KcZG7FCfUcTq3ANxE4gq9BrLRf1JyhsaphmhuG9Z3:wCjHKBqFCfUcO3IZH2sOQQG9x

    Score
    1/10
    behavioral21behavioral22

    • Target

      $_43_/msvcp110.dll

    • Size

      522KB

    • MD5

      3e29914113ec4b968ba5eb1f6d194a0a

    • SHA1

      557b67e372e85eb39989cb53cffd3ef1adabb9fe

    • SHA256

      c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a

    • SHA512

      75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43

    • SSDEEP

      12288:FqULIc5nb9rywgfyhUgiW6QR7t5sA3Ooc8sHkC2eRxUH:PLHnhryLfBA3Ooc8sHkC2eRxUH

    Score
    3/10
    behavioral23behavioral24

    • Target

      $_43_/msvcr110.dll

    • Size

      854KB

    • MD5

      4ba25d2cbe1587a841dcfb8c8c4a6ea6

    • SHA1

      52693d4b5e0b55a929099b680348c3932f2c3c62

    • SHA256

      b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49

    • SHA512

      82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6

    • SSDEEP

      12288:TmCyHcMpK7QdgD+9Tr8r3FmJciMgLFWkA8qTWu+FVlofpJCjNdr12iqwZeq:TmCyHNIQdTryVmCipIkqTWu+Fr

    Score
    3/10
    behavioral25behavioral26

    • Target

      Games Bot.exe

    • Size

      303KB

    • MD5

      b86b218ca9f41950379aa204451830ca

    • SHA1

      86c90787860122f12aa2b20e3f33bb3c87e267df

    • SHA256

      724ff63a671cbb334eb4b0c552bf0a94b295e2aebf33d746a9dd55100052859f

    • SHA512

      ada881e1e881f6b9761dd51d5e156feefaddf5ccf137737f735144ed1098930310add5653211d571a624213d1833715007ca8792d0be306ab6be234e3fd82b0f

    • SSDEEP

      6144:KySxIlC1Ksx0HQnmz9L98OXLPJZ3tgbJBXw7x9d8:9eui6yO7PL3KNBOi

    Score
    6/10
    persistence
    behavioral27behavioral28

    • Target

      Modules/7z.dll

    • Size

      893KB

    • MD5

      04ad4b80880b32c94be8d0886482c774

    • SHA1

      344faf61c3eb76f4a2fb6452e83ed16c9cce73e0

    • SHA256

      a1e1d1f0fff4fcccfbdfa313f3bdfea4d3dfe2c2d9174a615bbc39a0a6929338

    • SHA512

      3e3aaf01b769471b18126e443a721c9e9a0269e9f5e48d0a10251bc1ee309855bd71ede266caa6828b007359b21ba562c2a5a3469078760f564fb7bd43acabfb

    • SSDEEP

      24576:TW+wsDaQw6DDz3qRyPnmGfrnvVUKueY8RmneWtJ:TasY6DwOBfrnvV7UeWt

    Score
    3/10
    behavioral29behavioral30

    • Target

      Modules/CmdProc.dll

    • Size

      77KB

    • MD5

      d5e8c34916e336059707fb4ce6e2eec1

    • SHA1

      dd5a99d82db7e7aff3cc36e0b1786bb88d100dc7

    • SHA256

      54c7dc535cf3ae05ea611064a299ae2b1f8585a7b18176bd2a9b5fc6fa29de4b

    • SHA512

      7d41c7e01bc6f52ca7208bc1f34ea63d0a2421b9f58a38710e08af9df342eff936982ac5b51a901eca54bc1682b45685bac2a63bb869b83fc88ffb92aa12b7e8

    • SSDEEP

      1536:IjnbTlsrG4nAy/VgDBZ34DkqUHr3hwe4iWiPUxhh6/3ribZ:c/OGLy/VgDBZ6kqUHr3hwe4iW4U16S

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Subvert Trust Controls

2
T1553

Install Root Certificate

2
T1553.004

Modify Registry

4
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

upx
Score
7/10

behavioral1

upx
Score
7/10

behavioral2

upx
Score
7/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

upx
Score
7/10

behavioral12

upx
Score
7/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

persistence
Score
6/10

behavioral28

persistence
Score
6/10

behavioral29

Score
1/10

behavioral30

Score
3/10

behavioral31

Score
1/10

behavioral32

Score
1/10