df5b4f8f0a459bb640a2a42028d9c9afd048d136ae98583d4040b01b07260167

Sharing

Copy URL

Twitter E-mail

General

Target

658f78184be7051163d1b46cec615012_JaffaCakes118
Size

16.9MB
Sample

240522-b4grwsgc75
MD5

658f78184be7051163d1b46cec615012
SHA1

ed7a15e0e7e6d6f1317ae30cb93a670a0072cf4f
SHA256

df5b4f8f0a459bb640a2a42028d9c9afd048d136ae98583d4040b01b07260167
SHA512

62545703ac72397dd98c4ced912f2379c398b9a48e2d78751df92e540e5b8ee4755c21c60ce767177b4078fdf199d0483c2ac4be90584546f7433304feb1b62e
SSDEEP

393216:GJ/oIL+cnAWGVuL4VmxXT5/WvTymGW2yoepd4Whbr:G+I6cAxoL4VmXuGmG4dWA

Score

7^/10

Malware Config

Targets

- Target
  
  658f78184be7051163d1b46cec615012_JaffaCakes118
- Size
  
  16.9MB
- MD5
  
  658f78184be7051163d1b46cec615012
- SHA1
  
  ed7a15e0e7e6d6f1317ae30cb93a670a0072cf4f
- SHA256
  
  df5b4f8f0a459bb640a2a42028d9c9afd048d136ae98583d4040b01b07260167
- SHA512
  
  62545703ac72397dd98c4ced912f2379c398b9a48e2d78751df92e540e5b8ee4755c21c60ce767177b4078fdf199d0483c2ac4be90584546f7433304feb1b62e
- SSDEEP
  
  393216:GJ/oIL+cnAWGVuL4VmxXT5/WvTymGW2yoepd4Whbr:G+I6cAxoL4VmXuGmG4dWA
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/EstUrl.dll
- Size
  
  181KB
- MD5
  
  2c5e13287d27b526c01aace7ea92be9e
- SHA1
  
  3b7895f3e3f9dfa9797d2cf04ad7d3d5548210e6
- SHA256
  
  986ea6d67ded7e67cefe739902194751643982293154ba496d4b5076e0df38e4
- SHA512
  
  51702649d7ccdfd90a1b7d06699d0791ed60fa2419013deda826cfbfac57231fb06000d1e8a3bf866459ad8597393cdf95e559f575dc51c236c3205c69bc36b6
- SSDEEP
  
  3072:p6ZhyGy8Xpc/PalncLix4janKxZSvQiPPWS:oMGDlnb4eE+j
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  a22f252c71eb36627fdb4cb0ef72eadf
- SHA1
  
  ddd8e4f52ebd6b72d03699dc612100bc8b9f5e19
- SHA256
  
  45f3afdf22da380bee78de92740e1e08050d03c74566ef886856a2266395fd6f
- SHA512
  
  00ff3ad2fcdaba9919b63d1252421f3d4077669f74a1629e816682fb5b460e14e2ededc6b6aefbc980f1133b2b01dfa172bc356aea4a98d966e5da9c423bb595
- SSDEEP
  
  96:DLzRnV/YfgGJ01uBgMkW0Shlif3YhGrPjsF6GjUoZ:DLz5BGJ0KdrifIessGjUo
Score

1^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  b666f31c4c24be1d4d47cfb55dd35f96
- SHA1
  
  fee917ead511a6c14538c72539fa740edc7d82c5
- SHA256
  
  07aefeeea75705edcc3a21ac7dc4b5b837c234c041b725c245b50a73ffabb78a
- SHA512
  
  6dd69a085b6b2a2671ec6545bae27a72151457ccd76c3bc43a4544f4910fd8791251fb08c2f068d54dd91a6093bed50a80afb68875a9ddf29ae43c42a7337bc8
- SSDEEP
  
  192:9zjFtTLkrepielWXsUs5RRvD4feuy9It2h8rGfgv:9PjyGqBfeuyeGYv
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/inetc.dll
- Size
  
  151KB
- MD5
  
  a27ca0b7decbed62dc940490290925c1
- SHA1
  
  0e65e3bba5745e7ed64a689ae0c4415a15c9e849
- SHA256
  
  60c5c8e25e722f26caf1ae905814d5fed733ccf61b60118fd07f2fff6331ad1c
- SHA512
  
  f2222e0f4515e52c2574454e7b81ef5574419b0b354daad34d40cd67f0478b813324bcefb00c08273a5b13699510aaa4d3e1b6e65e9c7153fd31d30a7479b04a
- SSDEEP
  
  1536:i/cKBfDRLVqoCHeTCMjzLB2gOF8LipwHm6adZ7ECXgdn7Hv1ewRHVsh+BhQ4AGRr:edBVLYeTjjz7Li1A7dVG+BhQ4AGRfOc
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsWeb2.dll
- Size
  
  197KB
- MD5
  
  d8113c015116547827b0cdc4869c244a
- SHA1
  
  82392f5483c6c175b3955cdf39aa87d550266ecc
- SHA256
  
  b7baa631014fbda8fdce67c8b660de8507aaee9b8c572d21746b3078341d3885
- SHA512
  
  907c61006a58dcafa812f03fa08b58814950f66e9019bfcc12eefc59b0f7ab2ddee040e2ab162b7e09c3f47cdc71c914307a6fe7b89e11033edea7131fc2f563
- SSDEEP
  
  3072:js1jmrert4EBLiFM1cKaWHcW8muKCs429ZSQStnB2:jsMaQNugi
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/workerExtension.dll
- Size
  
  549KB
- MD5
  
  e22882c6a4f464b95f0137dafedf18be
- SHA1
  
  11e845fb4d6c56c63814346c854e89b9138b2fac
- SHA256
  
  31c46010d24673fcbfcc0f17dceb5fd72520fc92b6a43ae987e35786a50961f6
- SHA512
  
  d9bc60317c64679f7e95142b10e154be014912aed551abdb871f94b5d14ac3c918b54b281b5f4fb2f00c1761c089ac56e2df8f99ddfb096a9af4a28d1cfdbdb0
- SSDEEP
  
  6144:T9OtxpIHIzSQigjfvod0vjzabFpM3wF7uJj8LV3p/2cW8BZZUWLB2r4FqDJTh6Hs:TIteCTM0vPIF7aU3pOb8BQGB2RWHTo
Score

3^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/zumlib.dll
- Size
  
  85KB
- MD5
  
  3805c8db069993af61fa1a24b434502d
- SHA1
  
  e836b37ea7ba70b3e6b422ece37996d002dd57fe
- SHA256
  
  62e84b770afcc88c9e99a392e9b073998edfc0a6a7f6edc6fe29e6e69f7f2941
- SHA512
  
  a32c1dc16047a6a08769357b12f6ac6ffe59f0781c109ab82db1d8416f0d03ee77e1d2ed369d90374fbb1776635bed586cc9330d4a2eb0098af9eb0fae20dad0
- SSDEEP
  
  1536:Wh9FwX44vMyxnEmlRYE4k9QybwLGluj+P0ooS:WhDwX4ctXUOQ3LGlW+P07S
Score

1^/10
behavioral15 behavioral16
- Target
  
  $PROGRAMFILES/ESTsoft/ALUpdate/$R6
- Size
  
  98KB
- MD5
  
  b0dd54b9afe10bc50cc964de89f25a39
- SHA1
  
  9669c482f53cc01c5372995489e58a80776b6324
- SHA256
  
  994cf7ec27f2b9c9782a9a7fa17097c97db7769a285ec5ea3418dbd67826a96f
- SHA512
  
  63766fa4ac6ee1ddb0d35ec48daf8030568d4697d94f49700e28f0135f5e0796c5b343814aa152af34d83ac02182fc9552a8d4b4c46532996b0dd93940d39722
- SSDEEP
  
  1536:Y9wWks/K2O6Nb6m2/pjcYBRMMa2VFL5kn1kwORfHRQ+hqw09V:Y9rJ/xOQblYt0gFLaF8xQ+hqLV
Score

1^/10
behavioral17 behavioral18
- Target
  
  $PROGRAMFILES/ESTsoft/Common/ezt.exe
- Size
  
  98KB
- MD5
  
  b0dd54b9afe10bc50cc964de89f25a39
- SHA1
  
  9669c482f53cc01c5372995489e58a80776b6324
- SHA256
  
  994cf7ec27f2b9c9782a9a7fa17097c97db7769a285ec5ea3418dbd67826a96f
- SHA512
  
  63766fa4ac6ee1ddb0d35ec48daf8030568d4697d94f49700e28f0135f5e0796c5b343814aa152af34d83ac02182fc9552a8d4b4c46532996b0dd93940d39722
- SSDEEP
  
  1536:Y9wWks/K2O6Nb6m2/pjcYBRMMa2VFL5kn1kwORfHRQ+hqw09V:Y9rJ/xOQblYt0gFLaF8xQ+hqLV
Score

1^/10
behavioral19 behavioral20
- Target
  
  $R6
- Size
  
  8.0MB
- MD5
  
  ab6dfa4cdb3fd26ff5a8ce0824025076
- SHA1
  
  1a47e7df53acb452459f709160226badf09eda27
- SHA256
  
  6faef3e9ea8328d1cdde268da085204ea944086b5f6ef9cfeb76171dad28a4b4
- SHA512
  
  0fe16e5f296485b1a9a6e2c98dfd88de20b887cba8424ac261a3bf71789a693192dac0c0a84d58c7299c296d6a35df795fdcae6c698de6bcd9cda4622939af39
- SSDEEP
  
  196608:FaOnqZLTH1og9oi8S9hcKTdJ2s2hfW6wT:wOqZLTH1og9oi8S9hcKTdnV
Score

1^/10
behavioral21 behavioral22

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Checks for any installed AV software in registry

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22