Overview

overview

7

Static

static

3

65c5ea1ebb...18.exe

windows7-x64

7

65c5ea1ebb...18.exe

windows10-2004-x64

7

$PLUGINSDI...rl.dll

windows7-x64

3

$PLUGINSDI...rl.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

1

$PLUGINSDI...nu.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...b2.dll

windows7-x64

3

$PLUGINSDI...b2.dll

windows10-2004-x64

3

$PLUGINSDI...on.dll

windows7-x64

1

$PLUGINSDI...on.dll

windows10-2004-x64

1

$PLUGINSDI...ib.dll

windows7-x64

1

$PLUGINSDI...ib.dll

windows10-2004-x64

1

$PROGRAMFI...R6.exe

windows7-x64

1

$PROGRAMFI...R6.exe

windows10-2004-x64

1

$PROGRAMFI...zt.exe

windows7-x64

1

$PROGRAMFI...zt.exe

windows10-2004-x64

1

$R6.dll

windows7-x64

1

$R6.dll

windows10-2004-x64

1

ALZip.exe

windows7-x64

1

ALZip.exe

windows10-2004-x64

1

ALZipCon.exe

windows7-x64

1

ALZipCon.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    65c5ea1ebbf5cb6b2df90edf4e220099_JaffaCakes118

  • Size

    13.7MB

  • Sample

    240522-dfkjzsac6t

  • MD5

    65c5ea1ebbf5cb6b2df90edf4e220099

  • SHA1

    951e2b02a242676160550a28c8c1b4e709b48f4c

  • SHA256

    9d6ed95597857927f0e7e6eb1495c4ec10fa74aced7efbc9199c4392be7585a6

  • SHA512

    a79d36b437d20e7bd5ecdc65dd77a00513277276e52d72651999e18f4e1d537a2e921d738a40efee9869acb2f056df4b7e591541b5401354dbdcc52f2e48401a

  • SSDEEP

    393216:q9n5iYmtRNVb1jwYN7QQ04yZDb8n53MGWq/u:q95i/tRNVb9wyQ7zoebH

Score
7/10

Malware Config

Targets

    • Target

      65c5ea1ebbf5cb6b2df90edf4e220099_JaffaCakes118

    • Size

      13.7MB

    • MD5

      65c5ea1ebbf5cb6b2df90edf4e220099

    • SHA1

      951e2b02a242676160550a28c8c1b4e709b48f4c

    • SHA256

      9d6ed95597857927f0e7e6eb1495c4ec10fa74aced7efbc9199c4392be7585a6

    • SHA512

      a79d36b437d20e7bd5ecdc65dd77a00513277276e52d72651999e18f4e1d537a2e921d738a40efee9869acb2f056df4b7e591541b5401354dbdcc52f2e48401a

    • SSDEEP

      393216:q9n5iYmtRNVb1jwYN7QQ04yZDb8n53MGWq/u:q95i/tRNVb9wyQ7zoebH

    Score
    7/10

    • Loads dropped DLL

    • Checks for any installed AV software in registry

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/EstUrl.dll

    • Size

      181KB

    • MD5

      ab6fc99aec69b6caa3566eaa1dbab451

    • SHA1

      1f6aad7e7ad4469707a873a3d549f44eceacc516

    • SHA256

      d924b3f323cbb9c81292c84b1e8e768ae9e25f1cc35f3aa775b0c5100eabb39b

    • SHA512

      b126e18f8738c5b6379818e79ac46b359e6afad60c4ae530d5d01649ab09e93b38574c46b4cfc33813a6723b6a257aececadcc07dd62382532037e65e1539aad

    • SSDEEP

      3072:hB+veiBP1HaqoGjjLiuTAzaejI7YvnLu3ScsHASI5dOHo:qve0oGjJ/tsHfI

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      21e61a7557b0e57ff9586cf91ef13662

    • SHA1

      536b62d9ded30b12fbee1868ec7d595ca06bd0a9

    • SHA256

      1e88a9c5dfe8a1ef6d3f2cd6c749228fba284425a6c7a777a9524aff54d85fed

    • SHA512

      a78db414522b12884c8d2ae3b86814980f9f157cfe75f2375434f1208678d9ce6301fa7cfd5ad8ab7420818dd3cc4fe975e6d985e27f0232341a8768e26d417f

    • SSDEEP

      384:aOz0RcZG+IWorTemIi6COLcvoFZCfzLZkWi:wcZ7YbHROU0Mf0

    Score
    3/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/StartMenu.dll

    • Size

      7KB

    • MD5

      a22f252c71eb36627fdb4cb0ef72eadf

    • SHA1

      ddd8e4f52ebd6b72d03699dc612100bc8b9f5e19

    • SHA256

      45f3afdf22da380bee78de92740e1e08050d03c74566ef886856a2266395fd6f

    • SHA512

      00ff3ad2fcdaba9919b63d1252421f3d4077669f74a1629e816682fb5b460e14e2ededc6b6aefbc980f1133b2b01dfa172bc356aea4a98d966e5da9c423bb595

    • SSDEEP

      96:DLzRnV/YfgGJ01uBgMkW0Shlif3YhGrPjsF6GjUoZ:DLz5BGJ0KdrifIessGjUo

    Score
    1/10
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      b666f31c4c24be1d4d47cfb55dd35f96

    • SHA1

      fee917ead511a6c14538c72539fa740edc7d82c5

    • SHA256

      07aefeeea75705edcc3a21ac7dc4b5b837c234c041b725c245b50a73ffabb78a

    • SHA512

      6dd69a085b6b2a2671ec6545bae27a72151457ccd76c3bc43a4544f4910fd8791251fb08c2f068d54dd91a6093bed50a80afb68875a9ddf29ae43c42a7337bc8

    • SSDEEP

      192:9zjFtTLkrepielWXsUs5RRvD4feuy9It2h8rGfgv:9PjyGqBfeuyeGYv

    Score
    3/10
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/inetc.dll

    • Size

      152KB

    • MD5

      f33493944b33bc82194d64fe4ed4057c

    • SHA1

      ee1905acdacb31398c5bddb80562e4850b2665a7

    • SHA256

      09790036c31481a93d0ec9601fbd7a0c70ce70aa020dbeaf4e10e4b12042679d

    • SHA512

      9e12febf0e66a0a269135fea061386180f251bb767943f8aa3fba8398fd54b3b4de28a1a781daafb2300b61216e2d597756bf403a608f0a37bfd8749a288fad4

    • SSDEEP

      1536:1Dc5IbWa6UzkT64jD9/Z2gi58LiKJoXdN7EC3/dL7HvteEhxsp+BhQzxcVaevh:hOIiT3j5PLilAq36+BhQzxcoeJ

    Score
    3/10
    behavioral11behavioral12

    • Target

      $PLUGINSDIR/nsWeb2.dll

    • Size

      199KB

    • MD5

      c76e67b9aa2f014a24702eb44aa5316e

    • SHA1

      a7b46b8bc1d379a02fa110cc408dfab22f77961b

    • SHA256

      68180cbe24f40f983583047cf8a0392307f21ddc0b459ee1654610852aa89504

    • SHA512

      be4f9b92f702fb0317f716e542d525c809a29880ebf84398d0f96859b77b5eb80704d55b55f0fcb3b2a48cbc416679a9727789ff947551f2e8c5fb3bb06e3d0e

    • SSDEEP

      3072:XKFoqBrrribYaLisz1gKJAHbUpE7CnoltUs5TMWa/S1T:XKC5d9AnMRS1T

    Score
    3/10
    behavioral13behavioral14

    • Target

      $PLUGINSDIR/workerExtension.dll

    • Size

      405KB

    • MD5

      a14794d427c2375166471c93a240dd73

    • SHA1

      dfe072501fd08496784af62b314cdb10cbe79550

    • SHA256

      f5b18bb25f67f08fbaf40328791236bca30ab18c642c9a66efc12d074724746b

    • SHA512

      65e3fabcbda798279bd24a99809363efc407c82209348feb18341f26990680de4de5eff6e746e642e69e9b78fb5308a8b38fca7c52cf584c709520486fc13906

    • SSDEEP

      6144:rG1SwZ6az959GnJdDEByqjNoJGwtYvhSf5mH4BhPgXhgKS4:rG1Y5cBy+SJrfAH4BhK1

    Score
    1/10
    behavioral15behavioral16

    • Target

      $PLUGINSDIR/zumlib.dll

    • Size

      85KB

    • MD5

      3805c8db069993af61fa1a24b434502d

    • SHA1

      e836b37ea7ba70b3e6b422ece37996d002dd57fe

    • SHA256

      62e84b770afcc88c9e99a392e9b073998edfc0a6a7f6edc6fe29e6e69f7f2941

    • SHA512

      a32c1dc16047a6a08769357b12f6ac6ffe59f0781c109ab82db1d8416f0d03ee77e1d2ed369d90374fbb1776635bed586cc9330d4a2eb0098af9eb0fae20dad0

    • SSDEEP

      1536:Wh9FwX44vMyxnEmlRYE4k9QybwLGluj+P0ooS:WhDwX4ctXUOQ3LGlW+P07S

    Score
    1/10
    behavioral17behavioral18

    • Target

      $PROGRAMFILES/ESTsoft/ALUpdate/$R6

    • Size

      145KB

    • MD5

      908ba889b47b30e2142335bfe3411925

    • SHA1

      3decfd4dbd4198b8a7cfe75aa4d8521255a58fdb

    • SHA256

      1f17a8c479d53b0934cef3833aa3f5b3bb446e19d95f08a305fa9986cfa669b4

    • SHA512

      de2a00fc8c1ae9127c790a7499299803fdb7d5be327a35e67ef734b0f6a02c422c239dd38a915aea9f060c234ca1b44c755d6fec012f4bf5d936ef7224ea8567

    • SSDEEP

      1536:7iiVo1k2K+Wy16rXsqRs992CoLUUk6qYYkqfhAQ+hapcy4O:7D+1fK6bB1oLU2qYkfhAQ+hapcy4O

    Score
    1/10
    behavioral19behavioral20

    • Target

      $PROGRAMFILES/ESTsoft/Common/ezt.exe

    • Size

      145KB

    • MD5

      908ba889b47b30e2142335bfe3411925

    • SHA1

      3decfd4dbd4198b8a7cfe75aa4d8521255a58fdb

    • SHA256

      1f17a8c479d53b0934cef3833aa3f5b3bb446e19d95f08a305fa9986cfa669b4

    • SHA512

      de2a00fc8c1ae9127c790a7499299803fdb7d5be327a35e67ef734b0f6a02c422c239dd38a915aea9f060c234ca1b44c755d6fec012f4bf5d936ef7224ea8567

    • SSDEEP

      1536:7iiVo1k2K+Wy16rXsqRs992CoLUUk6qYYkqfhAQ+hapcy4O:7D+1fK6bB1oLU2qYkfhAQ+hapcy4O

    Score
    1/10
    behavioral21behavioral22

    • Target

      $R6

    • Size

      596KB

    • MD5

      966b1a60441b4bc58085abd704e81171

    • SHA1

      a7f99c1057884e79d1c50e0e695e5c456606aed9

    • SHA256

      3fb5ef188c6cff4300f921f632c0331e5f95e782ef67fb487e01c3e791abbb6f

    • SHA512

      98b4c44ce79a38dfaae4ef0ba0a3e9793055a058fd5bbf8cdb8d6752fc1fa4c10e4cb378cfe885cac2853e4d5478f4bf84a513309ca595f97b0d0f9592d4573a

    • SSDEEP

      12288:l5smbNLzgFAq8a7o/8E7iFxVdOgv4p/pDIkuTdUNazEaT9/AlYgijm/gUoOAfjFw:rjNMARaE/xi02pAlYgii/gffjZ0C6PBo

    Score
    1/10
    behavioral23behavioral24

    • Target

      ALZip.exe

    • Size

      4.9MB

    • MD5

      dc5eca1bf313c85a67bbd9a0ba66c63e

    • SHA1

      349fbd48420e5b34056e5152161f6aa2a43b9a8a

    • SHA256

      82ab8376f293c6657220346a3a129736013474bc54abfe91ea2b58c6fb8c3e82

    • SHA512

      7ca43a2b65336aff1684e09208eec7908d710eaefdc36eb19a2f698d9833f59aa3a244ebdb4274b2fbab604be4d9a1dfba3cb444881d6e8617a83f189002ff44

    • SSDEEP

      49152:GxrS2otGlMYZa44gqjp9rp4cpeVJIYHW9b1zcTDTa1b2TjH1tsxpkwEIQ18WbRdq:Zol08qjilDI5gfQb20kwabC

    Score
    1/10
    behavioral25behavioral26

    • Target

      ALZipCon.exe

    • Size

      600KB

    • MD5

      4c254a6e29073dfd09dd516d54254915

    • SHA1

      ec68c91bce21ff235d57ad6846956bf468eb6592

    • SHA256

      f666f7548bee3dd9ee74632548a23e13fd9e0d45436ae089cef361e81acbcf5d

    • SHA512

      904d966f6c862aae491a989c1ae6829d8d971575d217fb5af005a6b0e7e32640c33f21ac595fc422d67aa47cfa425389b89fd724b3e9959644b7a2eb39880749

    • SSDEEP

      12288:JIgtJ2c8mEMg9qI4ECqzRbAs8ygqSkjyTRQlK0:JSm3sqiFbpcBkjydg

    Score
    1/10
    behavioral27behavioral28

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Software Discovery

1
T1518

Security Software Discovery

1
T1518.001

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks