8ebd1b8741900582b4c72acf34988c2817d62a0756a4a21875c68dfe8714e482

Sharing

Copy URL

Twitter E-mail

General

Target

6677f79b02b931d2cd79b87f78bfcfbb_JaffaCakes118
Size

30.8MB
Sample

240522-javqnagc35
MD5

6677f79b02b931d2cd79b87f78bfcfbb
SHA1

8e6be2656fb3be42e3ac646e6346886935b3d2b4
SHA256

8ebd1b8741900582b4c72acf34988c2817d62a0756a4a21875c68dfe8714e482
SHA512

cb4ae791dd3cb61342918403c9659fd1b7ffa7e7eac7928ec39c503201fd2682fe97e7e5763fd7fee9eb092dafc40d0b637d5fc847e694a3146217167dbd2d70
SSDEEP

786432:cWOm6mEHrMgJFVncVv/O0ry/khP41Q7/UBS:cWLwLH41tl75

Score

8^/10

Malware Config

Targets

- Target
  
  bin/admin.bat
- Size
  
  52B
- MD5
  
  cea104d1e368afb91f061a80e6b0e6c1
- SHA1
  
  c59d8e932b807cadb392d7e6358ed03e19f77810
- SHA256
  
  41f1860f0938e20cbb5e6ef357e8ee860b11bc940eb1adebb8e59f16962011a9
- SHA512
  
  762186c286c078fdb3fac773080b44928974eddf9a186ae4bad57ebd38289135d226a249a1859a70ebc1453e2810b815275888dbd4a98e745c870c24678addb0
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  bin/instsvc.bat
- Size
  
  2KB
- MD5
  
  21e90735471f64b9b71b37c7d8492574
- SHA1
  
  05a2effac79c01bcb1f3798b11b542c63588d51c
- SHA256
  
  b1f3b4370fa8e86d8d86a7ee5dbaccaff73f6fc2f04b5ff43205751d1c152918
- SHA512
  
  f746d1fb930a77b36a3ffe8823abfcb8e7d81dbcd49e719e33ec82535a7464e4a0cb8df6b6ec5309e2bc7dab3dd21b02041bf88b668dad03c3578be1d2c7e053
Score

8^/10

evasion upx discovery
- Modifies Windows Firewall
  evasion
- Modifies file permissions
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  bin/ping.bat
- Size
  
  263B
- MD5
  
  62a26811014559b839c885cd2ac31fa7
- SHA1
  
  b3fe62360fa6229b9d9da820c545d6c9fce8c215
- SHA256
  
  e3154b30109f1cbd15de5a40e641105ab4b2d0f648abfc94c21fdb32ffc0fe6d
- SHA512
  
  3f9b5fd6b40aea56077a2b55da0ac246d598070e2c10b3ec0a211375b1eddbcc39dded18fc68d73dc1146f2d01f37a882187eb624f20f0c639221c0c4f8b9ed2
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral5 behavioral6
- Target
  
  bin/ping.sh
- Size
  
  154B
- MD5
  
  1dd8c660cd615887774b3251061cbc34
- SHA1
  
  fce28de6dbbb1191846a9505a27bc321b5f0f4e8
- SHA256
  
  8f23c2e3c800cfae3a665ccd2b751ec61774b9517fd75b988da2bfa6ee4eecd8
- SHA512
  
  258596eaacff67c756b3b23c81ded68c339be53ec30cfc5790bde7702372b324b83e9222d761382ba45cd62732574ab63a1b6d8b5909892bde1281d072ad7bf5
Score

1^/10
behavioral10 behavioral7 behavioral8 behavioral9
- Target
  
  bin/reset-acl.bat
- Size
  
  268B
- MD5
  
  d7698781da241057f3fc203363bfd111
- SHA1
  
  7e23cb9786be6ed7bfa1febb5609505f7b045805
- SHA256
  
  a11532199ea1196a148f394db97ee8ade0443543cad8081879b2826e1c0aa99a
- SHA512
  
  05be880649b6e7f6743bae35dd08e75b851ed13c200269cd41f70fbcbbce33794fef41fd0f9e08828ff448934f02bdd6c833534bee92d121f7960b2b30b85481
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral11 behavioral12
- Target
  
  bin/reset-acl.sh
- Size
  
  159B
- MD5
  
  1adcc997c8153363f8b51a399463805b
- SHA1
  
  6a064056d71bd3a3a0558ff50ed6970ee88c876e
- SHA256
  
  172be0dcc38fcd5470a158337cb184ccc69c647cb4fd91e5b272111181a570be
- SHA512
  
  ff538d7863fb15d69e06539e6f39179761e31d10af8d0e1e7e9269515a7cfa36711b65fd9474669b33bde1ace76f8bf84e23c332261748ed198ba3a1e58b675b
Score

1^/10
behavioral13 behavioral14 behavioral15 behavioral16
- Target
  
  bin/reset-pw.bat
- Size
  
  267B
- MD5
  
  e4922d1f584b9b4bc3a8a1941bdf97ca
- SHA1
  
  cf93a0aba5c46581f33950f2124c4e98c7b939f9
- SHA256
  
  124b8a9718908fff4b65bf64dec76ee2acf9d4b5235d8e0c945dbd1754c55861
- SHA512
  
  ca632bd3790cd6325b3112553f83e4af555d00e8b8aad2473cd59e736b441707dea404a87163ece908d502591e02252804894f712537654562ec002fcdf1414b
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral17 behavioral18
- Target
  
  bin/reset-pw.sh
- Size
  
  158B
- MD5
  
  47dc71556e26e5ed3d87ec0826ab2482
- SHA1
  
  2283bec65a53054a031baafde7b599d98a306d81
- SHA256
  
  07a7699744ede15b0fa5775266a83933d0f257cdbc422772188870d4827e9412
- SHA512
  
  1c842b7261b9bf1b7b43bf99fab74fd44f27aab242614efacb9ff0cc3a3df3556ff6681e4d90724e794ee1b86854b87205ec1ac4b470b9096ec79898cb99560b
Score

1^/10
behavioral19 behavioral20 behavioral21 behavioral22
- Target
  
  bin/shutdown.bat
- Size
  
  265B
- MD5
  
  ce9f268c1bbdeaac25d2e57d031b702f
- SHA1
  
  61c36889463c8ad334e610c9f806483097fea4fd
- SHA256
  
  71c0ff0cb2f9fd3ec0e6a65eb242f6b499c9832ceb3f403f0f5f680a02f882aa
- SHA512
  
  daf7d6c9e8f264824cb05ca51ea78a89c7d781ae757e0b2b1704107bca07bb6fca2145f555993a612c71f2c19e02d8fe7b9bfe2122c7a1a3c96ed85998703e9e
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral23 behavioral24
- Target
  
  bin/shutdown.sh
- Size
  
  158B
- MD5
  
  72cf8c9e6f90ae80efd8d80bf5cbde81
- SHA1
  
  eca47afb7475260cdf7b334657ef6c5cca42d9ba
- SHA256
  
  0fb06ebee8b087df1d034263a7c8ee3339504e84db0baf2eab676972e84f8a2e
- SHA512
  
  184e6ef131c6ffb5ad3516ab9080414ae277c834ee7a5e0ccec01deef5f6dfef14d6cbbf5c75a024f6e39dd7a4ea5464e9cdb8ee6736992b15721f4d81f11905
Score

1^/10
behavioral25 behavioral26 behavioral27 behavioral28
- Target
  
  bin/startup.bat
- Size
  
  296B
- MD5
  
  2d5ead0bc17c0fe49b448b03fb7ff49c
- SHA1
  
  72802803046cc748034b7723743f7a62efb9d4ae
- SHA256
  
  a8c6c55c0e1b71c82c685fa9edf0b9122f9e6648a21fac9d0cc61a0f2ee1a751
- SHA512
  
  639b4044d41004568df7a0475339da26dbf9d7836b6af28e49cc47e544f285d3b6cf4122e0fb47fcc4f9d3a5dc31c161284d903ca3a90d4e468f3aca059ac8f2
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral29 behavioral30
- Target
  
  bin/startup.sh
- Size
  
  481B
- MD5
  
  930c1a69ed2605f3a3510012f0e75d95
- SHA1
  
  632d054c84224828b7b3efd0ec8ab313c401ada9
- SHA256
  
  1b6c84468049fd06638a980c93684a538979e663e25e13b3e708bd4fd44e49ac
- SHA512
  
  0525ac6354e831c241dd471468b6e3779911cb7f3db0de1d6ae9c7ae3be6e062ecdc721d5ad941065ea7952c0236afff559619d011f983f965647f4e8e8ef132
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

File and Directory Permissions Modification

T1222

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Modifies Windows Firewall

Modifies file permissions

UPX packed file

Modifies file permissions

Modifies file permissions

Modifies file permissions

Modifies file permissions

Modifies file permissions

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32