809eb0570ba5abcd4ab012b354b4e1f0311eff595b1988ab0735bf1ab846e632

Sharing

Copy URL Twitter E-mail

General

Target

6784d2c968cbf944044844e8bc9f5b99_JaffaCakes118
Size

4.4MB
Sample

240522-rdb2qadh9z
MD5

6784d2c968cbf944044844e8bc9f5b99
SHA1

5d44f8a4e7eb1dcf1f21164a2b06c5aabc2af46a
SHA256

809eb0570ba5abcd4ab012b354b4e1f0311eff595b1988ab0735bf1ab846e632
SHA512

d13cded052a3634935ba4c408934e855381bcfbd5a8b898824d8fa5232831ab93168f7d36f307414b7635b97dac275b6c2b1d543ea4daefd911cab59fa85ec99
SSDEEP

98304:GNSMCNxtgFswUiBw7Qirs+3hKDEynEIPImRZtXy/kR7u0uTiooxhh7:7NxrEBaPlhKIaI6ZHUi/hF

Score

8^/10

Malware Config

Targets

- Target
  
  AcceData.dll
- Size
  
  666KB
- MD5
  
  993728ba26bff8b603262ae0daf65359
- SHA1
  
  ec7801d5355e8378e9338a25208ba52e2d936234
- SHA256
  
  27d91e5a31174c6c3ae898a3e255dab30d10e6b886f587cead94999821b59438
- SHA512
  
  e10bef4485987592be700c440ec06c3b64fd1fe6468ab7c2d04d96f82cf67781f4d1b281efb4777b752d5a4d4a5afac62dc08e3db879b17e62f2ac7ea6a220b6
- SSDEEP
  
  6144:g4Vfc8yCPWe/QTJdHNJi+DdKmHnObJl2Wd6ahUUUUUUUUUUUUUUUUUUUUUU5/KPs:Hc8yCup5NJPDddHn6JlZdOs
Score

1^/10
behavioral1 behavioral2
- Target
  
  AptNail.dll
- Size
  
  194KB
- MD5
  
  9f5231165f93a18f51ba2757ccbabee8
- SHA1
  
  0731b05779061b3fc5283c6f0a87a266bab8be98
- SHA256
  
  8dca2e25d260ddbd5536ac666b2c19335b4f7e9dd20f59988431c72e7a1df069
- SHA512
  
  cfcb1df3c03413a800d2c3c9a0099f3f289770c4d767831a62b54fc69ceb74851524059a88a4dad7246e8d13273f47710798fd22fb8f92f2452f4c8fe5292c1e
- SSDEEP
  
  3072:8N66hvEIB96KNCH/I2dOJq/HSsrXbJdY1loC5JpD5Bo3z6PyoCDln9I5imju0iWB:N63B96GCf6A/HfXbJdNcE3zwCDg44ue
Score

8^/10

evasion trojan upx discovery
- Blocklisted process makes network request
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral3 behavioral4
- Target
  
  AptRegIns.dll
- Size
  
  417KB
- MD5
  
  2b5ecab2001124dd954e78116dafa0c8
- SHA1
  
  bac5e989d52cde9482cc9343dd4a1223f39b644b
- SHA256
  
  97fec26ee0b538165fdf9de49149cf4fb726deb5e11dfb2efb35ec46077e33c3
- SHA512
  
  7c02122a1d854a05a2a6a2dbb259953d9c58483947a902911f440fd5ce566519263b680cd1dd89ccc45d512fadfa399b516d779b5d406fa92de078820daae69b
- SSDEEP
  
  12288:xRXLNgelinW9nSSEL3FLFs74HFoYZ+DcThf8RbmNsHrV2:5UHFLFFFLZqcBwqNn
Score

8^/10

evasion trojan
- Blocklisted process makes network request
- Checks whether UAC is enabled
  evasion trojan
behavioral5 behavioral6
- Target
  
  AptRelay.exe
- Size
  
  143KB
- MD5
  
  2d10e94899fcd7e450489ab41c987428
- SHA1
  
  bd984779aa389508e9b1e95122d213a7e26fddc0
- SHA256
  
  544f9e47a7b0d72e6821af9f040af96a2611e6baccd463a6346dceb5ba7ea45c
- SHA512
  
  0ee1711659d431922995e9313e550269d059780b7cb35be5ecdac5bcffc43b06f63c930a72040bd6e74b9108664888dc037d9cb5c45dcc823db3db9c9c75f93e
- SSDEEP
  
  3072:oS3v8ZDtaslZL9K1HI8TBphODpD8n/CTWmS:oIwtasjL9KxI8b+HA
Score

1^/10
behavioral7 behavioral8
- Target
  
  AptSpare.dll
- Size
  
  405KB
- MD5
  
  bd941e566e6eed6875560461f6c3e16a
- SHA1
  
  80066e6e93f5d7664ffeb1f9806041f2ef88a754
- SHA256
  
  a2614bed2fa14bb06d7d12be7c3c2934daf3201fb2b962c7adaee26c0cb1f4f8
- SHA512
  
  193eabea05f9a2bddd15c7ac8afe3c3198c1589b2deb728cefbf74565ecd3e7242bdf63dcb76cc4fc6bc8ffee38d22a7e2af5edc058edc458d4f47072a7f52e7
- SSDEEP
  
  6144:nAIIFAYzYF9CLa/GzrQBN22gDdP76XEx40e/Ixn9dVM45uJIZkNehX:DIvzYF9Ga/oWgDdmXEx40e/m9drEyDhX
Score

1^/10
behavioral10 behavioral9
- Target
  
  AptSpare.exe
- Size
  
  118KB
- MD5
  
  cc4b1354e518f62f8365f3cae4d60edb
- SHA1
  
  b95bfcf5923fa3c9a07e5625c18160d7095a1a6a
- SHA256
  
  2c9b3cfff81b5aed3946f5f3de76f65715a940a2a947bc43e9e14d7cec31b71f
- SHA512
  
  380ede255fb30f29d97fdbd8f178ca1b3d4303d1ef4bbcf6933d4b95ecf945e2cefd3fb7f8d0d5656daf00389e63752ad0b5807dace6db3e41e75cc510c0c561
- SSDEEP
  
  1536:juXbkBQuIjw8MIa3iFXdDANfTkdh3nKV3+yovmhLVnZPSb5:j0bvuIjw9Ia+N8qK3c+ZnZPSb5
Score

1^/10
behavioral11 behavioral12
- Target
  
  AptSpare64.dll
- Size
  
  502KB
- MD5
  
  4cf298747bf86da34db0a81bd9529519
- SHA1
  
  30983cae88cd515888ece2645acb50c98d3d4808
- SHA256
  
  9ad69b2d38ba433c46c6e8d6c8edeed704b418d2120514065ded0b5dd2b56b9a
- SHA512
  
  b144e64491062b5e97f3eb24357fb696a34a7293145dea5ec70a7276c7c5f7cb27611e1ce03167689f24ad6fee6de03a14dadca364fb36872c35433459c48e61
- SSDEEP
  
  12288:EvjyamDvcri4WYgeWYg955/155/HTugjzIcKTWBM:ujXmDvcriRTXHLK6M
Score

1^/10
behavioral13 behavioral14
- Target
  
  AptSpare64.exe
- Size
  
  133KB
- MD5
  
  ceaf20b7f1a1a45b99fb217160fa8b5f
- SHA1
  
  aca86cd4de60526779b3eb7cb771aea7b6490ca9
- SHA256
  
  2ed60aa82ad39fb0fc539af6cb8ab7e734f4c985bbc2dd4965685106d1b01395
- SHA512
  
  7ccbc838f28df1b483a0930b499f35b865efcb8a787dbd1a37b98687c735e551346560949822886748761582679a0abc4233d67bc7292a9a07ea27383e88c9b4
- SSDEEP
  
  3072:0MgeOWYg3OWYgWO55/uO55/6ggfHfm0TPmvnQ2YTkv4xZ0mYyjPFceaKsk:nkWYgeWYg955/155/69fHbTPmvnQ2YgY
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral15 behavioral16
- Target
  
  Fireman.dll
- Size
  
  198KB
- MD5
  
  c4e28c78e26d8c23107dbef593f7c0ce
- SHA1
  
  d42ad84875b5b8e05b9d771227971346d8654eea
- SHA256
  
  ed4dc120e9e80c31a4e3620dd0189b46f15a6c2a4f96a9965c8ce322bdec3ebb
- SHA512
  
  be4c030e42ea23f30007b0e428da79e6d0ad76eeb5a5bb1f445abb4cdf19698e7f35beb780725b3788b21fe79b5f5b91eb0d152e3eaa2133a13f12d3c8f9119c
- SSDEEP
  
  6144:ucIdZmDYdE/2qIN/0Ak+Ln3vJjXCuxJefcH:uzZmaqIhO+LnxjgU
Score

8^/10

upx
- Blocklisted process makes network request
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral17 behavioral18
- Target
  
  FunDodge.dll
- Size
  
  335KB
- MD5
  
  251ad4b2b6de2c275b5b7d8eb61f1a39
- SHA1
  
  fa166c8bdd90778d176063bbfbd34df5881da98e
- SHA256
  
  37191a0e4b8187a004485faaf5b9c98b3aa937cf4486b3e2b96e2b4fbf0016ac
- SHA512
  
  78b762889678d552da8de673579477c44107e445f97c98041535b74bcc795ea2f964a1c08bdda846bd9d4149fc1003ae0a406d5000e2d150b6549745a544df45
- SSDEEP
  
  6144:B5LvPYoPP72l8qEgK7j8ZdSxr7O3PYOOgNyi1bCMXOwyRnUf8:PLTTE8hgK7jqSxniPzOgNR1bCMXOpc8
Score

6^/10

discovery
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral19 behavioral20
- Target
  
  FunKoala.dll
- Size
  
  178KB
- MD5
  
  41d057a595aff657d385c2386272df6a
- SHA1
  
  ffbf6967a82271c1c1420e7338e4350ab32a64b1
- SHA256
  
  22aea66a3836428aa6a2fe70c9ecb8ae600abe4bc6336859335af7ae864a483d
- SHA512
  
  e1520d6dcca9960612d21d0842dcd8d0bc0fb8ef4b44e0a38db72483e3696c780a91f636bc5b15ba2edcc4fe868895960edb1c74eee7cb160395b5a494d12255
- SSDEEP
  
  3072:WC33nTadL6WEM2TfjeaXDKoOBS1Re37DYXPV5iuM0lLP4PQotiFwfG2sV:VHMLrr2TBDmBEw3F0B4IYizj
Score

8^/10

upx
- Blocklisted process makes network request
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral21 behavioral22
- Target
  
  FunKoala64.dll
- Size
  
  215KB
- MD5
  
  eb36b2f6ea7f89d08ba61075c8a37302
- SHA1
  
  fb983dbfe4b0cb5981bdd9cc4d319ebbfd85b399
- SHA256
  
  318a9b06f8739e3d778865c4800c443031d74e47fc866f159a4acb8b136c8647
- SHA512
  
  a98d64549caf32c432404a2540a88a6a9691e2ef7da9ebba314f8cf884685e5f753f26b3822e7138b12ff38f88e4423b11200acfa98087ea0256c7ac133135c4
- SSDEEP
  
  6144:LK/6cntv2KAM22WqmooDebfVXQpKeXaBtCEGx:eyktv2OWqf6+hQpOYvx
Score

8^/10

upx
- Blocklisted process makes network request
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral23 behavioral24
- Target
  
  FunSeed.dll
- Size
  
  191KB
- MD5
  
  2c9a406e8efc6cacd9a7ad9b1dfd9624
- SHA1
  
  0655d8a23dd58c69f3b507e86ec6cdca7dfcc046
- SHA256
  
  848910c2d6f8e639a2e01ece22757929c94536e480622f56de1080d8979604ca
- SHA512
  
  d76496d844bc5829788058dd4113491e0bb5f6b41a9784fc975d4046ed89ac5f82066dda9d872668ec73c069125e47489dee3e04fc0fa0ecff43d5d0856bd96a
- SSDEEP
  
  3072:ZBtP6wEYGpRfiaSXRC/JzoROOlt0ztbSYkn2fgWX1pfLcPPAL:prEvfmY/qBlGzQ7A11G
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral25 behavioral26
- Target
  
  FunSeed64.dll
- Size
  
  221KB
- MD5
  
  e0ffc8b9a174921ae62b3c157bfe5259
- SHA1
  
  96367161fa8e41a275a14ae0a5b08de22b965ac4
- SHA256
  
  37141f0bfa53a5a8fc9d8d7ee5592dca2be5bd9a121bd86ce62657de61f76467
- SHA512
  
  7fcd75efe904170b440093dda5651127b0040d8478d3e478ee1d4ebc849787e8c54c153fae4120877c2a91b6a541470330183cba84bc9ceb1fcf790bce292bd8
- SSDEEP
  
  6144:VfZHNlidWo1DvW6yK441rNhgdb4j3vtJoXs6znDO:fHNlidWGDv0z4FPrGnDO
Score

7^/10

persistence upx
- Registers COM server for autorun
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral27 behavioral28
- Target
  
  FunWorks.dll
- Size
  
  481KB
- MD5
  
  87c9936e5241d7fad0db1edee0b7415b
- SHA1
  
  33e9ec650610a39a7be73718af60515b830940e8
- SHA256
  
  9879ce05f338416a102fe9820f1d17a85df8b147f3ca3398e49bdc5856abb0ff
- SHA512
  
  2de678227a67807cd7b002de130327ee02a1f4843d065446a523acffa5cad79afd074e7344edc08d0def74735d4aa4d16b05af0e8b0b44c4b9f8cec157f9fa18
- SSDEEP
  
  12288:47UNkQGBCFuoXwLcVUPjuIC528CwohPiNd9CpDxxsnN:iBCXwLckuIS2dwoh6d8dxsN
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral29 behavioral30
- Target
  
  FunWorks64.dll
- Size
  
  608KB
- MD5
  
  23a092ffc43c2cda5bd9583f7baca348
- SHA1
  
  02656451c2fccda33cac69472db14d4416305077
- SHA256
  
  92e56ac1a495f7cd140ddb736df4901a324954c7ccae5f0b888a4c0bc07d2edb
- SHA512
  
  a98875b66af7936907b106c05a7a730c2b895cd890105414dba67757c0690d351b23e253478c877a1b4895c3d72ef3e93a291fcec86588c90fb5f0f7603299d5
- SSDEEP
  
  12288:DDTCwcubUeheVXN0yq+SGZt9PHe+yKSjhIFxJo/0M+nUBRuvEXLDxe:TCYDQ90s3ZXHsKSuFxJvjUQvEXn4
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Blocklisted process makes network request

UPX packed file

Checks installed software on the system

Checks whether UAC is enabled

Blocklisted process makes network request

Checks whether UAC is enabled

UPX packed file

Suspicious use of SetThreadContext

Blocklisted process makes network request

UPX packed file

Checks installed software on the system

Blocklisted process makes network request

UPX packed file

Blocklisted process makes network request

UPX packed file

UPX packed file

Registers COM server for autorun

UPX packed file

UPX packed file

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32