dd3edd0a584fff1f7eadd86f868eeda95f05138caf70c5ba8d807af2f8390887

General

Target

69669d80ee67ca88c2c636c5f4e567ac_JaffaCakes118
Size

2.9MB
Sample

240523-ckxjnsab74
MD5

69669d80ee67ca88c2c636c5f4e567ac
SHA1

7854501a76d59ad31844330782db017b2d8ea8a5
SHA256

dd3edd0a584fff1f7eadd86f868eeda95f05138caf70c5ba8d807af2f8390887
SHA512

024a27a001c18276c7e6863119d3fbe72eb7157be9142bca5e1b058e52abf61648251896460a1c43ac02a8bf790201a1ed770ae37b2d20e4e2f01f7d9319bf4c
SSDEEP

49152:17HeAMVNwP8ne1BSGMrrBB1ZTH8QNPf199bs5FCIrMAZJln19Ot6kza3zwj:17HeVLugBB1ZTH8iHZ2CIrMWJb9Lw

Score

9^/10

Malware Config

Targets

- Target
  
  69669d80ee67ca88c2c636c5f4e567ac_JaffaCakes118
- Size
  
  2.9MB
- MD5
  
  69669d80ee67ca88c2c636c5f4e567ac
- SHA1
  
  7854501a76d59ad31844330782db017b2d8ea8a5
- SHA256
  
  dd3edd0a584fff1f7eadd86f868eeda95f05138caf70c5ba8d807af2f8390887
- SHA512
  
  024a27a001c18276c7e6863119d3fbe72eb7157be9142bca5e1b058e52abf61648251896460a1c43ac02a8bf790201a1ed770ae37b2d20e4e2f01f7d9319bf4c
- SSDEEP
  
  49152:17HeAMVNwP8ne1BSGMrrBB1ZTH8QNPf199bs5FCIrMAZJln19Ot6kza3zwj:17HeVLugBB1ZTH8iHZ2CIrMWJb9Lw
Score

9^/10

discovery execution exploit persistence upx
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Modifies RDP port number used by Windows
- Possible privilege escalation attempt
  exploit
- Sets DLL path for service in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Modifies file permissions
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fbe295e5a1acfbd0a6271898f885fe6a
- SHA1
  
  d6d205922e61635472efb13c2bb92c9ac6cb96da
- SHA256
  
  a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1
- SHA512
  
  2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06
- SSDEEP
  
  192:yPtkiQJr7V9r3Ftr87NfwXQ6whlgi62V7i77blbTc4DI:N7Vxr8IgLgi3sVc4
Score

3^/10
behavioral3 behavioral4
- Target
  
  $TEMP/TWUCSTRVZCTWUCSTRVZCTWUCSTRVZC.ps1
- Size
  
  3.5MB
- MD5
  
  67e1452131ae07c4b67762d3c302f52b
- SHA1
  
  d6329ac864341d9dd86ff9032df8912ec8c44c8b
- SHA256
  
  6416923da618a13311012632be2aa383a711c84ee182670e663e4bd8c6464950
- SHA512
  
  013ee8398189be291970c431be6cab9597e9c3650be44c8842bafeb90e2ac84dc720daf82f24bf67bab4564272fcb34db76b352923697095f9e4b9ed2a553280
- SSDEEP
  
  49152:RIUxx1Km3fApVfWdmS+KyU053ZBqoBcTq:Y
Score

9^/10

discovery execution exploit persistence upx
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Modifies RDP port number used by Windows
- Possible privilege escalation attempt
  exploit
- Sets DLL path for service in the registry
  persistence
- Loads dropped DLL
- Modifies file permissions
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral5 behavioral6