1ab7b5aa280179b9f9550489c61512cbfd23219d31bbcbc9955340573323fd2e

Sharing

Copy URL

Twitter E-mail

General

Target

69d445073c9946ca0ae6e869e6d1e45e_JaffaCakes118
Size

10.7MB
Sample

240523-fr6mpsef97
MD5

69d445073c9946ca0ae6e869e6d1e45e
SHA1

d5562c06eae2c3452854b5e995fb366fd6886d10
SHA256

1ab7b5aa280179b9f9550489c61512cbfd23219d31bbcbc9955340573323fd2e
SHA512

a76abdd626b06a81f6f38623951dc29743718a5425389d49696661f0f9442221f78cd82af243485cf9dd5bc4b0fe9c2b8de78d6b53d32298e2761c2eaab493e3
SSDEEP

196608:iggGvkwt2HUK1hNQ7eB3cKyiF4KyfvHDIdlsiQTaTiuspSJHAkhMv87:iq9KIeBBFQ7ldnjkhMvY

Score

10^/10

discovery upx

Malware Config

Targets

- Target
  
  SS Tool [Extract]/Applications/Bucky Roberts 3.3.exe
- Size
  
  319KB
- MD5
  
  6fd6459944ac1e835fffa277fd86202a
- SHA1
  
  fa85d05895a13f2ed20a77125364225102822eca
- SHA256
  
  1c124b44fd78989b04d8d42d0ae7a0414e5018e9c33bfaf6b35e4a710c05a04f
- SHA512
  
  803cd10deb20fe4d65d3df444348f00ca67e3d339df30ea9925801ff9dc342df6accbac136e33c2580ad477ae5f315a0ecb9808e25f317b5252ef12b36dfb691
- SSDEEP
  
  6144:CWZhSnrhco3R2ktyxuYKCJAOgREblXO5:CsonrhcbktysWKmO5
Score

5^/10
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  SS Tool [Extract]/Applications/CheatDetector.exe
- Size
  
  183KB
- MD5
  
  ee9c8749cc266c1dd6a9e4cd6c383043
- SHA1
  
  98a9f8f9bd5c325c813e63f5596b6b84f9e32b72
- SHA256
  
  7cd1d198a0f047e3bebec1c1fbff331218f7c132f20a49413ee2048446808e2e
- SHA512
  
  28e5c1cc7f722b37f448fc1610fcab241a683bba147a27e5e3911d7b4a24fd710d41366469ffe2c824b7c5d9db9a545176f782328faee41e0336f205b941fd47
- SSDEEP
  
  3072:ui08qSCLfDE6VODGTk2Uu5Slpe2xrB7nn2igJfIV5yHQMHt:WvSCLfDfIGFUiUpeM4J0ywMHt
Score

5^/10
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4
- Target
  
  SS Tool [Extract]/Applications/Everything.exe
- Size
  
  906KB
- MD5
  
  a029ad63f747460dfeba48a9c9462211
- SHA1
  
  43ce04b65db11a897ce4419ea665214d395fae5e
- SHA256
  
  180ba07bd614cf53e420082c07b99d6f1a56cb431b262e3f9192594181fdacf2
- SHA512
  
  f1bafeea905df75554d1eb33fa1cd514a6dd6ee10b58c9101b9c71d70f78ac9a51b771cdabb9c3773007642da2bd62a4d90c408a1e4a3fdb76be8359a238e5b6
- SSDEEP
  
  24576:bDjBU1b3pWxk9GO+oOa2x09bmYYdACt+i6:jKdr9GOiD04Qs+F
Score

7^/10
- Loads dropped DLL
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/Everything/Everything.exe
- Size
  
  1024KB
- MD5
  
  9d54f3e5e4d102ab27e190cbec14b355
- SHA1
  
  cef77c5438a874cc0403a763f2be9e66859bfb71
- SHA256
  
  aecf6c3634557937f8ce2d353a3c3b1fc31e33cb66c2926add2c99756eb09f88
- SHA512
  
  52753b2685d946e38dde5d98e4c051f9596d1b11f61974a40f9b979e347cb69453af0ac711ef27241f608d412019b090333547d5d69657e58f853643023f6db8
- SSDEEP
  
  24576:enKnzrNPPgqBXy0J3O0b3KiDByC/Jdo0wIB/mVD58EXH+GVfl97T17/YB/0w/22S:enYz9b3KiDB7Uh9XH+Y/ge0iP
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  15KB
- MD5
  
  89351a0a6a89519c86c5531e20dab9ea
- SHA1
  
  9e801aaaae9e70d8f7fc52f6f12cedc55e4c8a00
- SHA256
  
  f530069ef87a1c163c4fd63a3d5b053420ce3d7a98739c70211b4a99f90d6277
- SHA512
  
  13168fa828b581383e5f64d3b54be357e98d2eb9362b45685e7426ffc2f0696ab432cc8a3f374ce8abd03c096f1662d954877afa886fc4aa74709e6044b75c08
- SSDEEP
  
  384:/MnT0MKT/Xwr2izZQ86mpAT8F9lN8Ov0J:EQMKzwTFnVX8i0
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  a1cd3f159ef78d9ace162f067b544fd9
- SHA1
  
  72671fdf4bfeeb99b392685bf01081b4a0b3ae66
- SHA256
  
  47b9e251c9c90f43e3524965aecc07bd53c8e09c5b9f9862b44c306667e2b0b6
- SHA512
  
  ccc70166c7d7746cd42cd0cec322b2adf4a478ff67c35d465f0f0f5b2b369c996a95557b678c09cb21b8311d8a91eed4196ddc218ea7d510f81464669b911362
- SSDEEP
  
  48:apTVWFeApYx2lxaKe3yfeEIWCGWNpBWLGGrx3pMt4z8mtJ7HofYZVSLa:RFG0xaKkyfjIWTW7BYrhSbmtJ7/V
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  bf712f32249029466fa86756f5546950
- SHA1
  
  75ac4dc4808ac148ddd78f6b89a51afbd4091c2e
- SHA256
  
  7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
- SHA512
  
  13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4
- SSDEEP
  
  192:0N2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Kx:rJoiO8V2upW7vQjS/
Score

3^/10
behavioral13 behavioral14
- Target
  
  SS Tool [Extract]/Applications/JDGui.jar
- Size
  
  8.4MB
- MD5
  
  fb2fc7abba5deb472ed3ee4b0fa5ac13
- SHA1
  
  35bec04dcf240d915da97f7a6522288155725163
- SHA256
  
  bdd2f3dc8750910e0d69378482cff57f2ff29d23983d1e55d266390527bd6b67
- SHA512
  
  04f59d0ec974009ca5141f7f7229862d8e084f7ecc5685825e2fa10c8539c56f5a81252f3c80e344453c75050b8fa0dc5fd5cb6b4bb9c6b845bac86ed31899e0
- SSDEEP
  
  98304:TKrU2GKgNrM2w43X2U2grOF6I4twkreik67HAmIwFF5XnfejLDuPekD+HcaunF1E:eU2dYrM2w43V3u6AlwF6jL6DUcauF1xK
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral15 behavioral16
- Target
  
  SS Tool [Extract]/Applications/ProcessHacker.exe
- Size
  
  2.2MB
- MD5
  
  54daad58cce5003bee58b28a4f465f49
- SHA1
  
  162b08b0b11827cc024e6b2eed5887ec86339baa
- SHA256
  
  28042dd4a92a0033b8f1d419b9e989c5b8e32d1d2d881f5c8251d58ce35b9063
- SHA512
  
  8330de722c8800ff64c6b9ea16a4ff7416915cd883e128650c47e5cb446dd3aaa2a9ba5c4ecda781d243be7fb437b054bbcf942ea714479e6cc3cef932390829
- SSDEEP
  
  49152:l9hfV/U5NkLXXzGZjt6kFTCVP6hWE0wvmk/eE+FrAl+NGsOSE6IX8pq:Dh9/ULkjKxtTGP6VZd2rAcvOSE6Nq
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral17 behavioral18
- Target
  
  SS Tool [Extract]/Applications/Schematica Reach Detector.exe
- Size
  
  6KB
- MD5
  
  d3221e6f1ec034e1ab9d8f6af90c3ad3
- SHA1
  
  3fcea9b400fc4e70e0b6e98fcb3460642f3cade9
- SHA256
  
  f3aaf5463c53ddc4ab9e4121509a8c59b82a3df29869df8ffa52cd52e5183c04
- SHA512
  
  68a66ffdf1dca8aae421dff822c7b1f384a8931b894406a4411a67007a9dd9f9bb2a30ea96fe2b108c0c135efe6c8445953096202bbdb1e5eaa734dc4d7516c5
- SSDEEP
  
  48:6QaDvZydG5kvzocDRul+ODYM/C6NMMMh8pNdOdtXh7kxMdHCNr0CtDOlgLvMKFyY:LG5k8cDRWR/hTbdOzsUC5WqLv8zNt
Score

3^/10
behavioral19 behavioral20
- Target
  
  SS Tool [Extract]/Applications/USBDeview.exe
- Size
  
  69KB
- MD5
  
  64818c04cf8a89b05d408025559b8b83
- SHA1
  
  1cf653bddbc66bff2242206311d9a0bb4573a05b
- SHA256
  
  038b483de4cdcab51293da079b257f4c0f5b453c5651d3c23bf662b67c521a14
- SHA512
  
  58572e6887afd051f7d348fcc38b5ab3f276e79ad675164fb08e42f8bcce386feae1b02c4cdbfdcae347027724ca3dc65e52199332b0c92f896635bcb7cf9192
- SSDEEP
  
  1536:7oxq2OWrfpmDAlYonYPjZ/DjrIaLmb/EscPzTP+EIKbp5OhgNAL2DrbiZ:7x1kfpmDAKonmjZ/DjrIc/scPzLZIV+G
Score

9^/10

upx
- Nirsoft
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral21 behavioral22
- Target
  
  SS Tool [Extract]/Applications/Xray Pack Test.jar
- Size
  
  4KB
- MD5
  
  650a98101c915979caaefff531ccc684
- SHA1
  
  946be0460303245dfb1d6ffefa8e25b5ca18bd03
- SHA256
  
  0733304d982e64612ed2162299f4c8ae7a8a45072fbe98d998e641d7c24208c3
- SHA512
  
  a1e5f75126298a20a6be1ca6a455861f60ca48ecfc1d54d1c3799d7382ef97c38924d822b8f99844b59f4479d4b794daa9cfa6371a396e42cb5e4031cb8e26c4
- SSDEEP
  
  96:t2nvgzcmy5lhohAgN9SMQBJVLrIYXSTpUOv+BX92k1vvJ6wbb/ia:t2nYgmy5lhohAUSXVLrI3dU/+Uvx6wbl
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral23 behavioral24
- Target
  
  SS Tool [Extract]/LastActivityViewer/LastActivityView.chm
- Size
  
  19KB
- MD5
  
  81898df81a0e0b7c27abc24301acd378
- SHA1
  
  852dc69296d74282045a5b0e87a57d8532c762d8
- SHA256
  
  586630d1a636e0522ab953ab04784906f18b35ddfd4b6c2ef5d15b6a8a2b2311
- SHA512
  
  43674211aad464e7aeb73aa675434855091edafa4c1bd78dca49ebc9af48fb5921d3af7ba9136770652492cd7960b683519a7186d80a585c9f4f68984e9b42b7
- SSDEEP
  
  192:H7BjPFrmc/LqcWSwrfKEiLWBceVhnJbvPbT6OVzWay2M0Ao7g9gwlsvZDXdRF0:H7BcwPwrfKL6BH3bGOO2Z1g9gH3F0
Score

1^/10
behavioral25 behavioral26
- Target
  
  SS Tool [Extract]/LastActivityViewer/LastActivityView.exe
- Size
  
  122KB
- MD5
  
  f94427f289819c831207cb83db695700
- SHA1
  
  0a4cd2ea25a367a0df9b51334381596ea01afe14
- SHA256
  
  c5b25c15362003468656f9e7b11434e4743c4a0eb1a1ef61b0e9d9d42a8aab69
- SHA512
  
  a556ba69d41bd49c95d78100b387f4f8af66f388f2a92df815c23854be3d3dd8b4a5801eb75b8c6d4b9fd3d6d2757591c45fcafcc5bb9c11ce39e3ac082882c2
- SSDEEP
  
  1536:WUkw0dXNQ9FMXY2fO6OqYMLbz5+a4sk0wtSJazjc2shDW1v7aH5iqbiQ:UTHQ9FMXrfO6ObM9V4MwtQQL1v7I5bX
Score

4^/10

discovery
behavioral27 behavioral28
- Target
  
  SS Tool [Extract]/Shortcuts/Prefetch.lnk
- Size
  
  1KB
- MD5
  
  02272c81763b24ac2a29754b80542846
- SHA1
  
  ec4f19765a447a6ad8d68be6d9c984d8d961c37e
- SHA256
  
  7bc4beb9d57a054d430656890588ac6933da876995a66b6632b43b4146339dda
- SHA512
  
  a616d8d4f661bc4598348586d7298cd31ad139cb7994e88d7dcf1e167a7e4815adafe1b3e36898a4a363df8a2f9f3e1178c16e3d060c699a28986584d0009dd9
Score

3^/10
behavioral29 behavioral30
- Target
  
  SS Tool [Extract]/Shortcuts/RECYCLE BIN.lnk
- Size
  
  814B
- MD5
  
  78cbe41143bd8485e680f9c8fdd9657e
- SHA1
  
  f56888b4d5d5f64058132da953bf86a2fc37d79d
- SHA256
  
  7805f22d8d98b7f8c4c62f0f0395e3030e274a2468038d3b9fe5ba64c7ffd2e2
- SHA512
  
  21e2dd23de0c05ebe7693b513a9703ed54e7aaf167316af4b66ab48eda64d1817fe1f38f562cadefbf460820c514dbb3fa19c3b8279f0f98d968b65be41f4e9a
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Suspicious use of NtCreateThreadExHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of NtCreateThreadExHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

Loads dropped DLL

Modifies file permissions

Executes dropped EXE

Loads dropped DLL

Nirsoft

UPX packed file

Enumerates connected drives

Maps connected drives based on registry

Modifies file permissions

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32