Overview

overview

7

Static

static

3

6fffc035e5...18.exe

windows7-x64

7

6fffc035e5...18.exe

windows10-2004-x64

7

$PLUGINSDI...on.dll

windows7-x64

1

$PLUGINSDI...on.dll

windows10-2004-x64

1

$PLUGINSDIR/INetC.dll

windows7-x64

3

$PLUGINSDIR/INetC.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...id.dll

windows7-x64

3

$PLUGINSDI...id.dll

windows10-2004-x64

3

$R0.dll

windows7-x64

1

$R0.dll

windows10-2004-x64

1

$R2/NSIS.L...1_.exe

windows7-x64

1

$R2/NSIS.L...1_.exe

windows10-2004-x64

1

GPL.html

windows7-x64

1

GPL.html

windows10-2004-x64

1

filezilla.exe

windows7-x64

7

filezilla.exe

windows10-2004-x64

7

fzputtygen.exe

windows7-x64

1

fzputtygen.exe

windows10-2004-x64

1

fzsftp.exe

windows7-x64

1

fzsftp.exe

windows10-2004-x64

1

fzstorj.exe

windows7-x64

1

fzstorj.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6fffc035e5d489d2c315c28429cb38ba_JaffaCakes118

  • Size

    8.4MB

  • Sample

    240524-2etm9sdc9y

  • MD5

    6fffc035e5d489d2c315c28429cb38ba

  • SHA1

    898b17c401393b0d681d722ebd2e42e6ef536096

  • SHA256

    4035c29e2effbbb4dfbb5827791653f70d17d8064a536081a87875a784eee013

  • SHA512

    049faaefb6a759bb07c5a54c8838041b96394dbf4383d1997ca5ce20115cb96991d194f084b220c11ea7d74e4bcbd24843f7fbe73468e6dc230332bf956c731a

  • SSDEEP

    196608:vc1MzQkLFwRRJSUxNGzwSqwK9ibqw/4VtC4Tj53XKNpDkYsY:v+MkxP8ONGz3r4VtpTJKNpDsY

Score
7/10
spywarestealer

Malware Config

Targets

    • Target

      6fffc035e5d489d2c315c28429cb38ba_JaffaCakes118

    • Size

      8.4MB

    • MD5

      6fffc035e5d489d2c315c28429cb38ba

    • SHA1

      898b17c401393b0d681d722ebd2e42e6ef536096

    • SHA256

      4035c29e2effbbb4dfbb5827791653f70d17d8064a536081a87875a784eee013

    • SHA512

      049faaefb6a759bb07c5a54c8838041b96394dbf4383d1997ca5ce20115cb96991d194f084b220c11ea7d74e4bcbd24843f7fbe73468e6dc230332bf956c731a

    • SSDEEP

      196608:vc1MzQkLFwRRJSUxNGzwSqwK9ibqw/4VtC4Tj53XKNpDkYsY:v+MkxP8ONGz3r4VtpTJKNpDsY

    Score
    7/10

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/Fusion.dll

    • Size

      992KB

    • MD5

      a5c12c05bdf27bae1b3a72533fba9870

    • SHA1

      5166777425d54f736e0245fde84ed1579c7a85f8

    • SHA256

      28ff3b46225450c86b0edad6055d268350bc2b73895c38d91422bde66fe85220

    • SHA512

      59642bab17603aea522ea5cb3ea8bbdf4f74bafe53e41f8377472b303189ad1b91694d850d4cea11b89ce8672dbdd043fe07140386078b94a8f8d00f86b9a91b

    • SSDEEP

      24576:B9TaWFXS1rAYNWskpaTxlTzytTkpHkDwnWhJOhBO:Dzwc+Wsvt4BcXWLc

    Score
    1/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/INetC.dll

    • Size

      24KB

    • MD5

      640bff73a5f8e37b202d911e4749b2e9

    • SHA1

      9588dd7561ab7de3bca392b084bec91f3521c879

    • SHA256

      c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

    • SHA512

      39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

    • SSDEEP

      384:wv1j9e9dEs+rN+qFLAjNXT37vYnOrvFhSL+ZwcSyekzANZBJ:w1AvEs3HBLzYn29vYh

    Score
    3/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/StartMenu.dll

    • Size

      7KB

    • MD5

      8a8cf094137e9c56386d5cf84f936fd0

    • SHA1

      60a0cc212e5a1ce303a028f8ddafe0989c202b8d

    • SHA256

      2053d459f5ae1213eaba8ecae74671144c1af140660034b5af23c97818e2c789

    • SHA512

      d938cdb8aabeaf22ce573c4817eed2e8c235c5b4d9d3fb7139db6e8d9ebc73957425cfaa0ec119cc506bcf9c3ecc6b6393fff9278b8d873564148557df5cd9ec

    • SSDEEP

      96:A8dPIKJhMuhik+CfoEwknt6io8zv+qy5/utta/33lkCTcaqHCI:NZIKXgk+cx6QYFkAnlncviI

    Score
    3/10
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      17ed1c86bd67e78ade4712be48a7d2bd

    • SHA1

      1cc9fe86d6d6030b4dae45ecddce5907991c01a0

    • SHA256

      bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb

    • SHA512

      0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

    • SSDEEP

      192:eY24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol+Sl:E8QIl975eXqlWBrz7YLOl+

    Score
    3/10
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/UAC.dll

    • Size

      14KB

    • MD5

      adb29e6b186daa765dc750128649b63d

    • SHA1

      160cbdc4cb0ac2c142d361df138c537aa7e708c9

    • SHA256

      2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

    • SHA512

      b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

    • SSDEEP

      192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs

    Score
    3/10
    behavioral11behavioral12

    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      1b446b36f5b4022d50ffdc0cf567b24a

    • SHA1

      d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9

    • SHA256

      2862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922

    • SHA512

      04ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8

    Score
    3/10
    behavioral13behavioral14

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      42b064366f780c1f298fa3cb3aeae260

    • SHA1

      5b0349db73c43f35227b252b9aa6555f5ede9015

    • SHA256

      c13104552b8b553159f50f6e2ca45114493397a6fa4bf2cbb960c4a2bbd349ab

    • SHA512

      50d8f4f7a3ff45d5854741e7c4153fa13ee1093bafbe9c2adc60712ed2fb505c9688dd420d75aaea1b696da46b6beccc232e41388bc2a16b1f9eea1832df1cd7

    • SSDEEP

      192:o68cSzvTyl4tgi8pPjQM0PuAg0YNyoIFtSP:LBSzm+t18pZ0WAg0RoIFg

    Score
    3/10
    behavioral15behavioral16

    • Target

      $PLUGINSDIR/nsis_appid.dll

    • Size

      3KB

    • MD5

      19071761e91c43c115a16b52458869b7

    • SHA1

      75ddb807157f1aa31a08f87be0270f60990bcbbc

    • SHA256

      e9e1ba410636698d666b328eea71346b8287248d262e44da07ce8b5fa24c5e5f

    • SHA512

      bc0eab51cf27f657cd3fd62a47894ee13f3f561feaa565f16ba15088be39be73c9839a3cf35b538219ec83a03d48970b89258c5f20c37bcaf76438998437786c

    Score
    3/10
    behavioral17behavioral18

    • Target

      $R0

    • Size

      48KB

    • MD5

      259b414cd4a28dade048139a3507cb88

    • SHA1

      2b7ac7f5356add8151c312dcec80148ba420cfa6

    • SHA256

      55633a3d6b77a7d2279f4fe9e02ae4cb5b5bf34a23bfae7a119518c0ecef09e9

    • SHA512

      377fa37e3ea0cfde65833a21693acfdddadbde04c180dc9209c7b6592ac402f273b7181295338ed9333a42140e54700dfbbc7a430979cb2e7692ee7c869b8c93

    • SSDEEP

      1536:+D+6RdfLMf6OOOOOOOOOOOOrrBjw8PZ7M:gHRdT46OOOOOOOOOOOOrrxw8PZM

    Score
    1/10
    behavioral19behavioral20

    • Target

      $R2/NSIS.Library.RegTool.v3.$_91_.exe

    • Size

      5KB

    • MD5

      6d61b31b3ae37d7e5a2156110b030c8e

    • SHA1

      a778f06cd9e6935d952ec32e2548c88bcaec3baf

    • SHA256

      a0ada2db30ee5cd575246b4d1271c84f5540b776b3992954070de6c520518d83

    • SHA512

      14e64d71e49427c02ea1f3a378bc9656c8461c9f209e81629403faf99190b61ea4609bccbb3542db5c054b9f1c96470e9dae1b62e9a8d2588e32e1dc111e51e9

    • SSDEEP

      96:i/+/9C07iIn1gkZPkWNPitm1Q8cHYqnm/:l/9CqV1gckeitm1Np/

    Score
    1/10
    behavioral21behavioral22

    • Target

      GPL.html

    • Size

      15KB

    • MD5

      11e176c5e0120ee94e365f999084bce8

    • SHA1

      a612f6d40d0d2ae045d80b60bce6fb6f81a811ef

    • SHA256

      f7e89c1edbbef8bc837b47c48113a2416f1af0cfc2b2218da39085465ea1045c

    • SHA512

      d0532df4fe5e995df49f3e58127f5fc9637fc4f1afbb29e92ad16897c1055f77963277f5143458b9a294d1c24559bc594e0ae5469271ece639c8e66a5555d5a3

    • SSDEEP

      192:tiMUzQS+LrQWJz6Z6q6pdPIK8kV6AWRzdbDaz0pmN1rMbkBJ9R8/CmBHf3KWkc:tZUz5irJq6jIuV6fRzd3c0pmbMCzRLw7

    Score
    1/10
    behavioral23behavioral24

    • Target

      filezilla.exe

    • Size

      9.9MB

    • MD5

      2ac628e3fad3f0166d6776bf2c4ee09e

    • SHA1

      1ebde423161f049985c09f8d8b694178f62441f3

    • SHA256

      1aaf40ef07451bafdae8a143ec605413f4c1bbef48ff2fd06d7f5250633f7030

    • SHA512

      27e9037738c58c15125375bab675e1fc73655d768e559ec8a811f96cc0f0a670c90793b16aa3d5a5f9ba3962c546341083e64a133fe9b27aa715e0d27ab34014

    • SSDEEP

      98304:f3hRMz7WCKb2lWLgqIRkQOf88G87oycbzt1bnX+ri2GB/44+4U:fAzY2Uc9TLNz/nXWi2M4P4U

    Score
    7/10
    spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer
    behavioral25behavioral26

    • Target

      fzputtygen.exe

    • Size

      218KB

    • MD5

      3fe245e67c8079357eb53a5092a160ef

    • SHA1

      85da3db659d05cda4e3c1341f9e43b222e707667

    • SHA256

      57a132000668fbbe6e53217a983b74063bcb2d31b6cc58297f64f848a3a4045e

    • SHA512

      ec610469d168ef7bedea238c368bf65b8e9a0a6a463ea341868f72a707f520ba2ca7fc959a6d2eb4fc41e297519b537e76eb28144118854cd338a000fc063eb2

    • SSDEEP

      3072:iONQulPh2Qe+0ls4CcJscWbfrVAcnrVw0voMkk5l8lAXEMhsA6Llnq9ihHRsfHX5:ZF/pOh6oeH0ksA6Ldq9iRg+Ssut19

    Score
    1/10
    behavioral27behavioral28

    • Target

      fzsftp.exe

    • Size

      510KB

    • MD5

      546cf8e83784bab084716d7712ee6835

    • SHA1

      c846d939698e1829dcfc7ec8d65cf316cd9b5556

    • SHA256

      37dd32a57420758ebeb7a5a6e0debcd9933ddf06c9ca4cbdd8fd88a9bcac6ae6

    • SHA512

      e30955dfdd8c7452fbae6ddf4637b8fce5ed8c33e243a2e214f008548a9a0d9f3b1df230c6e74e71bc7fb8482ce0f00e053153ecaaeea665a3fb8349d556280b

    • SSDEEP

      6144:dAZbZdw6xa4nSvSChXxlfw3dBsJ5z9y+xYOuk4TdM9Cls60jJgX2mGETpgfDa6gQ:yZdW6DSKChH6fsJkPS9MrkkCr+mB

    Score
    1/10
    behavioral29behavioral30

    • Target

      fzstorj.exe

    • Size

      662KB

    • MD5

      af3cead894f613c638f02533bbb6a63e

    • SHA1

      b27385a0334feb18ff9a92d6cce9ae50e2449bc4

    • SHA256

      96917cded72ab5cb2818a0bc71bafc0cd8777f19c0904e9196013e67db6fee60

    • SHA512

      62d97e28838524ea12e474f2fb352197f65d1788aa504a0272bc7e28d6f005623895498f4f57f37a6828d70de4ded1e2a270f071d9ffef5d8de91d6851b5dd45

    • SSDEEP

      12288:ciYnS/eBa0YLDxWUeVFAMOHQIFtF2xGt6WuL4zCc1u/OolyzXRdVxmkCf:cVnS/eBa0YfxWUeV3+QIFWNZONDTmH

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

3
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

Score
3/10

behavioral1

Score
7/10

behavioral2

Score
7/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

spywarestealer
Score
7/10

behavioral26

spywarestealer
Score
7/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10