General

  • Target

    7a1b7fd28a1d853d454585f9a77d3b69_JaffaCakes118

  • Size

    11.2MB

  • Sample

    240527-w7666sef33

  • MD5

    7a1b7fd28a1d853d454585f9a77d3b69

  • SHA1

    265c0efbfc6147ae0f698473e348e62406d6750f

  • SHA256

    6cf77d2dd24c9a1c1564a1af270943b5b885a80e727248c3b29f51e5fd26f877

  • SHA512

    87cda1873c4e91907b84f8ad56306b7b39fc7d2cedbc1f7dc5fe8f4e5c98899181a4843fc0e1f8e66c0cce7d0f9cda4fa4165db76011b32d475c02ec9f297153

  • SSDEEP

    196608:sXY0UVGNAAyy9wd89cu43mqc2NhHqMHU8lcsR9y3igMwSGd:sXiIKNy9OT3XNhKvOPPgMwJd

Score
7/10
upx

Malware Config

Targets

    • Target

      7a1b7fd28a1d853d454585f9a77d3b69_JaffaCakes118

    • Size

      11.2MB

    • MD5

      7a1b7fd28a1d853d454585f9a77d3b69

    • SHA1

      265c0efbfc6147ae0f698473e348e62406d6750f

    • SHA256

      6cf77d2dd24c9a1c1564a1af270943b5b885a80e727248c3b29f51e5fd26f877

    • SHA512

      87cda1873c4e91907b84f8ad56306b7b39fc7d2cedbc1f7dc5fe8f4e5c98899181a4843fc0e1f8e66c0cce7d0f9cda4fa4165db76011b32d475c02ec9f297153

    • SSDEEP

      196608:sXY0UVGNAAyy9wd89cu43mqc2NhHqMHU8lcsR9y3igMwSGd:sXiIKNy9OT3XNhKvOPPgMwJd

    Score
    7/10
    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $APPDATA/Restoro/AV/avupdate.exe

    • Size

      1.9MB

    • MD5

      b4e681c7a94989c585e20e94a6d190e2

    • SHA1

      0135a34c15b292c1ddd76680de61d80903b1ecc0

    • SHA256

      b5c5a11a2c79dd9ec21389c74c7c3fbb60c12db8b368433735918d4c027e4734

    • SHA512

      0ba3e17085690eed7cc2dc14b838befb7fab73a490d03471d6d4fd8f072426cf1fc4b7bc369ee1d769a8cbe58f9c08bb4f8839062e48c6207ba28dac3c76e09b

    • SSDEEP

      49152:vPyinyRbwgfROBzNmal9u7UXHTimaPAp1c0yfe:vKiyG6ROBzNzC7UXD3

    Score
    1/10
    • Target

      $APPDATA/Restoro/AV/msvcr120.dll

    • Size

      948KB

    • MD5

      034ccadc1c073e4216e9466b720f9849

    • SHA1

      f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1

    • SHA256

      86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f

    • SHA512

      5f11ef92d936669ee834a5cef5c7d0e7703bf05d03dc4f09b9dcfe048d7d5adfaab6a9c7f42e8080a5e9aad44a35f39f3940d5cca20623d9cafe373c635570f7

    • SSDEEP

      12288:LBmFyjLAOQaYkxGXPfY7eiWWcpOKnpTVOIxhK765qlRRb6x4pI23IbJQV:dmFyjLF847eiWWcoGZVOIxh/WxIAIbGV

    Score
    3/10
    • Target

      $APPDATA/Restoro/AV/savapi.exe

    • Size

      347KB

    • MD5

      83a59836cce58fad338d8b6073acfaa3

    • SHA1

      2a524dee5989b30fa0ab9e6f1f16218673fbfb2e

    • SHA256

      c87c306f265ec4bba63eac865422fc924f044089bcf5572ccf96603ed26e37b0

    • SHA512

      ee26b11113ff377d95cd4be477225b5a366031a0eaad54b6e45a21c131366aeb374906ba0525a6cc6c45b28816b0d72d7a4870f47225938186b56c46f8c808fc

    • SSDEEP

      6144:jpCLGXpbRAPg2rrsGemB+iGGpf/3obGyQOima/ndzm2pmXZALMSnq0+ytpDsQ8cK:jpG9P3rsGemB+if/3ZBOdCm2pmXZArqX

    Score
    1/10
    • Target

      $APPDATA/Restoro/AV/savapi_restart.exe

    • Size

      79KB

    • MD5

      5642de8422a13f396457e9d46d45b4be

    • SHA1

      b52a7a935b49a07c68855a2f1dcb254d93d7607e

    • SHA256

      89acb4b9ea3425232ff065f8388ae27fc7628de378681b889aa1c3ff52e8a6f8

    • SHA512

      5197cd1e15f82184cc8fde095d757f627b16a24d6c55c09479894819b392687c766f9e28bf193a63c56db073226db8c972cb456ca6bae760b9b830e72e3c8df2

    • SSDEEP

      1536:SlCJsfaGIpynGLTApZHqwHXcHqhk5sWjcdRd//Pdg:SlpTvGnApZgwb//e

    Score
    1/10
    • Target

      $APPDATA/Restoro/AV/savapi_stub.exe

    • Size

      81KB

    • MD5

      d5e166d250289c7adf004a127fbaf563

    • SHA1

      482c9e5c500ef0cbaf56469a787ebf7fa92ff6a0

    • SHA256

      e93a1861e03a936cff71a730cf0df627b6febdbdd9f7958059e97f447fda5c05

    • SHA512

      a9ed849bc866f6edbe3652e926e893eeebc9868f7252292d8bd44a67b128f843bd891441a84ccf5869771feeecee9ad23f0093f8a382b17ed863aefd381071f2

    • SSDEEP

      1536:UtCfliQx+kc5mCKeUGbtC1q/HXv7U4KF4GgPxDDsQ8cN1UxHxSH:Utml3lzCP3I1uHXjUL0DsQ8cNoHxe

    Score
    1/10
    • Target

      $PLUGINSDIR/AccessControl.dll

    • Size

      8KB

    • MD5

      65d017ba65785b43720de6c9979a2e8c

    • SHA1

      0aed2846e1b338077bae5a7f756c345a5c90d8a9

    • SHA256

      ccc6aaf1071d9077475b574d9bf1fc23de40a06547fc90cf4255a44d3bf631ac

    • SHA512

      31a19105892d5a9b49eb81a90a2330c342a5504fa4940b99a12279a63e1a19ee5d4b257d0900794ff7021a09408995a5d12e95cc38f09cf12fb2fd860d205c95

    • SSDEEP

      96:18YNfTAJj9KMMVSyPg8uxZAQ/zdVJF/mSsQwV6i8zRRxqBt/FZTIVe7/cIH8ykeO:1XwKMMfPuxJ/zb+b6fR+bZEwywQ9

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PLUGINSDIR/DcryptDll.dll

    • Size

      156KB

    • MD5

      4c373143ee342a75b469e0748049cd24

    • SHA1

      d4e0e5155e78b99ec9459136acece2364bc2e935

    • SHA256

      b4b5772a893e56aa5382aa3f0fef7837fa471e3b3e46db70b8bc702f2037e589

    • SHA512

      569f92c3ff9a6e105cf9b3806d8b696442a5679dfa5d7c9362b0649a67cbea2478ca28a5da6c3bd0edacdb634509d8584c6959a4cc13c38d596458f372832f61

    • SSDEEP

      3072:etvFO3r5Unb7FQwdkb6ckt+bBwmhqKUuWxvt+9/dh:etvAtUn3ewWc+

    Score
    3/10
    • Target

      $PLUGINSDIR/ExecDos.dll

    • Size

      5KB

    • MD5

      0deb397ca1e716bb7b15e1754e52b2ac

    • SHA1

      fbb9bcf872c5dbb4ca4c80fb21d41519bc273ef5

    • SHA256

      720be35cd1b4a333264713dc146b4ad024f3a7ad0644c2d8c6fcedd3c30e8a1f

    • SHA512

      507db0bee0897660750007e7ce674406acf9e8bf942cf26ded5654c07682757b07c9eb767bead0966478abc554dc9a6461c4288dc35d12cacfadad4c128f1bb7

    • SSDEEP

      96:J++xDiP4p7t7dNOt3stxtRFFXxGD6qxlnKE6ttdH3r3:Rx9pJ7jQs5toD6Cln/6tt1

    Score
    3/10
    • Target

      $PLUGINSDIR/IpConfig.dll

    • Size

      118KB

    • MD5

      a75e3775daac9958610ce1308e0bca3b

    • SHA1

      d83ce354cde527c2e20fb425415f6d4795dd4cd4

    • SHA256

      fe2093ff4bfa1d7259c922aca1e7bb219c4d234e469942446d9e2f8086b7d720

    • SHA512

      48168a91ec90df262b1e158f32b4bc2a6d6ce10022eb96d4a6f3c755b977e5c104558626adaa214bda29d7f1d246f19e2df59b9a338982aa1c623e1bdd5714c6

    • SSDEEP

      3072:oa/4Ftm9rSlia00FW96LOsWNQmtQ9WVx95+tTIJ:t/4S9raiae8DSDtQ9W3utEJ

    Score
    3/10
    • Target

      $PLUGINSDIR/LogEx.dll

    • Size

      44KB

    • MD5

      0f96d9eb959ad4e8fd205e6d58cf01b8

    • SHA1

      7c45512cbdb24216afd23a9e8cdce0cfeaa7660f

    • SHA256

      57ede354532937e38c4ae9da3710ee295705ea9770c402dfb3a5c56a32fd4314

    • SHA512

      9f3afb61d75ac7b7dc84abcbf1b04f759b7055992d46140dc5dcc269aed22268d044ee8030f5ea260bbb912774e5bbb751560c16e54efa99c700b9fc7d48832c

    • SSDEEP

      384:w4NSXFjXCATBAQR4F1Y5u6I3wa4W7KNP66BjLjyXB0JyuDchv8EnohgSil2X:woaF+ATCQye/I3KWmxj00Jyb8Enov

    Score
    3/10
    • Target

      $PLUGINSDIR/RestoroUpdater.exe

    • Size

      602KB

    • MD5

      24ed74775f870e8499ba4e8905ee4036

    • SHA1

      947c7cf72adde8a14f615013a321f642e708dd11

    • SHA256

      00c602e1a1d16f1cc4d313eccdb7c759e26eb5e53ddca4ec8393c65ed9e1cbd8

    • SHA512

      2a4c957fd0c4d5cb691e54b13a39fbf9f9c63d77efa3a85cfb6d7ae933969bad236e6552c894d19c088c43b2d6f833b33d94af3842f377497b2d20fc06620883

    • SSDEEP

      12288:Z0gkNM73RT7E9YzewxnI3yPefQdScTaIPelOq8s+p8T:2vebhE0pnU3uScuIPW8E

    Score
    3/10
    • Target

      $PLUGINSDIR/AccessControl.dll

    • Size

      8KB

    • MD5

      65d017ba65785b43720de6c9979a2e8c

    • SHA1

      0aed2846e1b338077bae5a7f756c345a5c90d8a9

    • SHA256

      ccc6aaf1071d9077475b574d9bf1fc23de40a06547fc90cf4255a44d3bf631ac

    • SHA512

      31a19105892d5a9b49eb81a90a2330c342a5504fa4940b99a12279a63e1a19ee5d4b257d0900794ff7021a09408995a5d12e95cc38f09cf12fb2fd860d205c95

    • SSDEEP

      96:18YNfTAJj9KMMVSyPg8uxZAQ/zdVJF/mSsQwV6i8zRRxqBt/FZTIVe7/cIH8ykeO:1XwKMMfPuxJ/zb+b6fR+bZEwywQ9

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PLUGINSDIR/ExecDos.dll

    • Size

      5KB

    • MD5

      0deb397ca1e716bb7b15e1754e52b2ac

    • SHA1

      fbb9bcf872c5dbb4ca4c80fb21d41519bc273ef5

    • SHA256

      720be35cd1b4a333264713dc146b4ad024f3a7ad0644c2d8c6fcedd3c30e8a1f

    • SHA512

      507db0bee0897660750007e7ce674406acf9e8bf942cf26ded5654c07682757b07c9eb767bead0966478abc554dc9a6461c4288dc35d12cacfadad4c128f1bb7

    • SSDEEP

      96:J++xDiP4p7t7dNOt3stxtRFFXxGD6qxlnKE6ttdH3r3:Rx9pJ7jQs5toD6Cln/6tt1

    Score
    3/10
    • Target

      $PLUGINSDIR/IpConfig.dll

    • Size

      118KB

    • MD5

      a75e3775daac9958610ce1308e0bca3b

    • SHA1

      d83ce354cde527c2e20fb425415f6d4795dd4cd4

    • SHA256

      fe2093ff4bfa1d7259c922aca1e7bb219c4d234e469942446d9e2f8086b7d720

    • SHA512

      48168a91ec90df262b1e158f32b4bc2a6d6ce10022eb96d4a6f3c755b977e5c104558626adaa214bda29d7f1d246f19e2df59b9a338982aa1c623e1bdd5714c6

    • SSDEEP

      3072:oa/4Ftm9rSlia00FW96LOsWNQmtQ9WVx95+tTIJ:t/4S9raiae8DSDtQ9W3utEJ

    Score
    3/10
    • Target

      $PLUGINSDIR/LogEx.dll

    • Size

      44KB

    • MD5

      0f96d9eb959ad4e8fd205e6d58cf01b8

    • SHA1

      7c45512cbdb24216afd23a9e8cdce0cfeaa7660f

    • SHA256

      57ede354532937e38c4ae9da3710ee295705ea9770c402dfb3a5c56a32fd4314

    • SHA512

      9f3afb61d75ac7b7dc84abcbf1b04f759b7055992d46140dc5dcc269aed22268d044ee8030f5ea260bbb912774e5bbb751560c16e54efa99c700b9fc7d48832c

    • SSDEEP

      384:w4NSXFjXCATBAQR4F1Y5u6I3wa4W7KNP66BjLjyXB0JyuDchv8EnohgSil2X:woaF+ATCQye/I3KWmxj00Jyb8Enov

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

upx
Score
7/10

behavioral2

upx
Score
7/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

upx
Score
7/10

behavioral14

upx
Score
7/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

upx
Score
7/10

behavioral26

upx
Score
7/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
3/10

behavioral30

Score
3/10

behavioral31

Score
3/10

behavioral32

Score
3/10