General

  • Target

    7b1e2e30115fdd17e80825bcb58216cf_JaffaCakes118

  • Size

    465KB

  • Sample

    240528-a14xkshb89

  • MD5

    7b1e2e30115fdd17e80825bcb58216cf

  • SHA1

    f32bf80a09a0f4c7fcbfedb813c475f83658a665

  • SHA256

    544dd232f4eb70fbfd04ebe99ec1e69d5813df06dcb8d56f5058a6d6d6d17da8

  • SHA512

    2db93265c4d69abc839e23bad127722caa6c5b288aab34a5237f2e106b045b28b0773960077d041bf64521a2fba221c29b35108fe080a1f6585b9738fe5c6406

  • SSDEEP

    12288:eeVz7cNqOQ/3AjTr7vHSujL6TciSgUvsG:dVz7cN0/3YrziT5HG

Malware Config

Targets

    • Target

      7b1e2e30115fdd17e80825bcb58216cf_JaffaCakes118

    • Size

      465KB

    • MD5

      7b1e2e30115fdd17e80825bcb58216cf

    • SHA1

      f32bf80a09a0f4c7fcbfedb813c475f83658a665

    • SHA256

      544dd232f4eb70fbfd04ebe99ec1e69d5813df06dcb8d56f5058a6d6d6d17da8

    • SHA512

      2db93265c4d69abc839e23bad127722caa6c5b288aab34a5237f2e106b045b28b0773960077d041bf64521a2fba221c29b35108fe080a1f6585b9738fe5c6406

    • SSDEEP

      12288:eeVz7cNqOQ/3AjTr7vHSujL6TciSgUvsG:dVz7cN0/3YrziT5HG

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Target

      $1/TablacusInstallerStuff.exe

    • Size

      104KB

    • MD5

      8a8ecd5494501a649b5e0bf1c6c9d64b

    • SHA1

      a8decedb5dd8964e6d754c8cc1f5fa6a6a1ba591

    • SHA256

      c577eaec822a6fd6c29a22cc1e19d63d4b99da26145be5c472536d2054347113

    • SHA512

      2a4dd8d15afcccc3b0a658dfcb763e6e2a8e94f47a538cd60309e6b771e598ab129d2d35a87c2ce1f3ecfdd0d61a82b2853e978b91714269814cc9543993cd3c

    • SSDEEP

      3072:vqCw+OsJumBW3YjVPs/H+Ua1YahrUT0+Gn2:v0xs74Wv3ZrDS

    Score
    1/10
    • Target

      $3/$APPDATA/TablacusApp/uninstaller.exe

    • Size

      39KB

    • MD5

      418b6ce751cb8033e9db8100c6aa309c

    • SHA1

      5651821f8d127f5dca458625f26d05cc55cc5c9d

    • SHA256

      1514e7d29c02443910fdbf4f4af6637a415304ceb3f34d53dbb1663571e1e2a9

    • SHA512

      eca359e568300e16382a0b9c6cefc443d2cdd055c333e54a05b50c9185c50b5dedff5f824ffc4cde2533fd150bec8747933c5a1667f59abd0abc01d9657b59de

    • SSDEEP

      768:2JKOdm9o29rJYypQJ2JQJXJuKU+duC1ZHQ0D3LHSGiVNuCJRnSb6Z:iTdm9B9lYypfMXvugHQ0DbLiNuhb6Z

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $PLUGINSDIR/nsProcess.dll

    • Size

      4KB

    • MD5

      f0438a894f3a7e01a4aae8d1b5dd0289

    • SHA1

      b058e3fcfb7b550041da16bf10d8837024c38bf6

    • SHA256

      30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

    • SHA512

      f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

    • SSDEEP

      48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj

    Score
    3/10
    • Target

      $PLUGINSDIR/nsProcess.dll

    • Size

      4KB

    • MD5

      f0438a894f3a7e01a4aae8d1b5dd0289

    • SHA1

      b058e3fcfb7b550041da16bf10d8837024c38bf6

    • SHA256

      30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

    • SHA512

      f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

    • SSDEEP

      48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj

    Score
    3/10
    • Target

      $R1/Tablacus.exe

    • Size

      347KB

    • MD5

      090cacc2a455fd516e56199761c26d96

    • SHA1

      055bcf7abb7fd5332dd9b33784ae380370a528c1

    • SHA256

      cc7001a8c2a49a448f99a7b1740bfc7a6e8447fbc061e4856cdb35c5b73b0ee8

    • SHA512

      4f8fe8d40a9baf2cb9084cf5767d646fa03db0486eb9a4de5e2b0596e010f95feaea96b4c005d0f0d7f49059b9276c3f83b6eb597f99ac71e26768324ae850c0

    • SSDEEP

      6144:mL92eofr1VBMUmNE2szMZb+6sNeM7cL3BH8Cmu5lEH4+KZIeJvZvvZ:mL92eofr1EUmNO6+neM7cFcdu5ly4jDR

    Score
    4/10
    • Target

      $R1/TablacusApp.exe

    • Size

      211KB

    • MD5

      e2bc6cb52f9e0b2deb712a962f0251e7

    • SHA1

      fc2318e70bc05f36176fbc542aa881277ea03b81

    • SHA256

      1dcc2b1788681bbb0f0838d2ac5b6b57b2e58cad5cd925a8af6d8348c1bbc34b

    • SHA512

      a6e809736fda2956f6a078d7c7c02d7eceefdf1630693937e79ea665ca4e9746e299ca3e1fd7268cbab07248275b13fe694f633f2b96eb68baa136a0fccd1ae5

    • SSDEEP

      6144:ikcb9FsodBkWIdEXlkNBKvCkRFEFEFEFEFEFEFPWL:VcwGm

    Score
    1/10
    • Target

      $R1/script/background.js

    • Size

      1KB

    • MD5

      5de308df677dc1796e504d815f163931

    • SHA1

      632289cba3f2e420594f452ce82e59accca71e17

    • SHA256

      66526024fd934aefedf938e18a32aba15d964f2c9ff266d2bf495de6b7c8b887

    • SHA512

      31c88570506c48af26b467b04fed1e5e65cb4f92278176a78577b180b02b9c41323e0dc6ee907ed3b253c26d553cf333b63bee0a4a9e20afd3c7d04e28c13731

    Score
    3/10
    • Target

      $R1/script/common.js

    • Size

      88KB

    • MD5

      257375f0eec0c8b964c9eb75e2279470

    • SHA1

      8e7b485203cc62fb4d8e439ea2a3e00d6a098542

    • SHA256

      78e1fbcdf67495c72ca943c75fe38ef61b1c45ed49115bfd46026fdbe0b002dd

    • SHA512

      abc1acf02e5bf1209b278bd65e647540b7d9a30a1a52ce78651c5d2dc39f77c247e3171672c26979f2cb64346424fa3eab25e30a092386a066baf58f76eb1c1d

    • SSDEEP

      1536:qgne9084nkn7p42YpQMwCnEU/KeyGEaVtbqbyTeRtfkImBLOLJBo0OkWLyhVBJLC:qhNC82PbqbyTK+LW4kLyGwIi

    Score
    3/10
    • Target

      $R1/script/consts.js

    • Size

      55KB

    • MD5

      18bfa5281a2dd4a2cb35fbf924702898

    • SHA1

      dd6faadceaca2d1e22548fcff96d49e60295b6a8

    • SHA256

      1631247933478916abbe4a6bc1e1432d04a7f4d3e159c1566e69ec872d0f11c7

    • SHA512

      8ae7a445fe2e601fedb4cf246fca4e22bccee5aa48d801437e095b81529f35af8b8955580796786866d751cf2b8fda3e494bc0d1d18f000c6e3374f6434766b9

    • SSDEEP

      768:l0ivNHI18/CF8wVg0hIL/QupMEerjC4xPmtDV:aiSCwO7TyVrjC4xPS

    Score
    3/10
    • Target

      $R1/script/dialog.html

    • Size

      1KB

    • MD5

      d800fdd62461179fd537c8c4669dd5e8

    • SHA1

      d44bcee9d9e63d50e8ed42be2ce1a3964870a5aa

    • SHA256

      4af54a319e8be177e2d48f4effcce3ca98c3bc564e3f46b4b7e14471fdfba1c9

    • SHA512

      e0670d9dee7e15520085d269224a4188f09fe753bf3041a9c1f0246771b1928c4fc644e17633a2e08fa02e4064518945afaaa6bdc098ee41288dda42854f5083

    Score
    1/10
    • Target

      $R1/script/index.html

    • Size

      4KB

    • MD5

      6f44e35e505abf551740619a53bd6034

    • SHA1

      97a24684f8672ff92bae90da19473a557873e2bc

    • SHA256

      cd99cbcc87c55ead5a5f6b419fb75c99e20a136f3cb2c4ecfd531c0ceb66810b

    • SHA512

      db991364462289d4ec196e3bb7ab7e9fc717796ea7664b6467b85e1e7d8cea8f94e9fc25809f757330b4909fd4711ed996fca7e814a8206b97741efd7ee82c02

    • SSDEEP

      48:pEJtNzTZcKxpKtoobr3NYWwSLDEa3ol54s:6VcY4oIdnivH

    Score
    1/10
    • Target

      $R1/script/index.js

    • Size

      85KB

    • MD5

      1eb9c1ad02dd42e433f950160dbceaab

    • SHA1

      f37bba095108056895444d9c7058ca3c3b50591f

    • SHA256

      6eb27a55957dcbeb1b3440f9cb004268c21dbe56493ef4222eedb7e975f43cb6

    • SHA512

      79474e515c5bcc59c09023217a5350d9c6c2a40f2414cf280f70aec84a156686e70898f40bb2c260f5927cb26e79bcf224d2e617f06442615d5a6f6898ccadb7

    • SSDEEP

      1536:jNfFm4eWHfI7h3Ip7kZF6Cjz7rgAMkfXIjtbJSZ:nmUzknHXCu

    Score
    3/10
    • Target

      $R1/script/location.html

    • Size

      16KB

    • MD5

      427ec659eedeb7cfce01a01eb7538c5c

    • SHA1

      84ae225f6b5703f0c6ade09079f2c90bcd7f888d

    • SHA256

      15234b2b8b11dae32c5bb3690daea94e77f2df9c12d5836cae7db8de211bd91b

    • SHA512

      3b3ab172ddce2ec434a92961ace48dac949ae1d975fcde39fc750da3c7df3c4ca1cd1bfd70f43f2a82568b30328c72f05a75d8046c2f1cba21f296bafcedbfe5

    • SSDEEP

      96:/28XzXAXZXyXALX1LXFXTX2XfFgLAi9QO5Ah2pvAJf/035y37okwWUK9yrv+1DhZ:IpOri9Qjh2pSf8E7o1PK9yaJe8OL6

    Score
    1/10
    • Target

      $R1/script/options.html

    • Size

      40KB

    • MD5

      8edc585907d23736b1e26fc98e594ed3

    • SHA1

      5e7b30d1e1a7ed1f1c70534dba260eb9828a4292

    • SHA256

      3c0eee433877c0653bebe24c64cf463839b59598c639a60f602e5f4490c21171

    • SHA512

      3c8fb6d2d0690263442490a6f7aa782a5dc0f93ddf983c383d1ea0ba8199882bd7654ab4e8e8d49adb30cb5a2e1144f5b606e0fad7d789bcf5a751cb94e37ac7

    • SSDEEP

      384:5FfEewwN2b9hnZ+XqLwoVnDpn4LfU0oI/V2X2wrX2+5X2zdX29sX2mxX2VtTSXN8:5yhhIqUoV+eVwmOJ+

    Score
    1/10
    • Target

      $R1/script/options.js

    • Size

      63KB

    • MD5

      7ed4cef0e4ea71f3557b801fc3f12bb1

    • SHA1

      e86de2089538bfd381f346cc215be24b911eec94

    • SHA256

      185d5333723e82029947b64d4691ca1ef8077f47c7f74900f701914a45e08f56

    • SHA512

      1eca72257c59412a9ab218313af408dc0048001545c6763025166922f203b3bce1911ea2b1ba8f2b665c258c33a250014cc7703f7f0aa959f29a32a43b6a2c63

    • SSDEEP

      1536:1EOqI9VotzZ9OxUXOv0nYT9r05ab5EHsZZKu3dXSpt1h04N+3HOE6l:1EOqI9VizZ9w05abDZSB+3uf

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discoverypersistence
Score
7/10

behavioral2

discoverypersistence
Score
7/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
7/10

behavioral6

Score
7/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
4/10

behavioral12

Score
3/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

execution
Score
3/10

behavioral16

execution
Score
3/10

behavioral17

execution
Score
3/10

behavioral18

execution
Score
3/10

behavioral19

execution
Score
3/10

behavioral20

execution
Score
3/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

execution
Score
3/10

behavioral26

execution
Score
3/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

execution
Score
3/10

behavioral32

execution
Score
3/10