Overview

overview

7

Static

static

7

80ede1662b...18.exe

windows7-x64

7

80ede1662b...18.exe

windows10-2004-x64

7

$PLUGINSDI...el.dll

windows7-x64

7

$PLUGINSDI...el.dll

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$TEMP/SDM1...er.dll

windows7-x64

7

$TEMP/SDM1...er.dll

windows10-2004-x64

7

$TEMP/SDM1...es.exe

windows7-x64

7

$TEMP/SDM1...es.exe

windows10-2004-x64

7

$TEMP/SDM1...er.dll

windows7-x64

1

$TEMP/SDM1...er.dll

windows10-2004-x64

3

$TEMP/SDM1...er.exe

windows7-x64

1

$TEMP/SDM1...er.exe

windows10-2004-x64

1

$TEMP/SDM1...ll.dll

windows7-x64

7

$TEMP/SDM1...ll.dll

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    80ede1662b42a7b11aecfda957382ac2_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240529-qymtaaha69

  • MD5

    80ede1662b42a7b11aecfda957382ac2

  • SHA1

    cd6535588a45a3ef117ba780e8de10b749a166ac

  • SHA256

    6b7eace348b11fc8fb50a6e40492839972dfda5853ed83d86f73c9017af01089

  • SHA512

    c3235151a3887948a63d89a25e56801176d7e65a5a6a6b9421fc92bebf67db666af24018f8643ae7a23c0157cccbfa46d539c15341ba0d1fbdf4959e994c6d83

  • SSDEEP

    24576:FCXXvmjWP/UVldr7wh3dsT8FRZuzslwXpdy2NZQ6yHp4PZwfQ95a3gm:oXFHmr0NsEuYA82HEHiPZwW5awm

Score
7/10
bootkitpersistencespywarestealerupx

Malware Config

Targets

    • Target

      80ede1662b42a7b11aecfda957382ac2_JaffaCakes118

    • Size

      1.2MB

    • MD5

      80ede1662b42a7b11aecfda957382ac2

    • SHA1

      cd6535588a45a3ef117ba780e8de10b749a166ac

    • SHA256

      6b7eace348b11fc8fb50a6e40492839972dfda5853ed83d86f73c9017af01089

    • SHA512

      c3235151a3887948a63d89a25e56801176d7e65a5a6a6b9421fc92bebf67db666af24018f8643ae7a23c0157cccbfa46d539c15341ba0d1fbdf4959e994c6d83

    • SSDEEP

      24576:FCXXvmjWP/UVldr7wh3dsT8FRZuzslwXpdy2NZQ6yHp4PZwfQ95a3gm:oXFHmr0NsEuYA82HEHiPZwW5awm

    Score
    7/10
    bootkitpersistencespywarestealerupx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/SelfDel.dll

    • Size

      5KB

    • MD5

      e5786e8703d651bc8bd4bfecf46d3844

    • SHA1

      fee5aa4b325deecbf69ccb6eadd89bd5ae59723f

    • SHA256

      d115bce0a787b4f895e700efe943695c8f1087782807d91d831f6015b0f98774

    • SHA512

      d14ad43a01db19428cd8ccd2fe101750860933409b5be2eb85a3e400efcd37b1b6425ce84e87a7fe46ecabc7b91c4b450259e624c178b86e194ba7da97957ba3

    • SSDEEP

      96:NdekHUj5z13cPopei+Ml9PNDFbS7xg+TScrQ5:NdeuU9xcPopr+M9FbSS+TSE

    Score
    7/10
    upx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      a436db0c473a087eb61ff5c53c34ba27

    • SHA1

      65ea67e424e75f5065132b539c8b2eda88aa0506

    • SHA256

      75ed40311875312617d6711baed0be29fcaee71031ca27a8d308a72b15a51e49

    • SHA512

      908f46a855480af6eacb2fb64de0e60b1e04bbb10b23992e2cf38a4cbebdcd7d3928c4c022d7ad9f7479265a8f426b93eef580afec95570e654c360d62f5e08d

    • SSDEEP

      192:aVL7iZJX76BisO7+UZEw+Rl59pV8ghsVJ39dx8T:d7NsOpZsfLMJ39e

    Score
    3/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      14f5984b926208de2aafb55dd9971d4a

    • SHA1

      e5afe0b80568135d3e259c73f93947d758a7b980

    • SHA256

      030bcfa82e3bb424835a5fa53a3ff17ab08557d3bbeea4815313036fc4bdafe1

    • SHA512

      e9ec97dd57ead871789d49ed38d9fde5f31d3cb2547810cae49a736e06b9f9b28cf8efea825eb83c3e07d880ee798abfb9069c6957416d5973c83e4531814e27

    • SSDEEP

      96:k7GUaYNwCLuGFctpiKFlYJ8hH4RVHpwdEeY3kRlDr6dMqqyVgNJ38:Wygp3FcHi0xhYMR8dMqJVgN

    Score
    3/10
    behavioral7behavioral8

    • Target

      $TEMP/SDM143/ExentCtlInstaller.dll

    • Size

      94KB

    • MD5

      b7ad06c57419ed74fff4872b8693c353

    • SHA1

      753e6a6f55503ff14f243e07c80915df445d8efa

    • SHA256

      fa4601e6048ca661536882e91e9756526de719c5db298f5481f892c121200a66

    • SHA512

      838c9211fef9de1706409b8304ed43236d4b3dbfa551c56d51f15c4c31e18a2a7f64722ef4c6c291768ecf7ca40d9ae1ec08f3afab4979323a66caeb3452aa8f

    • SSDEEP

      1536:JyrB9NViYoJ3w1NjSzF5yfBsiZpsVI2TFQblrjgZYBmmlNL9bnouy8/:o9eS3sF5EsuyQgp2out/

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral10behavioral9

    • Target

      $TEMP/SDM143/Free Ride Games.exe

    • Size

      503KB

    • MD5

      dc7b5f12c7ff9af697203cb0c59a3516

    • SHA1

      1769c4f64f8ab818a797e3fa1e5331a50ffdd678

    • SHA256

      b07ca37c2938966d2290c8b76f039febe8da9a919ad235b8eedaa583ce991b92

    • SHA512

      904ae1dc91e5315f05be5cd7239f3fc4d3702b8c78dfd93d76b64d1cc1d7051aa005de2c69e5a8654eae8131dbd3d80c66f6e33d7c8b097972285405a5799350

    • SSDEEP

      12288:Q/1wvJbps7IlWti1FacZ4I8zvk9ZqxGC5Ppy2NNoSYt:Q9wv1psV8F3ZQzM9wFppy2Nk

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral11behavioral12

    • Target

      $TEMP/SDM143/Splasher.dll

    • Size

      469KB

    • MD5

      a6a8f89250cdc734a163868a0f5cccea

    • SHA1

      6ab06aaf1e795bc1a72c8095708568cf2d3bed38

    • SHA256

      7868cec689ba10bb6d8a5a1abc0508183b817e5814fc504e090e104dd7d37483

    • SHA512

      7991d28467ee0a896e304d18c7fc4caac9e9ac2f57198313d5688ddc68e22ae80447c92a097b5e4ed6ff86a90df607ff1ffa61c07082f85b5f222b07aa4a7ca2

    • SSDEEP

      12288:xI2EL1NaycNyL+kNmQLnmQtMleiQ8Zceqw:8TayPLDltMUiQ8Zceqw

    Score
    3/10
    behavioral13behavioral14

    • Target

      $TEMP/SDM143/cmhelper.exe

    • Size

      234KB

    • MD5

      2c3c18baaee7775b6d588cdf1529e528

    • SHA1

      88fa58fbabde59e80c96e7676730ca40d1649b9a

    • SHA256

      9c980d85903561c44f84faaee80d911bf3c9ef9d238fe69b7ccc6998d0fe9232

    • SHA512

      4b69953b02d5c810003eb938da85b51b4906c48e48f441175a3ab76b6e8e5dc293ee683a9c90503b3db4ae72cd6557b8609dc1f4fefc82322f946a7072208348

    • SSDEEP

      6144:lcF3h+/MWLriz/BaQKoiQH22uhJFJoaMOKFNgv5x48yH2geFELNtgd:lcF3h+By/BaQKoiQHa7oG/Fhd

    Score
    1/10
    behavioral15behavioral16

    • Target

      $TEMP/SDM143/resourceDll.dll

    • Size

      171KB

    • MD5

      0c395ce6f6961054219b6d34927f8903

    • SHA1

      55fd653c8f6d1253e221d49f1dd097ea73262d55

    • SHA256

      e31a495075247fba426b5a4928560a578eaab44f828a2fdca496a05589509352

    • SHA512

      e6b2f487eea8c5687a41ad58d955cb67b48881a728eb84f730a1d8ec50057bf80f77a21e22ad977673bff9d783deac02ebeab7252ccc7f98b3ecc34486b2b67b

    • SSDEEP

      3072:GZY/h+iA4GaJfGZK2MiMq5dpNQA2Wj5vHKJA+KCbxQ9w9ZcnPfout5zes5Cq:wWwqGaJfGZ1Mq5BRjh86arKfoS5z5l

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral17behavioral18

MITRE ATT&CK Enterprise v15

Tasks