General

  • Target

    8c7d928bf569a4e61ea103bf4acb3420_JaffaCakes118

  • Size

    1.4MB

  • Sample

    240602-b3dnvaee51

  • MD5

    8c7d928bf569a4e61ea103bf4acb3420

  • SHA1

    01abfac7c60a40ed9527892c907d3e7b0dcab0e1

  • SHA256

    829707270ab77a8b13f815d57211bfaa2c6df5dccac0749ceb0dfbed66b1672b

  • SHA512

    1b35dc8e941f69adb41f8668f551c1cdf5a651b4412ff90631b4100e49577b394ef2cabec98937543874215dfddf684907ccd4df574bdaa3848196d1916a1a45

  • SSDEEP

    24576:PvcSfUxBQv1qUyZJlQVatTSgjXKPG9xuw5Pe9aPPXVRGDqxtcXudiapNIOYOf:ffUfQkLLxtTLXr9Uw5PbPlmiJgINIOFf

Score
8/10

Malware Config

Targets

    • Target

      8c7d928bf569a4e61ea103bf4acb3420_JaffaCakes118

    • Size

      1.4MB

    • MD5

      8c7d928bf569a4e61ea103bf4acb3420

    • SHA1

      01abfac7c60a40ed9527892c907d3e7b0dcab0e1

    • SHA256

      829707270ab77a8b13f815d57211bfaa2c6df5dccac0749ceb0dfbed66b1672b

    • SHA512

      1b35dc8e941f69adb41f8668f551c1cdf5a651b4412ff90631b4100e49577b394ef2cabec98937543874215dfddf684907ccd4df574bdaa3848196d1916a1a45

    • SSDEEP

      24576:PvcSfUxBQv1qUyZJlQVatTSgjXKPG9xuw5Pe9aPPXVRGDqxtcXudiapNIOYOf:ffUfQkLLxtTLXr9Uw5PbPlmiJgINIOFf

    Score
    7/10
    • Loads dropped DLL

    • Target

      $APPDATA/AGData/stuff/AGLoader.dll

    • Size

      1.2MB

    • MD5

      b35ece38c4ebaa98a3d0181a900040d6

    • SHA1

      740a3ebd1996cc666b904412bf729016c01b89b6

    • SHA256

      e7ab168866f91c1417de25ff30c4c128edf8559e03892d5817c9eacd05b230cf

    • SHA512

      fcb75bf969b805b3798486d2d21ef1b8664e0c62da79c72f9b94a75112220ec921aeacc4c3cdc04026d0fd043222449c08f17a5cf7d38447a276b602047c0adb

    • SSDEEP

      24576:qPfS9KwYiHns+4mlx9SP6d6UE2cp+oGZhIs9fLt0cj1o1lWmO6IFZfyAJ58SmP8H:EcKwYiH359SP6d6F0hFTxD8SmGmE++Qg

    Score
    8/10
    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Drops file in System32 directory

    • Target

      $APPDATA/AGData/stuff/AnonymizerLauncher.exe

    • Size

      768KB

    • MD5

      45d7082dbb723119fbc1d81274079f02

    • SHA1

      25a932ca9790a9603cbdebf06363d004a1035fa4

    • SHA256

      01b3b36d8b16ef4ba002255c49e3f452fc3fa60ebf2b36dcb31bdd181befc4ed

    • SHA512

      c6aa003f28716b716fc0fb48fc9747ee6abe0ac8de358ce2cc229601585eb7a99d6542e351841eee1bd96ab231a8fe5d3d651539a7da26f9bb73e6986f5442a3

    • SSDEEP

      24576:XF2c+HG0WO99a64eaogHasDgKd9iFirsi6q9mdkmWEfYfgM7:VhAN99a64eG6GYG9md8EfOD7

    Score
    8/10
    • Downloads MZ/PE file

    • Target

      $PLUGINSDIR/AccessControl.dll

    • Size

      15KB

    • MD5

      f894e7068ee5f5b4489d7acdde7112c9

    • SHA1

      79ec857791ad4ac76673b05e6fc44e55315424ef

    • SHA256

      3948484bc6a6e8652c2220be411cdcabab73eab46578faca8c0bd01d3ea290ab

    • SHA512

      e85b2bdc27b9721425bb03393e8aad897647053c77d7862ea541e03dc896173af6eaaf182514d46464d560d15c6b9d4652690885426ac1c68e2b9dd8d632e816

    • SSDEEP

      192:VUmFdGZ2ESi0SGlIO1yn3B+boYt0/SNFdTmUJJimGf/5b2xlUqyWWKCi1wlLjck2:FdGZ2ESnTqkddTm43saIvy

    Score
    3/10
    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      21KB

    • MD5

      cecfad78f8506dcfb68a64300637c16f

    • SHA1

      532f96e9536adc3e6c7c58649c82183cffdfcccf

    • SHA256

      4efbad5e185e0b77f7d2ff7a377db8a4a210c062e46f89ae79d8fe05dab18dcf

    • SHA512

      3d86df842766667f24e4430dbc9d2534dd0ce628dadfef647e6dd2591e8b5e11d7c4bf75adb6f9faab453b7817b30462a0e6a981c370ad77b46baef5d443c20b

    • SSDEEP

      384:bCGI+uz/G3ZPRHncbDmMWj5aa3ZUFZJGEdnz4mPZnfePPLB/xc:2GUz/G3JYmMGaKZUXJGEdzXRm1Jc

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      16KB

    • MD5

      bc96b91bfe7885a31d698d10035e6321

    • SHA1

      31ba2971426a153f6bd3e489eb233d06f2f23bfd

    • SHA256

      32e4679375c55c962c09bac07ea00a74c1305edd22d048a71020e1a3fbf4cbc0

    • SHA512

      075e0241ed54b99e5ddee120f28a8d070e1decee9d3ed8869acd16ef2c0d9154c2e86a52d195c10d3bf4039108b8fc50b3c5b898761fa7bd68903c8e55b1f03c

    • SSDEEP

      192:6N2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/KxBUbBnf7qFBe+PjPBE:ZJoiO8V2upW7vQjS/7nfePPLB/SDp

    Score
    3/10
    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      15KB

    • MD5

      c8e7aacaa3417f95e5225c8dcd6fbf7b

    • SHA1

      f79a5e6cac28a126ffba0edc5cf2e21ce96c17ff

    • SHA256

      053406225b73b44047c354890ab9ad4c8b57cb000aae3e3d30a9b3a60023535e

    • SHA512

      6400a7d8dca3b2407221d023a8b053d5d055c2ff454708f288a206d6c547afa4e034a6e1caee906c680d85b7229de91ef5df3614560c4545655d711842fcdf72

    • SSDEEP

      192:SbcunjqjIcESwFlioU3M0LLF/t8t9pKSfOiLhnf7qFBe+PjPB/WhmEe:SbcSjFCw6oWPFl8jfOiFnfePPLB/tr

    Score
    3/10
    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      11KB

    • MD5

      150e08573da69bd9962e6110ae38b34f

    • SHA1

      d51102abe78b1a2ff60bb2a92cf5f5aad0cbe961

    • SHA256

      aecc5b69c6584968f1280cba55fa5b7edb54e8c94f38e5af028ea1f7ebe38f28

    • SHA512

      2255d020877864fb8ea5f591da7f14b3b42d24a2ce8801e7003ab30931ebd2d28f5ced53f9fc69ef169116523c65dec6ebb396b490ee806747d2817693f160fa

    • SSDEEP

      192:M/SUG7lhvov36S5FcUjliSEI5LuQr8nf7qFBe+PjPB/WhmhGXhh:MSUUhvU6qFRMSEId4nfePPLB/fGxh

    Score
    3/10
    • Target

      $PLUGINSDIR/nsisunz.dll

    • Size

      93KB

    • MD5

      f8f74a4d00a8d8768196a35ec2cb03d8

    • SHA1

      494098f8442f9e05134a97471c3490426720ebd1

    • SHA256

      f57013986085f0f665d6f9760d8264481f0fdb72b78f346bd57a803e305aafcc

    • SHA512

      0b6600367fa7a2960bebb2208f5fa098ecbb606e937cee6179faff614a1e9b12ede6938c92aae5e1fe7ce1c2eb49b404821ce64a8eec9868c05dc36b902666c3

    • SSDEEP

      1536:YPmnCuZs9reYWvAHvXhxQdJeY3tMCo9NTJwd6aimHr5jr5T51NTBq:YPmnCuZs9KoPX6rA9Nl2Rrt51hBq

    Score
    3/10
    • Target

      AGLoader.dll

    • Size

      1.2MB

    • MD5

      b35ece38c4ebaa98a3d0181a900040d6

    • SHA1

      740a3ebd1996cc666b904412bf729016c01b89b6

    • SHA256

      e7ab168866f91c1417de25ff30c4c128edf8559e03892d5817c9eacd05b230cf

    • SHA512

      fcb75bf969b805b3798486d2d21ef1b8664e0c62da79c72f9b94a75112220ec921aeacc4c3cdc04026d0fd043222449c08f17a5cf7d38447a276b602047c0adb

    • SSDEEP

      24576:qPfS9KwYiHns+4mlx9SP6d6UE2cp+oGZhIs9fLt0cj1o1lWmO6IFZfyAJ58SmP8H:EcKwYiH359SP6d6F0hFTxD8SmGmE++Qg

    Score
    8/10
    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Drops file in System32 directory

    • Target

      AGUtils.dll

    • Size

      101KB

    • MD5

      58b75874e57fc16e9579f49d898a1117

    • SHA1

      1e8281fac2e5aaf9970d5a77559e2449f961c31d

    • SHA256

      b2adb83998c127492d9c22dc7b2571b576dba3c96e1f814b8836bb84a668d1f3

    • SHA512

      40fbc4d1c3bdc712374084d79b477aea59cf153b99f8a917e34d82331181b0d9ce7952323688fdf0ea9b0b3ff511bfba17686f20da28fbb31ce24a217bb94be6

    • SSDEEP

      1536:9wonkElPyO5ANfm/aUWfFphAGXP+7sJWsQYF+NsWJW/cd4mSw7UOukY:sO5sm/aUWfF/xClsQBWu4mSw7HPY

    Score
    1/10
    • Target

      AnonymizerLauncher.exe

    • Size

      768KB

    • MD5

      45d7082dbb723119fbc1d81274079f02

    • SHA1

      25a932ca9790a9603cbdebf06363d004a1035fa4

    • SHA256

      01b3b36d8b16ef4ba002255c49e3f452fc3fa60ebf2b36dcb31bdd181befc4ed

    • SHA512

      c6aa003f28716b716fc0fb48fc9747ee6abe0ac8de358ce2cc229601585eb7a99d6542e351841eee1bd96ab231a8fe5d3d651539a7da26f9bb73e6986f5442a3

    • SSDEEP

      24576:XF2c+HG0WO99a64eaogHasDgKd9iFirsi6q9mdkmWEfYfgM7:VhAN99a64eG6GYG9md8EfOD7

    Score
    8/10
    • Downloads MZ/PE file

    • Target

      uninstaller.exe

    • Size

      119KB

    • MD5

      fad952c3911d0be2a5037f1aba028278

    • SHA1

      6772bf6ca4226be971440655296cc1d03556248e

    • SHA256

      19cb8608752b9925f21a81876b8b6da72aeeedc873291dfa5c1085ce0ef748e2

    • SHA512

      c3a51f9c912d62b27e48b70fb6c627f33bcb944a24f4377d2e52e16de055ff4a1bff03afc0a030f9bfbad3f4298f366cf6200068b80fd9bdff43d59d9711df1d

    • SSDEEP

      3072:85BuYAVrgUCPniceApej922VexMkGTo2PW:850gUCampew2UmkGToP

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $PLUGINSDIR/System.dll

    • Size

      16KB

    • MD5

      bc96b91bfe7885a31d698d10035e6321

    • SHA1

      31ba2971426a153f6bd3e489eb233d06f2f23bfd

    • SHA256

      32e4679375c55c962c09bac07ea00a74c1305edd22d048a71020e1a3fbf4cbc0

    • SHA512

      075e0241ed54b99e5ddee120f28a8d070e1decee9d3ed8869acd16ef2c0d9154c2e86a52d195c10d3bf4039108b8fc50b3c5b898761fa7bd68903c8e55b1f03c

    • SSDEEP

      192:6N2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/KxBUbBnf7qFBe+PjPBE:ZJoiO8V2upW7vQjS/7nfePPLB/SDp

    Score
    3/10
    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      11KB

    • MD5

      150e08573da69bd9962e6110ae38b34f

    • SHA1

      d51102abe78b1a2ff60bb2a92cf5f5aad0cbe961

    • SHA256

      aecc5b69c6584968f1280cba55fa5b7edb54e8c94f38e5af028ea1f7ebe38f28

    • SHA512

      2255d020877864fb8ea5f591da7f14b3b42d24a2ce8801e7003ab30931ebd2d28f5ced53f9fc69ef169116523c65dec6ebb396b490ee806747d2817693f160fa

    • SSDEEP

      192:M/SUG7lhvov36S5FcUjliSEI5LuQr8nf7qFBe+PjPB/WhmhGXhh:MSUUhvU6qFRMSEId4nfePPLB/fGxh

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks