General

  • Target

    8d535c8b295aee2bc04e2f808f6bdb54_JaffaCakes118

  • Size

    4.2MB

  • Sample

    240602-jfza2afa9s

  • MD5

    8d535c8b295aee2bc04e2f808f6bdb54

  • SHA1

    667af2b96b352e90ab31a167dc64cc5cd810d3f3

  • SHA256

    dc9d20cd3326273a57777cdcc31ee730988660b6eec9153647646e8cb9882829

  • SHA512

    bf548164dc8f6d052587f765830b081dbbdbe90479a984e5de5330df6129ba8d00184fb7d561571d8f3966dffb4f7afabcaf0def37f77e90f17a999972d2e2d2

  • SSDEEP

    98304:e6BoHqnjm4eGTci6sw2Yc8zDy/Ad6KOFLDZ2UX2MuIRPz0B:exKS4eGbzJAwKOFLkUX2MueQB

Score
10/10

Malware Config

Targets

    • Target

      Conficker binaries/1DB5476C766555C9995B25D19F97B9BC.EXE

    • Size

      84KB

    • MD5

      1db5476c766555c9995b25d19f97b9bc

    • SHA1

      f509f352e4ee0f8d8ee2902721ae3a15799baba1

    • SHA256

      02137e9426258e8d1186dc21ee344ffc5cdb3f068a6600ba1897fd9d27ccba43

    • SHA512

      229badb4811990e692444bf93cf804cef087ea4333292d26cea4aeeb63e40d8d0780cf9b9663bb0c4dcdf2e9f15d24ccee80a4d236718475aeb0700adb6a2701

    • SSDEEP

      1536:4dlWJX+NT6wCg8JShVJs2t/D35mDVg7P5j3eOUWOjgxNWQTTprOh/eJwKeUodu5:dX/oK27guP57exW3DTpvEUod

    Score
    8/10
    • Blocklisted process makes network request

    • Drops file in System32 directory

    • Target

      Conficker binaries/223D8089F8EE82F8B05266BAECAAC61E.DLL

    • Size

      56KB

    • MD5

      223d8089f8ee82f8b05266baecaac61e

    • SHA1

      6ede5f34e8717b470de10e56c99adc7c47307842

    • SHA256

      a3617214a291590239cc686f97ef76841215ab0fd70bf35696e70b8f696a78de

    • SHA512

      48accb32d1bd0f3c43f34518aa6872c3800449589573cc32719a2a0bd9fd4ae7ab07f964f9687eef9480c88e71bbb60c7d24b94a90ababb35df05a993b55eb58

    • SSDEEP

      1536:XIfjT2t7mOV6w9cZHC2m1FfVzxtrx7Z9+DFUf6LnhAWXKj:XI7T01iZeP3Z9ESgKj

    Score
    8/10
    • Blocklisted process makes network request

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

    • Target

      Conficker binaries/BD35D4D98FCBB1EC0E090FD2C631BAA5.DLL

    • Size

      62KB

    • MD5

      bd35d4d98fcbb1ec0e090fd2c631baa5

    • SHA1

      e48b2fcb09ada376895fc838a9c3c9e233c2ffba

    • SHA256

      7b603982ded5d5e51fee8acce7c9be5e16be97330ef6036a461d5a5ed83e4829

    • SHA512

      8946f19a085c5d590edb24faee28ed840333528a538a2c251f30a28c71ce9ae78e1d919ce286c124d0aa18749b1b30718b78baae43681480fdd5e7f3ba0fa863

    • SSDEEP

      1536:2FXaaJ9lg392whB37UBqbLpK3TF5rwxk/yx8H4/0I2cduoM:4KMwQw/UBqfS56kYMTguo

    Score
    8/10
    • Blocklisted process makes network request

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

    • Target

      Conficker binaries/CC7EDB2E4300AC539259F3FFDE0F1AB6.DLL

    • Size

      55KB

    • MD5

      cc7edb2e4300ac539259f3ffde0f1ab6

    • SHA1

      692caa0d6fd13028bec25cdca15f13522d1b3a7d

    • SHA256

      f9ad7be3c4f8cf06d2f5f1784c8c9eae81f15559a2c906a2ded9ba51cc659e09

    • SHA512

      ec96df9d96f772b2b901397ae660f906c708f15f575955e3eaa56d8abbe05fca9348942c9ca0a6052039b72c2f3a2d1abf960acdb131b597af2f8d76c1850ec1

    • SSDEEP

      1536:teksNva96imfw8qZ0V5VGnr3K3DvM+ADV:spaBB8eK5c3QDvmh

    Score
    8/10
    • Blocklisted process makes network request

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

    • Target

      Conficker binaries/CC7EDB2E4300AC539259F3FFDE0F1AB6.EXE

    • Size

      55KB

    • MD5

      cc7edb2e4300ac539259f3ffde0f1ab6

    • SHA1

      692caa0d6fd13028bec25cdca15f13522d1b3a7d

    • SHA256

      f9ad7be3c4f8cf06d2f5f1784c8c9eae81f15559a2c906a2ded9ba51cc659e09

    • SHA512

      ec96df9d96f772b2b901397ae660f906c708f15f575955e3eaa56d8abbe05fca9348942c9ca0a6052039b72c2f3a2d1abf960acdb131b597af2f8d76c1850ec1

    • SSDEEP

      1536:teksNva96imfw8qZ0V5VGnr3K3DvM+ADV:spaBB8eK5c3QDvmh

    Score
    8/10
    • Blocklisted process makes network request

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

    • Target

      Conficker binaries/CE18A72735FEB7A315B947DC0986009D.DLL

    • Size

      61KB

    • MD5

      ce18a72735feb7a315b947dc0986009d

    • SHA1

      6d2ffc85bf7618d4327bfefdbd3bccffcae96902

    • SHA256

      a8ca6723215da21f66e66723089d64bbdd6e555011f0b287140791c207883a6b

    • SHA512

      f613d8be45b5043c1e30554b23b8b7380e529e70e5a0bb9fffcf10a310c5f4950349574fa7d52ec5dc9bd8330f3cb5ad31f7bd0242f16f96d85d7e3326bca76d

    • SSDEEP

      1536:Ez8Q08yoP+rK1cb/Ow7YtixPGjUb1MHvwfQ:Eg5/j1OPsJOGQ

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

    • Target

      Conficker binaries/D9CB288F317124A0E63E3405ED290765.DLL

    • Size

      61KB

    • MD5

      d9cb288f317124a0e63e3405ed290765

    • SHA1

      5815b13044fc9248bf7c2dba771f0e6496d9e536

    • SHA256

      bacc62584144981a57516b1bfcb4350d511f2fe89197a7605e3cdff645416dc1

    • SHA512

      540bdca9e84ad7efd968f3eca59a6ccd35fb5f1a6df489b06b199a7d3075e8ba305554579d2a37734a38f33d4e0886797b75d5f34319a851d68add1b180f864b

    • SSDEEP

      1536:oUUmZ6gSi9/wx9+krA3XYVBAV/qNDuVb16yMNk7oPwhkL:o2gg8E53IHS2DsboyMNk7Ewhi

    Score
    8/10
    • Blocklisted process makes network request

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

    • Target

      Conficker binaries/bd35d4d98fcbb1ec0e090fd2c631baa5.EXE

    • Size

      62KB

    • MD5

      bd35d4d98fcbb1ec0e090fd2c631baa5

    • SHA1

      e48b2fcb09ada376895fc838a9c3c9e233c2ffba

    • SHA256

      7b603982ded5d5e51fee8acce7c9be5e16be97330ef6036a461d5a5ed83e4829

    • SHA512

      8946f19a085c5d590edb24faee28ed840333528a538a2c251f30a28c71ce9ae78e1d919ce286c124d0aa18749b1b30718b78baae43681480fdd5e7f3ba0fa863

    • SSDEEP

      1536:2FXaaJ9lg392whB37UBqbLpK3TF5rwxk/yx8H4/0I2cduoM:4KMwQw/UBqfS56kYMTguo

    Score
    8/10
    • Blocklisted process makes network request

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

    • Target

      Conficker binaries/jwgkvsq.vmx

    • Size

      161KB

    • MD5

      c3852074ee50da92c2857d24471747d9

    • SHA1

      7910076ec1e60326409408fc042c89e96aefefa1

    • SHA256

      cfc5bef5b3a8bd21d5b9748832db14f6966154867c946564e003e0febf2b6c92

    • SHA512

      409faf818f9c1ee034decf1ff7c4727b2bcfd5b45ed6e30a45c3d6b46e3c437fc9d26441df174fbeb585ca8ce0a0fcdc4222815b34d582b6d08eadeb652e3aa8

    • SSDEEP

      3072:ycesbKsNNw3cMX6ybBlhRsjbGZjZ+mcqSrlv:ysNscwBlwbGFMmcdBv

    Score
    10/10
    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Target

      Conficker binaries/jwgkvsq4.vmx

    • Size

      167KB

    • MD5

      8c9367b7dc43dadaa3ec9da767c586cf

    • SHA1

      5fd0af3aac0c54d4858a50f0e62d6b5a2035d97a

    • SHA256

      732b6aa48c1ba35e7c302bb77e14d8b4a7f908209a5d4606c2732ae2611a08ef

    • SHA512

      f4fe5da612cc3c90c94bf631fbefae3430a5f7d7ad093795a2f70e22a67076216c49751918bc4b339de1a2f398894218cb56164a0013faf359aba1cf5f521c49

    • SSDEEP

      3072:N10UxxXKM7SmRSOEAHnt7oyYv7Z3X6Q3TM+5jldzla5H8HZM6Od+jkDCQ09mJkn9:N10UxxVdXWyYvVHRTM+7d45H8HZ6d+4A

    Score
    10/10
    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks