Overview

overview

10

Static

static

3

8e04860727...18.exe

windows7-x64

10

8e04860727...18.exe

windows10-2004-x64

10

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

405.htm

windows7-x64

1

405.htm

windows10-2004-x64

1

SFhelper.dll

windows7-x64

1

SFhelper.dll

windows10-2004-x64

1

docbook-xsl-update

ubuntu-18.04-amd64

3

docbook-xsl-update

debian-9-armhf

1

docbook-xsl-update

debian-9-mips

docbook-xsl-update

debian-9-mipsel

head.js

windows7-x64

3

head.js

windows10-2004-x64

3

networkEve...ibe.js

windows7-x64

3

networkEve...ibe.js

windows10-2004-x64

3

parse_modified.js

windows7-x64

3

parse_modified.js

windows10-2004-x64

3

root.js

windows7-x64

3

root.js

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8e048607275f42adff61e4adfee9df0c_JaffaCakes118

  • Size

    943KB

  • Sample

    240602-n83alscb4w

  • MD5

    8e048607275f42adff61e4adfee9df0c

  • SHA1

    e371fddeb36b88381a7670a5fd32f6a0567d9124

  • SHA256

    502a0e685078b5c44fd566ea2f14c7f998fbb1d04f6527a5c289bc661e6b9944

  • SHA512

    0841226e5ed67a608047404b56f1ec97192bc446a06757b2bdc2c3bf9f7cfa3b9325bb9eb56cc81a30d289ce8624980ef752d1612a1ada53182575e404b1c00f

  • SSDEEP

    24576:K4sjfOiXhamHfpQbcDCd6WklChjZbhpJnsgMxEjOf:4jfTYuocDC1hd3ZG5f

Score
10/10
sendsafeunregisteredbotnetexecutionlinuxspam

Malware Config

Extracted

Family

sendsafe

Botnet

UNREGISTERED

C2

91.220.131.43:50003

91.220.131.43:50004
Attributes
  • service_name

    Enterprise Mailing Service

Targets

    • Target

      8e048607275f42adff61e4adfee9df0c_JaffaCakes118

    • Size

      943KB

    • MD5

      8e048607275f42adff61e4adfee9df0c

    • SHA1

      e371fddeb36b88381a7670a5fd32f6a0567d9124

    • SHA256

      502a0e685078b5c44fd566ea2f14c7f998fbb1d04f6527a5c289bc661e6b9944

    • SHA512

      0841226e5ed67a608047404b56f1ec97192bc446a06757b2bdc2c3bf9f7cfa3b9325bb9eb56cc81a30d289ce8624980ef752d1612a1ada53182575e404b1c00f

    • SSDEEP

      24576:K4sjfOiXhamHfpQbcDCd6WklChjZbhpJnsgMxEjOf:4jfTYuocDC1hd3ZG5f

    Score
    10/10
    sendsafeunregisteredbotnetspam

    • SendSafe

      SendSafe is a notorious spam tool which then turned into spam botnet.

      spambotnetsendsafe

    • SendSafe payload

      botnet

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      eee2912bd1ee421cf1f1dfb1cc327d97

    • SHA1

      c5d3741ddb195718c9b17923eb6abfb7a732bdc1

    • SHA256

      e560384c5298ee2123e8340e716b2c4680f51b4d0347995ba3290dbd1130c6c0

    • SHA512

      1808a068386c790d8ad5096d9fededcfa6e5688e3a68f2499418456c9cafd7b837c811298e6570212155b4a3d6038c1749cfcd9d1b86f090f66d1a5301adecb2

    • SSDEEP

      192:qcOqh13v5z+dHeMR2QwHu5S9i/yULWWBZYJCSJyejPK72dwF7dBKEw:qcD13v5SdHeMRRKkwsejP+BV

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      883eff06ac96966270731e4e22817e11

    • SHA1

      523c87c98236cbc04430e87ec19b977595092ac8

    • SHA256

      44e5dfd551b38e886214bd6b9c8ee913c4c4d1f085a6575d97c3e892b925da82

    • SHA512

      60333253342476911c84bbc1d9bf8a29f811207787fdd6107dce8d2b6e031669303f28133ffc811971ed7792087fe90fb1faabc0af4e91c298ba51e28109a390

    • SSDEEP

      96:UPDYcJ+nx4vVp76JX7zBlkCg21Fxz4THxtrqw1at0JgwLEjo+OB3yUVCdl/wNj+l:UPtkuWJX7zB3kGwfy0nyUVsxCjOMb1u

    Score
    3/10
    behavioral5behavioral6

    • Target

      405.htm

    • Size

      1KB

    • MD5

      1c7d2b2fddd34b82883053f74613a7f1

    • SHA1

      5ded4a3340c5baa2f7875a09234200662a5fb6c5

    • SHA256

      f42aa8b08eac61b29a5cddc51819a28a692b69480948f7d003485c0dbddedd8b

    • SHA512

      2d54662a2a3f852d88e27232a93e5807bfa84be55460f4d9c9d2082d22e7818a337d75edb3fcdbf2fd5e6e34721722df16ada243576ace9598701a51797f50db

    Score
    1/10
    behavioral7behavioral8

    • Target

      SFhelper.dll

    • Size

      54KB

    • MD5

      742b299f76eeffe057a63574c295ce75

    • SHA1

      b7ab39b8c0958885b55ff6ca4bce31d077445596

    • SHA256

      887634e1ad732a47bb0823144957b18e5376dac6dc228c4e69c8bf1dc99de34a

    • SHA512

      ad539f025dbd38fcb8dcc3ba8cb571a51fc7c94ef833ee1e4f980338e6f0ef9a3cada0cf8707b2cefaeee15ba35f35a75822f8c85e34052ce5ba44af3abbbef2

    • SSDEEP

      1536:HXyKXRJLlX1RDFUaKXLXgWknZGUGCWg9HuARKgy:iKX9FUaKGWg9HuARK7

    Score
    1/10
    behavioral10behavioral9

    • Target

      docbook-xsl-update

    • Size

      1KB

    • MD5

      d485a5cd6ca8feeebc079fcc6e914fc2

    • SHA1

      55994d62a8a6c6ea39f1e9c5792fa1343839f2e8

    • SHA256

      6785bc061d585d645cd76d14828928133433cdb329ccc694541f8321f424460a

    • SHA512

      498eec9a93437c580d8f9f92c575330554c9e48a47af4015d32cd6fb03aebb863b1bf084df7a237feea59d477b6a835d59c43ceec07d4d8d048053282de365dc

    Score
    3/10
    behavioral11behavioral12behavioral13behavioral14

    • Target

      head.js

    • Size

      25B

    • MD5

      19ebe25a2df3c27bfc3c692ba7ce9158

    • SHA1

      f7f5514d24f03611b055af2fc9a541ecf579142e

    • SHA256

      f5f9b7e1859d47775dfe65573624e84f1e2d6f9c2a3a08f684b8148cefb720e8

    • SHA512

      76c4e82aa9bf6d64c956788eacb9c8bc13db2e626c44a548ab7a49dda9569ea06b48dc46b92e725ce2ab4a7a7124cf01565923adbc7a4c529ac429184639659b

    Score
    3/10
    execution
    behavioral15behavioral16

    • Target

      networkEventSubscribe.jsx

    • Size

      552B

    • MD5

      5139dc87baf5a54c2394d650626ee46a

    • SHA1

      7ef31929c9bbff6047a21b041db8027dead84b2f

    • SHA256

      c42c59b298bdfeb22070a10dd34521c4cca4cc2545dfff7a46dc0f30dc0aed28

    • SHA512

      3fd93b6707d4294b9ec4c9f975410c0856ceec40f16731921689103e767ee223418f6b8a3018cffef30df4465fdabc59758778cdeeb464fd0243b57df3f25b8b

    Score
    3/10
    execution
    behavioral17behavioral18

    • Target

      parse_modified.js

    • Size

      249B

    • MD5

      f4af9905064ddad61a598d99b164bfc5

    • SHA1

      7f57425bf9a1728d4d3657aa8137ac11e1c7b8f3

    • SHA256

      e350afcbf6527342cd85d99f091ce9acdbf2a1a2f64c95202786dc8fde8e2a26

    • SHA512

      b720070caa9023e2cfe7367c07ec1e3bc382289d6bc79a69b5a5e8a444de2ff278f5788127fcf6a47bf066d13eae33a24b7d3d5d5dede65a9945e0f4b096e899

    Score
    3/10
    execution
    behavioral19behavioral20

    • Target

      root.js

    • Size

      480B

    • MD5

      5108677a8071102d99a65dba00c2b243

    • SHA1

      467a90b3eec3d8930495e4129a9ad6cda838a9fb

    • SHA256

      bb0c776e9e011b5bcf3d4f313a4aa4b2a3a5ba9f26430d34c55df05e8dc4c0f0

    • SHA512

      7ba1e1782428ef68b96b29e29fb13bfa3d46a8a10ef361fb70737897336724dda42b697e646a0183f4d2f417111fc9973843d33856da0dce527bd462d24ddf43

    Score
    3/10
    execution
    behavioral21behavioral22

MITRE ATT&CK Enterprise v15

Tasks