Overview

overview

7

Static

static

7

8f5834b18e...18.exe

windows7-x64

3

8f5834b18e...18.exe

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$SYSDIR/d3dx9_25.dll

windows7-x64

3

$SYSDIR/d3dx9_25.dll

windows10-2004-x64

3

SAMPUninstall.exe

windows7-x64

7

SAMPUninstall.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

bass.dll

windows7-x64

1

bass.dll

windows10-2004-x64

1

rcon.exe

windows7-x64

1

rcon.exe

windows10-2004-x64

1

samp.dll

windows7-x64

1

samp.dll

windows10-2004-x64

1

samp.exe

windows7-x64

7

samp.exe

windows10-2004-x64

7

samp_debug.exe

windows7-x64

1

samp_debug.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    8f5834b18ed92d1e7c3400b50b0aab41_JaffaCakes118

  • Size

    11.0MB

  • Sample

    240602-zd9a8afc63

  • MD5

    8f5834b18ed92d1e7c3400b50b0aab41

  • SHA1

    0290a7e038f2c4841120d108405425fa89a23450

  • SHA256

    c731d258550e4d4d39fea06850f46e7e3b9627bf1b5b2f08d1cd60282df74fa7

  • SHA512

    56d24e85c899e1418629b76b7b16bcf4f13896b1fdaec579fe4e0c5fd09e48414a45854c761745d5c438efc581dda79ce5c603487572bbfcbb98027d09a18c18

  • SSDEEP

    196608:UWXDWftsmihYVAkuJ0zF8HVxfOg45k/nSj6HgjVNtoNZEDb1Mkqo1Ejd4sM2VMC9:UqCftqoA9HVxfOu/nlXN+f17o4UV39

Score
7/10
upx

Malware Config

Targets

    • Target

      8f5834b18ed92d1e7c3400b50b0aab41_JaffaCakes118

    • Size

      11.0MB

    • MD5

      8f5834b18ed92d1e7c3400b50b0aab41

    • SHA1

      0290a7e038f2c4841120d108405425fa89a23450

    • SHA256

      c731d258550e4d4d39fea06850f46e7e3b9627bf1b5b2f08d1cd60282df74fa7

    • SHA512

      56d24e85c899e1418629b76b7b16bcf4f13896b1fdaec579fe4e0c5fd09e48414a45854c761745d5c438efc581dda79ce5c603487572bbfcbb98027d09a18c18

    • SSDEEP

      196608:UWXDWftsmihYVAkuJ0zF8HVxfOg45k/nSj6HgjVNtoNZEDb1Mkqo1Ejd4sM2VMC9:UqCftqoA9HVxfOu/nlXN+f17o4UV39

    Score
    3/10
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      13KB

    • MD5

      9b2bdf058d377da28704af9ca3ef1142

    • SHA1

      0fc0d7fbc4c3a65eec33d9577ed38e545b3cc04b

    • SHA256

      92f34db47c34d6867e6928d4a9cd27747ff642392c0e361f9cab2f5d8c4df300

    • SHA512

      ba0c2a312732832874642f6ca8d3b5aa4274da5cbb3a09d990b442becdf9a1abb98c61c5cbbb55f6a5341d2997388d01f93f69e4946e923a1892c7621775b93f

    • SSDEEP

      192:pK6RrZcTOIiQP00nXGqk3XsGZ4djZbfhhjv6WoF1dBaRp:I6RNcTPPVXG0kIjZbXjv6bBu

    Score
    3/10
    behavioral3behavioral4

    • Target

      $SYSDIR/d3dx9_25.dll

    • Size

      2.2MB

    • MD5

      5b48fe9d6686f0d54b26a005ace24d1d

    • SHA1

      1c395f6d2aa729a607e69dca73f8205cefd26aa4

    • SHA256

      4c54df27ce84d21b2924e64ff79b13e7876ce85d8e0c9c1d0abd8da73888187a

    • SHA512

      6a4fa549578097ba36495ec210365c27d165065820f0fdad20864a3139949e72da00f9b7c614d07d8950307e596b693ed7a291a5c69cc0f9ba30c5f74d6332f1

    • SSDEEP

      49152:IxfcP6/1/QQ0ANFrbfxdqPeQ6eg+XMD3hP7zfOHXD:IxfcP6/1X0ANFrbfxdqPeQfg+XMD3hPQ

    Score
    3/10
    behavioral5behavioral6

    • Target

      SAMPUninstall.exe

    • Size

      55KB

    • MD5

      bde46ec1f1f03acb669887b8ab629a23

    • SHA1

      3b9ad769c83502f7ff65221436f642d4bd8cebd5

    • SHA256

      72fc612f91d2960693c15a680420bd837fc7247a15562aeb32e74b50e98821c9

    • SHA512

      a6101cba9ba9c0a8debb4a328570ba6905f24e61ea66fb578958404d34bccc1bc26cd3da06588892e0d5b5d24a7609d68d75ab6a1597551eb1964a32a8b8336c

    • SSDEEP

      768:FuVnrTcYRbSxh4tUZvUqYlTyUuTIoIZF9msSmJn+eJRn5Am6kRRJ2iZ3igLhMaCm:4VnrvpqBY2IoIWmJ+qAELVigLSapVdsq

    Score
    7/10

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral7behavioral8

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      13KB

    • MD5

      9b2bdf058d377da28704af9ca3ef1142

    • SHA1

      0fc0d7fbc4c3a65eec33d9577ed38e545b3cc04b

    • SHA256

      92f34db47c34d6867e6928d4a9cd27747ff642392c0e361f9cab2f5d8c4df300

    • SHA512

      ba0c2a312732832874642f6ca8d3b5aa4274da5cbb3a09d990b442becdf9a1abb98c61c5cbbb55f6a5341d2997388d01f93f69e4946e923a1892c7621775b93f

    • SSDEEP

      192:pK6RrZcTOIiQP00nXGqk3XsGZ4djZbfhhjv6WoF1dBaRp:I6RNcTPPVXG0kIjZbXjv6bBu

    Score
    3/10
    behavioral10behavioral9

    • Target

      bass.dll

    • Size

      90KB

    • MD5

      8f5b9b73d33e8c99202b5058cb6dce51

    • SHA1

      102699b1dc7e03c9041115f5e3b178f1dab1a27a

    • SHA256

      3f04620d6627abe5c3b4747faf26603ab7a006c81b2021ab4689bdd7033bb4cd

    • SHA512

      89d830d1ed0c55882d1cc77d1a87b193cbffd8b96010d727fad6cd2668ee94c7acfb565ddb1be5b55c8caf9791947b62e8d87fa4896d98124ca2caae0053c9df

    • SSDEEP

      1536:fq5gk9BPaPT8yWZv6UXq+BpSAaSv5vfwKaGorBWHiauTXJSJ:fq5r9BCPT8yZfKahrsiauTZo

    Score
    1/10
    behavioral11behavioral12

    • Target

      rcon.exe

    • Size

      36KB

    • MD5

      3f4821cda1de6d7d10654e5537b4df6e

    • SHA1

      ac682119ac4dc51d8db82fd4a6a0e1f108b74a94

    • SHA256

      19f0d6d844f6f14856e3ea88853202b6310edc4726eb0c803710b67f641e596f

    • SHA512

      0f7f5da6d38a7ad920959363d6edcba3ec9b8645b7ccade0c4590817fbbd7a0415ba492a164c56845a57df643e4d58d83f6f537cc74d55161001704b017a9f7c

    • SSDEEP

      384:ZYblkmoSCITDXSBkCmleSWLJETJBsE9yzd9LzSjvEgKEyokl7V:Obpo8DXv34JE9W0s9LejvRKRoe7

    Score
    1/10
    behavioral13behavioral14

    • Target

      samp.dll

    • Size

      1.6MB

    • MD5

      43956738460be6d46b6807f730efc758

    • SHA1

      8a8e610594888804f362bec88c10aa4f3bf99ebb

    • SHA256

      969e33fffdd22704d176e5ecaac58ebe2e19e221a0b7a3c983b011d72fd8d9b5

    • SHA512

      2a5f27892455e2c01e7a931559e379c134120066c76254ee80a33beda6ce62650e7a187a57131a78ef92aabc2b4ad0960746a450c41b88e9487be7b5d238be1a

    • SSDEEP

      49152:1n2rRdXF6w3W632CvecSHT18oUDpFOjwyKcdQA:WRRF6mWc2CvecSHTvHZ

    Score
    1/10
    behavioral15behavioral16

    • Target

      samp.exe

    • Size

      402KB

    • MD5

      47262ff31e2ba60753a48ae67c2c7278

    • SHA1

      3a2506a6125f9d7ddfa476ed8bee48e9d3376595

    • SHA256

      f190d296525c0d297385539df047cb542ccac4b77976f62082e03210eeee3d6f

    • SHA512

      bbfc5988dd09966f8e1b1fb5c41ef6ef318a13c7d57ecc48eb2d67d55edd68f4ab8f220c19465c5607318359b68854f89c684ade0ae480c9b80c2c6c3eaf1e62

    • SSDEEP

      12288:VgAPaNGsKk6DE10sT3WkgL2TTrXYv3tw:Ok5DEKa3RNTTrXYvd

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral17behavioral18

    • Target

      samp_debug.exe

    • Size

      144KB

    • MD5

      2c00c60a5511c3a41a70296fd1879067

    • SHA1

      5a307b11eedf77749de2601318be6c2fff1fde12

    • SHA256

      f64d11680442cea5940614177b5ecff866e1e45c07a95cd5564327a94e8101d3

    • SHA512

      30cdca5e5b9ae89e9ac6d12a361fce3b050e947cf0615ce80e214405bfe82aced2addac759640c39e9772d78f5287532eba9a467418ccb94487e11e41dd611da

    • SSDEEP

      1536:KjKmF6kc7OTzS1s2WlZ8hUg54XgH5BXidKdz4koPxCmIp7Vi13kZa:C6k7shWlZ8hUw55gCRoPx1IVi13I

    Score
    1/10
    behavioral19behavioral20

MITRE ATT&CK Enterprise v15

Tasks