854884a55d69892f428e15d7b0df5515e8e548732adc228e40accf83df017a0f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9614004943301efe7415bf4f0ec07f80_JaffaCakes118
Size

2.8MB
Sample

240604-yn56wahf7t
MD5

9614004943301efe7415bf4f0ec07f80
SHA1

955d158826d5cb62156d5cbd961476e0168d1f06
SHA256

854884a55d69892f428e15d7b0df5515e8e548732adc228e40accf83df017a0f
SHA512

3c79e35fca4b3e9d38d47b902a7174c976f3d3889bd24fa10999d7f56215c99b80521f7b8a8ae1d873d0f307b7c4dba36d7b8f7476d6a0174e8e7d0aa276ef69
SSDEEP

49152:H5hlKMgTUqV278xt6bfjtruyxazU8/i8D2EyWJH7/iQQfQZYBD0eYI+HZW5n9K2R:H5hlKMgTUqV278xt6bfjtruyxazU8/in

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  9614004943301efe7415bf4f0ec07f80_JaffaCakes118
- Size
  
  2.8MB
- MD5
  
  9614004943301efe7415bf4f0ec07f80
- SHA1
  
  955d158826d5cb62156d5cbd961476e0168d1f06
- SHA256
  
  854884a55d69892f428e15d7b0df5515e8e548732adc228e40accf83df017a0f
- SHA512
  
  3c79e35fca4b3e9d38d47b902a7174c976f3d3889bd24fa10999d7f56215c99b80521f7b8a8ae1d873d0f307b7c4dba36d7b8f7476d6a0174e8e7d0aa276ef69
- SSDEEP
  
  49152:H5hlKMgTUqV278xt6bfjtruyxazU8/i8D2EyWJH7/iQQfQZYBD0eYI+HZW5n9K2R:H5hlKMgTUqV278xt6bfjtruyxazU8/in
Score

7^/10

discovery
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  a1cd3f159ef78d9ace162f067b544fd9
- SHA1
  
  72671fdf4bfeeb99b392685bf01081b4a0b3ae66
- SHA256
  
  47b9e251c9c90f43e3524965aecc07bd53c8e09c5b9f9862b44c306667e2b0b6
- SHA512
  
  ccc70166c7d7746cd42cd0cec322b2adf4a478ff67c35d465f0f0f5b2b369c996a95557b678c09cb21b8311d8a91eed4196ddc218ea7d510f81464669b911362
- SSDEEP
  
  48:apTVWFeApYx2lxaKe3yfeEIWCGWNpBWLGGrx3pMt4z8mtJ7HofYZVSLa:RFG0xaKkyfjIWTW7BYrhSbmtJ7/V
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  bf712f32249029466fa86756f5546950
- SHA1
  
  75ac4dc4808ac148ddd78f6b89a51afbd4091c2e
- SHA256
  
  7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
- SHA512
  
  13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4
- SSDEEP
  
  192:0N2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Kx:rJoiO8V2upW7vQjS/
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  c7ce0e47c83525983fd2c4c9566b4aad
- SHA1
  
  38b7ad7bb32ffae35540fce373b8a671878dc54e
- SHA256
  
  6293408a5fa6d0f55f0a4d01528eb5b807ee9447a75a28b5986267475ebcd3ae
- SHA512
  
  ee9f23ea5210f418d4c559628bbfb3a0f892440bcd5dc4c1901cb8e510078e4481ea8353b262795076a19055e70b88e08fee5fb7e8f35a6f49022096408df20e
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  4ccc4a742d4423f2f0ed744fd9c81f63
- SHA1
  
  704f00a1acc327fd879cf75fc90d0b8f927c36bc
- SHA256
  
  416133dd86c0dff6b0fcaf1f46dfe97fdc85b37f90effb2d369164a8f7e13ae6
- SHA512
  
  790c5eb1f8b297e45054c855b66dfc18e9f3f1b1870559014dbefa3b9d5b6d33a993a9e089202e70f51a55d859b74e8605c6f633386fd9189b6f78941bf1bfdb
- SSDEEP
  
  192:SbEunjqjIcESwFlioU3M0LLF/t8t9pKSfOi:SbESjFCw6oWPFl8jfOi
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  132e6153717a7f9710dcea4536f364cd
- SHA1
  
  e39bc82c7602e6dd0797115c2bd12e872a5fb2ab
- SHA256
  
  d29afce2588d8dd7bb94c00ca91cac0e85b80ffa6b221f5ffcb83a2497228eb2
- SHA512
  
  9aeb0b3051ce07fb9f03dfee7cea4a5e423425e48cb538173bd2a167817f867a30bd4d27d07875f27ca00031745b24547030b7f146660b049fa717590f1c77e1
- SSDEEP
  
  96:M/SspqrIYxLPEQhThvov3TE4/2Sa5P9QFFYzOx4uF3sbSEI5LP39sQvM:M/QUG7lhvov36S5FcUjliSEI5LuQ
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PROGRAMFILES/SystemHealer/$PROGRAMFILES/SystemHealer/RescueMonitor.exe
- Size
  
  1.1MB
- MD5
  
  24734ac341fb2cceff50a442538053e0
- SHA1
  
  f5b62be072222a98c44e551d8501a15988f56696
- SHA256
  
  7d36bd3b19031ca6485520536f970c674ac3fff950413dba5ca3cc06ba9ac0ab
- SHA512
  
  0f409037c03888a4862bb10390117e012164c1786b3f2917dd57d907962df30519c8c2668303f0eb0347bc449b52b12a6390be7ab319b65d41dc221f3edeed20
- SSDEEP
  
  24576:FEz6DFyFIX2pO+d+hYuSdReYib7bYdX5hlKMgTUqV278xt6bfjtruyxazU8/i8DI:2stX2pO+0hYuSdReYib7bYdX5hlKMgTc
Score

6^/10

discovery
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral13 behavioral14
- Target
  
  $PROGRAMFILES/SystemHealer/HealerCheckout.exe
- Size
  
  292KB
- MD5
  
  d06cc72502de4ac0b08f43f7120aeaf4
- SHA1
  
  2f9b2c0c58a47fb6cd71644c5650f8837ccfed06
- SHA256
  
  3482fecd50ff66236c0f856f376ea6f57725de2b766773aa200eadd9fe202359
- SHA512
  
  eb92d44d8411d8cfa0bac42463d427c44b5904fc3b796f90365cf30175b85dc5e4ec4230fe909f0ee8e95eebe100cf0a6b23de137e66bd0702132e4e1381cf62
- SSDEEP
  
  3072:oZIcrKw7Ook//9YbNdTaIYGHbYj+aymi+K4z5VKx1sDSCbMenrAaKsLlik7:oqgOok/l6pNp6FDbXTVMU8uR7
Score

3^/10
behavioral15 behavioral16
- Target
  
  $PROGRAMFILES/SystemHealer/HealerConsole.exe
- Size
  
  740KB
- MD5
  
  24369a7fd6a763344d1baf48fd627057
- SHA1
  
  21ba2c33cb5f4b7ab3f0d46633f8799bb13bfd39
- SHA256
  
  baf73e0123c6e871fc7db19409b79376debccd075f10839f2b9e2be96e67f8f3
- SHA512
  
  f29ba70b94a28c098e14f77e3362a26aba1d099e0a0d86f7c6b8e534bff4978536b0f3f3f717199e211fdee22faced0ae3dfbe9b35763a5416a25d1a4f68753b
- SSDEEP
  
  12288:CTNC/8raKCGDNe+SptBtkfY3jZJbgy/Em9Oz/TzOu37TXwbHtuRxuYmaxxp8o:8C8aZzBtkfY3j3gYEzGurkbN8xuhaxxl
Score

1^/10
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18