ff3afd8eb7622bca8ea7fe7eb01daa3d0c93150d2ef0780a3d97ba674390ee97

Sharing

Copy URL

Twitter E-mail

General

Target

b322ada02e17d5d770eabe46e7fea6b7_JaffaCakes118
Size

5.9MB
Sample

240616-mzemhsvapk
MD5

b322ada02e17d5d770eabe46e7fea6b7
SHA1

f1017a7ac33fdece2ad914f2d8a364a5af79cd73
SHA256

ff3afd8eb7622bca8ea7fe7eb01daa3d0c93150d2ef0780a3d97ba674390ee97
SHA512

5c2744271055c3a6175c0a5f58ec6cb314344027aa96e93e6a4cf5be355cda4a2166bd0c8fb19a2dff176be61b89935247650d4fc33e61257b9df4733c958145
SSDEEP

98304:hyA6L0LrIbq9kiQq7cOGxb5sVbzjZUztx2kFBNMrj82saJ5d5pf8VDz08wMqd:56L5MQJl5sZzjcKkFBNM/TvdLfCDz08m

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  9553下载.htm
- Size
  
  861B
- MD5
  
  03033cdf475f981a1777c0fef43f8700
- SHA1
  
  8ba65dc9adaf9fdcaf86efddc4c626e2cf26668e
- SHA256
  
  89439c037b34a0511f794c1f98e8a52a64910dfb8faa93e62522b83a98b327e9
- SHA512
  
  edb1b1a710733a2eb236e2d2920884754f88846fac4e6bde1fcf98d719db1211eb9b9f4ee18a560e9a7243b7caabccbe642fb8e02db4fd62c6d7b059717d35f1
Score

1^/10
behavioral1 behavioral2
- Target
  
  luyou/ADService.exe
- Size
  
  83KB
- MD5
  
  e78e40d2d66827478197a92125c6c924
- SHA1
  
  bce5e551f21d37498eef2213a6c68c7c4fba81bd
- SHA256
  
  602d6ffeff2ebf5ada110855e4f989ee966b89517b90675c26726eced5b0a9fe
- SHA512
  
  9700ded94da3f865232ae2098d6d77745305a49ec20358b96fd90835d642f2b42eaf071a905c9d0230a7f0a37893cb60fcc35b0a6304d2790e9cf885aad5f650
- SSDEEP
  
  1536:1y/nri4U02ZifCLMYQeXsENoBta4VuWM1KccqqEgb2rvyV5G84LY:1y20pf23Qe8ENofRQ1qEgyrvyV6Y
Score

1^/10
behavioral3 behavioral4
- Target
  
  luyou/LYUI.dll
- Size
  
  477KB
- MD5
  
  791dfb1732f491ba309003725d0555b6
- SHA1
  
  1227cfb12eb6e877dd789ba867f7c50decfc5d2f
- SHA256
  
  0ac4166a3d1b811ddf66a9ccbf157e2d61cee80c2bf9cc3054d91dfa97ae3ff9
- SHA512
  
  43a84bd2c6038b406d910357b8b63538a313f2ddf95beb4f7538c9ab4f78132c2f39346c64a70700295d8fa880eea8227460154da6c962fb12e628d76ba8ae32
- SSDEEP
  
  6144:AB8OBX9TpDOdLhf+4NzB8YIBPm6ENDjkq65u4jnQpPvVO1J472X:S8OBtdqzQnUHG5u2QpPW
Score

1^/10
behavioral5 behavioral6
- Target
  
  luyou/LYUpdater/CheckUpdate.dll
- Size
  
  304KB
- MD5
  
  100c64b1d83c0a48ca653b15aeb741c5
- SHA1
  
  e7e3439e7120e468fa09bfdfe6f8670d90f34a0e
- SHA256
  
  9fb945e684a9042b8b4b5e394c318e501a9fa4404167e8813699d4e7e4c31a7d
- SHA512
  
  b5d03803a0202c6a38a62ddf07c3572ca56661930425f8af050d5066d06b7ec0e6cd7dd7dce71f7a2512faf33a1f6487b20a786951783c4a5ceadd3a2a5e1a1a
- SSDEEP
  
  6144:WwFXR890lUFVU1aq1YOtXkK5j22z/vT3Z:1XR890lIa1aq1YeXkK5j22z/vbZ
Score

1^/10
behavioral7 behavioral8
- Target
  
  luyou/LYUpdater/LYUpg.exe
- Size
  
  633KB
- MD5
  
  d50be413e62d45ea47dc6faf7e2b7109
- SHA1
  
  d59ea1a471450c6a80fbc9f8410e2fdfc6b18b37
- SHA256
  
  0390ca900fa96a23e421d4f0ee5631c6af52d0cc39c0ae2788b2d5e41d500c85
- SHA512
  
  3049ff38afc987caa5566c9bb7495f3abbfff2448cf4e0a2eb1f25977b36a8489d8fecc0c224a92169523b7972bb696fc4bc8fce224e15cd12bc97c1e2ebdcd9
- SSDEEP
  
  12288:KdZ6MuBteLpKHS8N6cpLQCn9eRwdpEaq1YNVZgKO7UwiusDMyHLxEjsDEDPo:SiHS8NMC9eRq3jgKO7UwiusDMyHqAQDQ
Score

1^/10
behavioral10 behavioral9
- Target
  
  luyou/RmService.dll
- Size
  
  109KB
- MD5
  
  aec7909d12e4b3fb97ccbf0d25e6f1d0
- SHA1
  
  c873cf155ffcc92ef38642166d8c52fca6ebfe54
- SHA256
  
  f5d30f21b6f7381e424922a0e106a89d07538a70b3cb80eee1751858fff051a6
- SHA512
  
  f0bafe1c5b639e9349fa55b387f171c99bb4fdafaeb4e8ef2ffe544cf3e18829e3a77b9b3ea6d33ba4c7589d81d05424fadcb1ae5ef7d55ee2ea8d75b5fb3bf2
- SSDEEP
  
  1536:TgWxjQdo5F5SS87ukEmxpxcilzZLiz4lgJj3nIsO7NzRUs0BRjm3gRGQlOtCaWmM:8Pl1LisJNzRUsjw0eOtCaWmUdawswx
Score

1^/10
behavioral11 behavioral12
- Target
  
  luyou/dbManage.dll
- Size
  
  649KB
- MD5
  
  b980618885823447a50110738cd75081
- SHA1
  
  0ea5773c46897a50e7d722a519b0c1a33727237c
- SHA256
  
  d913d6aac862119f7d38882f9a15a0bed1a0e99eeac5f2a18d696f429ea6e246
- SHA512
  
  4bfb5314df1f83a2995ab1e7e57fe24cc3ca56fea1d3c71dd72fedebec514e6709126e6e633b7096d3177f31213bdf6ee9beb76754a324ca1902904344665e07
- SSDEEP
  
  12288:Uz4fOGQZ7ONEaC95bcr3YSHxTNdms+VyTQrQewfmCB+R6jX44cLExT/dwYIqnui5:UmO7AEas5bcT1HxLWEPf/+8jItExTq+l
Score

3^/10
behavioral13 behavioral14
- Target
  
  luyou/http_net.dll
- Size
  
  89KB
- MD5
  
  629f361617fe5a04ebba35dbd3932694
- SHA1
  
  a01acb45bbfa92984de984e6776e1f9c341725c7
- SHA256
  
  df8c12e06f39cfe562adbe41521a9433048bb278be7c4e7970ac8b95ecc52d1e
- SHA512
  
  d2eae0410777ced8531336862731bd466444239079ee499e9a43251f6a79118e0eb38661ba38d1c25d75f1d6ea2aa7b53881eac295143d42de5be8554e8eb483
- SSDEEP
  
  1536:pDJpUaMKQkjtIvUGclW5sResntQIPcI70CNkgg45OS3qcLC9:p9pUaMk6U7l0sRNvPcIoC7g45OS3qyY
Score

5^/10
- Drops file in System32 directory
behavioral15 behavioral16
- Target
  
  luyou/libeay32.dll
- Size
  
  1003KB
- MD5
  
  a1fafdb2ece294fcf38c189671ffe278
- SHA1
  
  c36d4e0b7f935a13bfacc223b45d903fe07918eb
- SHA256
  
  8535ecd338b1d903e4719370fb432deea80d01c2d95a93d9d22fd7761e519ab8
- SHA512
  
  1afe46b1b493dcf86050158e5983ee907eb2899ac1473b44c3f813642e5be4c87b117b5955332aaa21c4104a496deda78e460876a633bf4cbef8888f7aba686b
- SSDEEP
  
  12288:5eOiZOSAS01zLiAf1PxLZteyl9T0rWy90g0fqTe1lCArnPFOzXGopS2f4kmbmmE3:VB1PxL+00rWaRmxnNc5p1Hmimn0h
Score

1^/10
behavioral17 behavioral18
- Target
  
  luyou/luyou.exe
- Size
  
  1.8MB
- MD5
  
  e972f5db197210611b1ffba0bb2234b2
- SHA1
  
  3bd51f2f30ecb7b05b3d47db36e433ed3b20d044
- SHA256
  
  d0817c3c51984d66b265ba285da7f51a3f5b6ab3623aff83869d5550b578fb2c
- SHA512
  
  09fa30ebd6a7a1015d866b63b3a290017522339b16361c68dca10a21337eb7bda0279e6e2d95358b2c9b9277eefb4ae3464baa679b76e361ca0bbe0b4955fcf6
- SSDEEP
  
  49152:RTqjGxE6yZQPkL8AxmePy4suulc3r8AQ/5MtdS2X:/oHmoy4suulc3r8AQ/5MH
Score

8^/10

persistence
- Sets DLL path for service in the registry
  persistence
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral19 behavioral20
- Target
  
  luyou/lycore.dll
- Size
  
  80KB
- MD5
  
  21fa8bcce5de0c2d53cf78dc486ef303
- SHA1
  
  b390153ffea3470bf16538ed2604e20e26a0c297
- SHA256
  
  28832f6a1ade188be6c77346efeb550f9086cb47db4f5796a00c9747793996e5
- SHA512
  
  0a65ff344988bc17053c28dc552872cd1fe8bad614d60dc2893a0202adef6440ed9c7461536a403d00cae50bc79898829c3b586e4a09b9cee9ae56bbcaa8fe4d
- SSDEEP
  
  1536:N50ZBrzLdrQ2YaMbWSkakq+NGxjqlgt5Z54LW:NSZJXdrQyMsq+kxjqgt5aW
Score

1^/10
behavioral21 behavioral22
- Target
  
  luyou/lycore.ini
- Size
  
  52B
- MD5
  
  4f4edcf0f141d93d9db5f8aa154ddba3
- SHA1
  
  ade0db9bc0d9a407001d82de36a32dbc3a469453
- SHA256
  
  e457298894374cafd53bbfa6b0b816fb6e6d57141cd298cc7beff9e749afc844
- SHA512
  
  7f18a7a750f7de9f305ddb00264d9ef71fd7235987af92d7daa76880874c630a691b540c2581722fd5ec71299013bd7065b777707ad2f2f22d6cbe1d81873513
Score

1^/10
behavioral23 behavioral24
- Target
  
  luyou/lycore64.dll
- Size
  
  101KB
- MD5
  
  f734d374b5b4c199d6b603726ac172de
- SHA1
  
  e6562917d84ed4efea2bb83c6a2dd8a2ec73ccc8
- SHA256
  
  cf3a46d5a5c17539df0766d3cceb5675765defab28091ec610cb494c8e8dd7a9
- SHA512
  
  268028dcccc698e808c660cfd6bcb27ed63fa5ddb4926e01b3f13d36bb52a03fd734008d3f44a414a4145e7eac5172938adade1f9289c74b3f583e97db2e944d
- SSDEEP
  
  3072:mbfVUePiCMIxsUA/uMRCghOTiUFC+i96EMkGwwHuXE3L:YUIuUAGsOTiUFC+QsfMI
Score

1^/10
behavioral25 behavioral26
- Target
  
  luyou/msvcp90.dll
- Size
  
  559KB
- MD5
  
  871f979d70414c900b35e56222932daf
- SHA1
  
  dd683e4ad54cab6ba1c7b3ce9c0925db0e1d0e66
- SHA256
  
  91fd46d7335c9990a20f215b9f6f53bc59551420a9c99ad8110ae2f9ff7598f0
- SHA512
  
  87e1e585a8a5ffc1bbe87d58e4d8de2831d1589526143ca0cf7fb919b4842c81e50b656cb6a44975d707753063171801cb538d6755a573f8a91cc8be996f7fc0
- SSDEEP
  
  12288:d0/veMyZ137mSEWT0VkypLvNLehUgiW6QR7t5183Ooc8SHkC2eM8Oa:d0SZ13iwJmNLq83Ooc8SHkC2eb
Score

1^/10
behavioral27 behavioral28
- Target
  
  luyou/msvcr90.dll
- Size
  
  640KB
- MD5
  
  4d03ca609e68f4c90cf66515218017f8
- SHA1
  
  545e440940073d5ec49d47fefd421730f8b33efb
- SHA256
  
  cf420aced0d810e1d75f6811dd986f2d9fded2fbb8d61fc9a7024520c475febb
- SHA512
  
  1b52d09f94bd37850d098ae7222e85e16a4f6df14cfdfc28526cd98b81fb009865fa75774ee4feaa2e5d5861bea27759fe4fb979c902f8ea60afa8c3e1f723fe
- SSDEEP
  
  12288:1hr4UCeeHTA80gIZ4BgmOEGVN9vtI0E5uO9FAOu8axPFmRyy6aE:5e2g5gmO791I0E5uO9FAN9mRyyzE
Score

1^/10
behavioral29 behavioral30
- Target
  
  luyou/net_client.dll
- Size
  
  51KB
- MD5
  
  0de50726408ac05130df4ce8dd952f6e
- SHA1
  
  510db4ac4dc6387ea0f75429b659abb3f861fb0b
- SHA256
  
  06ec57a91376559835eee5d86b9c2b21acd588bcbbcf4cd5a350ad406fad056e
- SHA512
  
  e386795c7f109db091df89158b23ea7d89c0a0b35a24b271d4370216296e17e1bd5b2cb6f209b7e3be2a8f22013dcce93ef1adabc7f8cbeff41ac6f1f4bf59de
- SSDEEP
  
  1536:RQMtia2mY+HOT2RlmRJ3sysGZOtSXRo4Li:TLqTPR6yJZOtSXPi
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Drops file in System32 directory

Sets DLL path for service in the registry

Sets service image path in registry

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32