General

  • Target

    bce9e61d4929a5656f90d7cfea4dca88_JaffaCakes118

  • Size

    6.0MB

  • Sample

    240618-t3rjtawapk

  • MD5

    bce9e61d4929a5656f90d7cfea4dca88

  • SHA1

    54034d2fa52302503db563fe62957d06519e2e9f

  • SHA256

    89a7f21733f499aa494f19ff5eecc8db1a6567d636c532b633932944c5e4d2c1

  • SHA512

    d1fab5bbfb6724b5bd3ac7422b4c68e9b6e642a4fa287734a969cd2621f6e26b99d0012dfbd1d2fc5bbb083cd8e6bf036ca4da4af2b54349dad08804fc252b17

  • SSDEEP

    98304:+vZYbbizA++mwWHMCHwGQ0ZEeUyie/XeUpTvk7JKl25cje5xZHg2:+4iJ+qMClLi1UpTvk7Y05ee5n

Malware Config

Targets

    • Target

      bce9e61d4929a5656f90d7cfea4dca88_JaffaCakes118

    • Size

      6.0MB

    • MD5

      bce9e61d4929a5656f90d7cfea4dca88

    • SHA1

      54034d2fa52302503db563fe62957d06519e2e9f

    • SHA256

      89a7f21733f499aa494f19ff5eecc8db1a6567d636c532b633932944c5e4d2c1

    • SHA512

      d1fab5bbfb6724b5bd3ac7422b4c68e9b6e642a4fa287734a969cd2621f6e26b99d0012dfbd1d2fc5bbb083cd8e6bf036ca4da4af2b54349dad08804fc252b17

    • SSDEEP

      98304:+vZYbbizA++mwWHMCHwGQ0ZEeUyie/XeUpTvk7JKl25cje5xZHg2:+4iJ+qMClLi1UpTvk7Y05ee5n

    • Target

      $PLUGINSDIR/SetupHelper.dll

    • Size

      1.4MB

    • MD5

      e4df5c7f58d5e0ccbbe7a6e74fc449ad

    • SHA1

      d0c92b3b78cd5fa61ce51b770565aeb488610c43

    • SHA256

      af55cbbbd681182226c5e854470a05ea8ec6242a30d28c61ce9c20b968088db8

    • SHA512

      5f7456f107df50809bd504e46cd4f5cc43764e683fb14dbcd03c1e6ab5ea5868c0279ed52c8aa5c1795e7928335b9ac07c31c228333dcd44dbb408f04ce2619d

    • SSDEEP

      12288:9GoXS24JiBgSwIiO/qxP4gjICgR5IF5aDTD3rGIBhwjX5xkOC8hPePDeUGFwyhSu:9LCAliO1gqQNgPCUQSUTYoXJ6AT

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      b9f430f71c7144d8ff4ab94be2785aa6

    • SHA1

      c5c1e153caff7ad1d221a9acc8bbb831f05ccb05

    • SHA256

      b496e81a74ce871236abcd096fb9a6b210b456bebaa7464fa844b3241e51a655

    • SHA512

      c7ce431b6a1493fd7d1fe1b1c823ad22b582c43c8eb2fb6a471c648dd9df9953277c89932c66afd598d43ea36f4a8602e84cd175115266943071cbc8ce204099

    • SSDEEP

      192:hClej3uzvJwqJMQKN4GbeWZksMI4ETWcEbcBZ8ep2Kra7yOG:hCm2HgN4GbeWmbI4Eybogia7yO

    Score
    3/10
    • Target

      CacheWechatBackup/Plugins/WechatBackup/AndroidAssistHelper.dll

    • Size

      526KB

    • MD5

      1548f5a97ddeaf511e8528bb0fe69dcd

    • SHA1

      4c6b6889994c50aafc8f10609ccd8fbfd1f78387

    • SHA256

      2e5777bdb2daf1d9aa5739027c019677b30f4a2a7321a23aedfabd25eac70756

    • SHA512

      342f1534a7d342db7c19978b9cb3899be4bf4bb5e08f8d50e593c256fec1f39c5d31de11fc98fa4e59d1822b280b7ca4198cbd554350574edd83577869aa9ec8

    • SSDEEP

      12288:UVIVqeDNQZkrbOgORPV0+bgu5LsIaogQGqIpX2i/zEozlEvwTPkZJwHAsH:UVGbSkrbOgORPV0+osgQGqIpX/Iozl5V

    Score
    8/10
    • Blocklisted process makes network request

    • Target

      CacheWechatBackup/Plugins/WechatBackup/ConnectService.exe

    • Size

      4.5MB

    • MD5

      bc1d2ace3221b777ce8ce1bce7e45bb5

    • SHA1

      b5d74e4c5d050c3015b15db33f14338f8b3b3b92

    • SHA256

      229c60f01ddfc262e0a18e5658ea67e0f0aac1583990009771a6ec63d59b5ae7

    • SHA512

      91c01f53e46ae0741aaf9ae181ce3bfe0714d01d4aa83d3afd3e7dcac97616e682743af26490aec537f19675e839ccd843fd3445a8db29fb52c13e249ec83cdb

    • SSDEEP

      98304:2Hy0XTpSonO9/SBrFFjMoYsRf3Ewex0nT7s9t+sqX9Gwpt:PkN5MQBiTSswex+HsqtB

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Target

      CacheWechatBackup/Plugins/WechatBackup/WechatBackup.exe

    • Size

      1.2MB

    • MD5

      5c3030fd1e41426d9514c9a77ee7e293

    • SHA1

      e0498f9d8d334849e6a68c97f2395eacbdcb3be9

    • SHA256

      e630bab24ca40643ec06c5cf83fbfb4047018c66ad8f75ded4a735cb8cb5658c

    • SHA512

      66b9fbd61639fae23846759e10f5cbe410691149bf0cf775c842c2c7d807d8239613c759fc18d478d5624e27e97ace1715fb2456d85e0849c8ff98eb02d68604

    • SSDEEP

      12288:lR2gY4wPKpZat4OIjyO1wx8LXSYgB3MoiAxIaX5MRsIWOXwu0lt5ZBrL1ZnQJlix:bnPjxMksIWOXwuiJ15QxyMELQ4mDXctZ

    Score
    1/10

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Event Triggered Execution

2
T1546

Netsh Helper DLL

2
T1546.007

Privilege Escalation

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Event Triggered Execution

2
T1546

Netsh Helper DLL

2
T1546.007

Defense Evasion

Impair Defenses

2
T1562

Disable or Modify System Firewall

2
T1562.004

Modify Registry

2
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Discovery

System Information Discovery

3
T1082

Tasks