Overview

overview

10

Static

static

10

akcms3.9.6...cp.ps1

windows7-x64

3

akcms3.9.6...cp.ps1

windows10-2004-x64

3

akcms3.9.6...ex.htm

windows7-x64

1

akcms3.9.6...ex.htm

windows10-2004-x64

1

akcms3.9.6...ex.htm

windows7-x64

1

akcms3.9.6...ex.htm

windows10-2004-x64

1

akcms3.9.6...ex.htm

windows7-x64

1

akcms3.9.6...ex.htm

windows10-2004-x64

1

akcms3.9.6...ex.htm

windows7-x64

1

akcms3.9.6...ex.htm

windows10-2004-x64

1

akcms3.9.6...ex.htm

windows7-x64

1

akcms3.9.6...ex.htm

windows10-2004-x64

1

akcms3.9.6...ex.htm

windows7-x64

1

akcms3.9.6...ex.htm

windows10-2004-x64

1

akcms3.9.6/db.js

windows7-x64

3

akcms3.9.6/db.js

windows10-2004-x64

3

akcms3.9.6...ex.htm

windows7-x64

1

akcms3.9.6...ex.htm

windows10-2004-x64

1

akcms3.9.6...ex.htm

windows7-x64

1

akcms3.9.6...ex.htm

windows10-2004-x64

1

akcms3.9.6...ex.htm

windows7-x64

1

akcms3.9.6...ex.htm

windows10-2004-x64

1

akcms3.9.6...ex.htm

windows7-x64

1

akcms3.9.6...ex.htm

windows10-2004-x64

1

akcms3.9.6...nc.ps1

windows7-x64

3

akcms3.9.6...nc.ps1

windows10-2004-x64

3

akcms3.9.6...nc.ps1

windows7-x64

3

akcms3.9.6...nc.ps1

windows10-2004-x64

3

akcms3.9.6...nc.ps1

windows7-x64

3

akcms3.9.6...nc.ps1

windows10-2004-x64

3

akcms3.9.6...nc.ps1

windows7-x64

3

akcms3.9.6...nc.ps1

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    001fd36018de5aafface7d524e3686e9_JaffaCakes118

  • Size

    248KB

  • Sample

    240619-x17d2axgpd

  • MD5

    001fd36018de5aafface7d524e3686e9

  • SHA1

    3cb8fe6f7e98ba1085a2f37043372e15bf1e39cc

  • SHA256

    b81019d16d83197a22c34667c770345df756242aa5f17cca00f418a5d0360ea0

  • SHA512

    f7047bbf819f7fcd54067b1afe7db61d20308c90152dda237c88e617dfe8d98ddb34d7deddec2f418535773591048317288618c12d60234ae1a2556d050f644e

  • SSDEEP

    6144:GYMX1IQa/7QF7dUxD2Y1O7yeQUdFI0TKmvne5:G5tHdUxD2QIQUdFI0TJ/e5

Score
10/10
execution

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://service.akcms.com/cal_keywords.php

Targets

    • Target

      akcms3.9.6/admincp.php

    • Size

      65KB

    • MD5

      b6b69bdfc434c53c85eda2865fef0d9b

    • SHA1

      db40cd57dca852f6b35b0006c38365a8c73bc697

    • SHA256

      20a28cfe24fb9f4aa82595f7c595897365567a844ecf28512baa647077d4ebcb

    • SHA512

      51207c606954e6f4b28de9c3582bfe43917aa3d47473336b7b5fde09d6232cfc11574e4c969f753be05dc855eaab3d4195ca2ca44f7bca6d96c9881fb3f5f759

    • SSDEEP

      768:aQhnZ26w+jaRM7TlbAYlb8DL9t3OW6EJ3VGHYPerbqe7tjFq14moQaua1gBRmlC2:7hA6wHR0W3OW6KlGtrGoZmauaG7mlC2

    Score
    3/10
    execution
    behavioral1behavioral2

    • Target

      akcms3.9.6/cache/index.htm

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    1/10
    behavioral3behavioral4

    • Target

      akcms3.9.6/cache/tasks/index.htm

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    1/10
    behavioral5behavioral6

    • Target

      akcms3.9.6/cache/templates/index.htm

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    1/10
    behavioral7behavioral8

    • Target

      akcms3.9.6/configs/index.htm

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    1/10
    behavioral10behavioral9

    • Target

      akcms3.9.6/configs/templates/ak/index.htm

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    1/10
    behavioral11behavioral12

    • Target

      akcms3.9.6/data/index.htm

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    1/10
    behavioral13behavioral14

    • Target

      akcms3.9.6/db.php

    • Size

      4KB

    • MD5

      2489ebfc4873a7077bb3baac13149584

    • SHA1

      75f39b450854931b2fb208a1323102984f5d2810

    • SHA256

      edd7a802233faf510640afe7d3d27b870479260db2e541e782f760329db5dbf0

    • SHA512

      dea3759cb6970a61a8ac2d17834845fdf1fbe696d3eced1d54a2fe41ea33104039642fc86496e4744eb8f6283fa077ff40d9e5b6d330854302f7eaf83d60c302

    • SSDEEP

      96:aVe8Ooeqmds1g5QowOvS+q0ZeC3n7TGWhIX7n0rohOU16unIJXtG:aVeV1qmdsGQoJvLZeC3n7TGa2bgoIU9t

    Score
    3/10
    execution
    behavioral15behavioral16

    • Target

      akcms3.9.6/fore/index.htm

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    1/10
    behavioral17behavioral18

    • Target

      akcms3.9.6/images/admin/index.htm

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    1/10
    behavioral19behavioral20

    • Target

      akcms3.9.6/images/editor/index.htm

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    1/10
    behavioral21behavioral22

    • Target

      akcms3.9.6/images/index.htm

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    1/10
    behavioral23behavioral24

    • Target

      akcms3.9.6/include/admin.func.php

    • Size

      28KB

    • MD5

      ee818f1a93b40671e5a7c5e17d257be8

    • SHA1

      7e6fed54c15876f74e3fde6a077ae75ca9c130db

    • SHA256

      3da8dfd54dea36caa7f119db64c103d2ba581cbe0c64b444b250aaaacb9fe10b

    • SHA512

      e6ce98786579652cf82956a97c2486d6336057138be049bb071f6a2d7e0c7694d0d7db49f9e5080c1820778e8b07a398d89db87b2fbc7fbb22cc9473eb2f48e4

    • SSDEEP

      768:A9lH+wvvFO27J1dIZFoRtv/840oUIcIPwizOG:iV+wv9riFsH840oUIcIPj1

    Score
    3/10
    execution
    behavioral25behavioral26

    • Target

      akcms3.9.6/include/buy.inc.php

    • Size

      2KB

    • MD5

      2e460eec9f35148f67314f1ba88747b0

    • SHA1

      aa4aeeeff2ce54e7f9a9d518c4a5376e1fdc9bf0

    • SHA256

      46c950247709f05b401688b2d857c30748aa208ed145b7c1f367e8c421f572cc

    • SHA512

      004f9f15011fba148a690bab1536efa0fdfb23398834ff826503043f526533f56ecc6846542686ece2e412984f3a47780504db8de13e31a03f234bb802947f0b

    Score
    3/10
    execution
    behavioral27behavioral28

    • Target

      akcms3.9.6/include/category.func.php

    • Size

      11KB

    • MD5

      e8b60808a992f3529af7b5dd6af36f08

    • SHA1

      227aea0b6ea82fd175d13b1ef8e6d7b5554ec0a5

    • SHA256

      2321048b3fe9339cbd0f31a7f9c53ba33696765bfbd3df2d04df9c1c1bbe99c1

    • SHA512

      46ceaa453e73e59cd5bb8a5188d4dbf33926f54e5eb91bd9103d99b1ef92d329dbe5511ec8c7bcee1f96f323dc1bb7b0cbdf77d87297a202478f857439776ab2

    • SSDEEP

      192:857bMsMWEInw6SJ7pm2VANpElopic6npokZ+9w72opWVu4T6vpYAoVJV9RaeHCMm:kMTWCJtvANpElo4c6npoK7B8DMYAoHVy

    Score
    3/10
    execution
    behavioral29behavioral30

    • Target

      akcms3.9.6/include/common.func.php

    • Size

      42KB

    • MD5

      279c08a69a8444ede19287073eefc8a1

    • SHA1

      ad70fef5455ada21f0101cc84ad62dfca3eca7ff

    • SHA256

      277dc131ac15db0094b9933d02c8132ce25331469e1ce5782fd5d7d3efcce445

    • SHA512

      6704164ed6f60f49e55d64a37b82006541c991ad979f1f732f78998d5d2143c022389a42e785774285d40869380600cfa7d48859f52fa057bfcaf3df3a97ac2d

    • SSDEEP

      768:5aIjyLSfrs3C5pIfO1yo2z5W98awOXOl4KkMZIZIDSRx2x+6:Zyc5pD1yogcBwHl4KkMZ0eiW+6

    Score
    3/10
    execution
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

6
T1059

PowerShell

5
T1059.001

JavaScript

1
T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

10
T1112

Credential Access

Discovery

Query Registry

8
T1012

System Information Discovery

8
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

Score
10/10

behavioral1

execution
Score
3/10

behavioral2

execution
Score
3/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

execution
Score
3/10

behavioral16

execution
Score
3/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

execution
Score
3/10

behavioral26

execution
Score
3/10

behavioral27

execution
Score
3/10

behavioral28

execution
Score
3/10

behavioral29

execution
Score
3/10

behavioral30

execution
Score
3/10

behavioral31

execution
Score
3/10

behavioral32

execution
Score
3/10