Overview

overview

8

Static

static

7

jghdtv_setup.exe

windows7-x64

7

jghdtv_setup.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

Kernel/PPS...et.dll

windows7-x64

1

Kernel/PPS...et.dll

windows10-2004-x64

1

Kernel/PPS...t2.dll

windows7-x64

1

Kernel/PPS...t2.dll

windows10-2004-x64

1

Kernel/PPS...rk.dll

windows7-x64

3

Kernel/PPS...rk.dll

windows10-2004-x64

3

Kernel/PPS...st.dll

windows7-x64

1

Kernel/PPS...st.dll

windows10-2004-x64

1

Kernel/PPS...er.dll

windows7-x64

8

Kernel/PPS...er.dll

windows10-2004-x64

8

Kernel/PPS...ds.dll

windows7-x64

1

Kernel/PPS...ds.dll

windows10-2004-x64

1

Kernel/PPS...ay.dll

windows7-x64

1

Kernel/PPS...ay.dll

windows10-2004-x64

1

Kernel/PPS...ge.dll

windows7-x64

1

Kernel/PPS...ge.dll

windows10-2004-x64

1

Kernel/PPS...sg.dll

windows7-x64

1

Kernel/PPS...sg.dll

windows10-2004-x64

1

Kernel/PPS...lg.dll

windows7-x64

1

Kernel/PPS...lg.dll

windows10-2004-x64

1

Kernel/PPS...et.dll

windows7-x64

1

Kernel/PPS...et.dll

windows10-2004-x64

1

Kernel/PPS...es.dll

windows7-x64

1

Kernel/PPS...es.dll

windows10-2004-x64

1

Kernel/PiP...ck.dll

windows7-x64

6

Kernel/PiP...ck.dll

windows10-2004-x64

6

Kernel/PiP...il.dll

windows7-x64

1

Kernel/PiP...il.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    008cfa35a89b64d3fa50f186f05f6428_JaffaCakes118

  • Size

    13.5MB

  • Sample

    240619-z6x4nasblb

  • MD5

    008cfa35a89b64d3fa50f186f05f6428

  • SHA1

    65c1d82fc92b8e93f162079bd794829c78f0a339

  • SHA256

    3fd157484c55d7b3871ed546865836985ec4995a38fae1b1719ceed6dfb5bb67

  • SHA512

    af92c25f1e3ca9ac26cfcbf78581e397b316e01f4852b624c6729f264c1569c53e9c76d687e18287792452516adced49ecd3e1817346e71f0a9d80c3240e2b75

  • SSDEEP

    393216:uSsnxoPEIZZWTrHH7Vt2ZFjQEXit1PX+wmD6SSgPwQYZkz:BvPEsMHCuEXivPOt/SgPwxkz

Score
8/10
adwarestealerupx

Malware Config

Targets

    • Target

      jghdtv_setup.exe

    • Size

      13.5MB

    • MD5

      46eb15c6068f2cd47532d3573b832990

    • SHA1

      73e241d24f6b7cb0c2492fdfc448287f45875670

    • SHA256

      d999288dd836c32661e7fbce564f331b833caa2ae117449a671d168dd80212ad

    • SHA512

      3ff5c11c18a65645032b97426de7d868c2f91b74247ab1f4f094833bf44d232ec61ba6071ca85e119ab7bc94e9e4f685f1e04573ed752ab9a0243364caef3217

    • SSDEEP

      393216:kehlvQyCgSe/v85L1WTeXFeZNa8pGumCIwG2Wx:1hdQycsAMT5ZsmxTNGd

    Score
    7/10

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      12KB

    • MD5

      1d5c649dde35003a618b9679d5d71b92

    • SHA1

      0409bbab3ab34f8c01289cdd847b4d1a32d05b18

    • SHA256

      0f4d3cee24e3f310fa804983c931d3628613988a24f0be7854f63a9309b8e45f

    • SHA512

      b432ebcc52905662d61a3f17e08e209a3f9d836a9071b3b5e80070af7ebcf34cf66c44426dda041c2a258fda4787e5692e2b35acbcd73288fb84fe3c977bbfd9

    • SSDEEP

      384:pKlm7i+c3QW6ckPhyDEaLnA2bbBBIXwZ:8qi8BcyhEhLBbbTI

    Score
    3/10
    behavioral3behavioral4

    • Target

      Kernel/PPStream/Livenet.dll

    • Size

      965KB

    • MD5

      d6d8fa1f909fbd50d6e02efd0e034b97

    • SHA1

      c65b74e88e720c780f0de1898b89c701f48020b4

    • SHA256

      ed83d2aecfeffc6669905cf72bcf0cb34ad5f7a7b024087deb65515877ca0cda

    • SHA512

      52c4bf30d0361fa9cd53cc882630beec03170a836a6961efec8d8c3d04093b9c1457e6b307a49d0ba0b909fb628e8861128d707818171806ac7166ee4692d4f4

    • SSDEEP

      12288:YJtRwB4dni6SjwPfElCQLzLHP4aZnda1v/ggJWerCd7cBlCfqJjxDDUPWjfy4zsu:A9ijjwPcCgw4M/p5DQAiAiausSU2s6G3

    Score
    1/10
    behavioral5behavioral6

    • Target

      Kernel/PPStream/Livenet2.dll

    • Size

      1.2MB

    • MD5

      6212fa58f5b6fca810303f5ab306f3d9

    • SHA1

      b7d4f8fb5c2f925853c438bf5c85ee9caabdd4e3

    • SHA256

      2a6050144d264d679ce5932d9177897efc8effd280909320f2c9caf0a9462cbe

    • SHA512

      f195bfc94f1fb1970e710c95354d6a561278f618eba94d2ea28af37af8ca6990f2e600315b091acf7db146a560ef291b3d05c1a76a1497d4bcf29a0f0157cb7f

    • SSDEEP

      24576:U1rBpsBBc4hhueHCpAx8+XV/2hDoWgf6xVpacRYbIVktfxmnW6FVbi:orBp74hhueHCp28+XV/2hDBgf6H/mptd

    Score
    1/10
    behavioral7behavioral8

    • Target

      Kernel/PPStream/PSNetwork.dll

    • Size

      341KB

    • MD5

      9ff3c6362b6fc605ce8dd892ea564f04

    • SHA1

      fa0ec08bb73ebfbbe090dc30aff5a7ea096fc307

    • SHA256

      52fcc4c94a7cf525dedbde34ca7db7f725a6bc589a14d8b738aff2feac2ffa08

    • SHA512

      f10ad982ea9dd201e51b417d6c7409b019d48f0292ebc386ccb775ec739b3814b6228df8c7fb0abc39022807c7a2bc3affd9cf52f7d58ae7bf308d3d6e04d8b2

    • SSDEEP

      6144:0Q0togHr1oI2G2whwL0QVkccSrmYIfU73lB53MPkx2u+:t0togHr1oIoWg0KxcvU73lTUr

    Score
    3/10
    behavioral10behavioral9

    • Target

      Kernel/PPStream/PowerList.ocx

    • Size

      557KB

    • MD5

      6f1ab7d5d6b8a499cfaa13ef5589928c

    • SHA1

      b6ba02723b6730c28cb30bc226e581d4fe1ce52b

    • SHA256

      e3eb55ec4b2a41bbf2a68b176969790d7e286e53f43f6df596fb358805414384

    • SHA512

      ff3ab490e78ea79a943a280907c22730b242b6b91676b7d82bd774170cd2d65c0f822b4946d5db263f96350f91d7f0b898f4763bf26193b821cb93e62f05d6cf

    • SSDEEP

      12288:dcKb5ZqwcxduaFVSbW+Z058ygllLLI5hiWBYcAAO:dcKbLq1FsbWPKygllLE7NZAAO

    Score
    1/10
    behavioral11behavioral12

    • Target

      Kernel/PPStream/PowerPlayer.dll

    • Size

      917KB

    • MD5

      9599813dd829151c8789c57c6d51afcb

    • SHA1

      9f51eb0e576717fe747b6b84218ffc1b1904633f

    • SHA256

      36e92b44981a51fea32a8075ffe6dc2661295f06d6ae8970eb185714f0b11727

    • SHA512

      b230a25814d06f204a14f7b28597f30827c885306d81458b13fca06aac69ab375f0174d0c69c43f073bd4a98a179475d7cba6076c322a6b86291f9c75ac0272e

    • SSDEEP

      24576:lVzwtjKBWdR8+hVouXqP9NpU8dkIurEGLdyxajI6:lV0KBWdq+hVouq9NpVkIurpUxajI6

    Score
    8/10

    • Drops file in Drivers directory

    behavioral13behavioral14

    • Target

      Kernel/PPStream/fds.dll

    • Size

      297KB

    • MD5

      624683126e3cc9d4f134007543ff820e

    • SHA1

      6da7e2d6119229555a4db65db63753ecf6816e45

    • SHA256

      090ee1571a8c07ac59709ba7de4525f1508126020c324d31d5f500df1a635bbe

    • SHA512

      a22adbc1af1cfb777506a3e85dbf915cb46078d7b03f6f9a5799dfafda9544c497bf69443ff66adaab53d5a202864b9deafaef8bc5d33e0091bb7f0ddb3ce2fc

    • SSDEEP

      6144:bsIji3vkLd221lr0Ey9keoCzSOo5Pm//lIG5:bsf3vkLd2sh0ZeeoCzSOodG5

    Score
    1/10
    behavioral15behavioral16

    • Target

      Kernel/PPStream/pp2play.dll

    • Size

      192KB

    • MD5

      7791035a57a5c4d54b88fb22ef7204c7

    • SHA1

      f55c9dca739eb9cdd9dfe42418b4cf9f351f8837

    • SHA256

      110e592c241aba9ef388796fc40fa6c0dbb7d95a8bb5433f2086651b208c6b80

    • SHA512

      f726c91fc4d4dd7046c2c3d07e873de5e05de523825a060fa376441c421e5f99562dafddc5861f0f75dc9b040463feed33eaeb17567a0d30d70f58030139b030

    • SSDEEP

      3072:Of5d0X4tYM96H+QiGwTsz0Lt150XkllctdAMt4K:ORXt/9E5iDsG150ttdAg

    Score
    1/10
    behavioral17behavioral18

    • Target

      Kernel/PPStream/ppsimage.dll

    • Size

      339KB

    • MD5

      8c72ccfdc2433978491b3aa7464e6fdc

    • SHA1

      8bef1052ae35db4583add9a8f1044904788fc0de

    • SHA256

      94e0ba93840a54508f098ef43aed4fb01f661606141223426d069a00d65b7fcd

    • SHA512

      0e76a8b3993fcb5e707b769f3dc7962e2e50626630ae2940a43a77d2c3883faecebea6258e5ef36b500db42746d36c6d98e72c54b3c95d53d21edaddd3bcd10e

    • SSDEEP

      6144:GqHtla4kOJ+VsV1xWmf9Pz4Nw2PvM7DRxmew2v6wV5wimWTBKLVZVsHI:GqHt+c+Vm1xWMPwKR16yQWTE

    Score
    1/10
    behavioral19behavioral20

    • Target

      Kernel/PPStream/ppssg.dll

    • Size

      153KB

    • MD5

      6cf88e7279230a0b7dbbc0c16973e3a5

    • SHA1

      13c1fb4805a274acf6067ba2c47c5835926ba176

    • SHA256

      007dc966aa1882815d9752532005e11e2fdda207a53804506f18a0ec8d228965

    • SHA512

      87a14c976e3f2e7338df0a8e5e290982419186dc89e4f08792e6e5fe97b3e070833bbc8b4102f545707aec0aef8be7eeecf7efc7ea2ef6ba3fe2b87b6e19df4b

    • SSDEEP

      3072:UNqZDt9k2iBehCsL9XH4k2aQqxbN3By/EkBm0SJ2lj+gYE:UNQDta2iBehCsLNH4k2aQ0hBQBlx6E

    Score
    1/10
    behavioral21behavioral22

    • Target

      Kernel/PPStream/psclg.dll

    • Size

      294KB

    • MD5

      287f8f7cc76615e7852f717d5c9c9124

    • SHA1

      22bb76b180a9743b4c324c9aaecef72ea7957057

    • SHA256

      24e726b188345067350083465bf3c24f941e85b01c2529802c3508bc73bcd17f

    • SHA512

      4f9c59e57de0db4443ba418845a0455246526d15ee0615c79fc27df56ca6df460fb0e06ab94a3c9f938736daca253d8e4cbc1c266af13716680d7083f34ec907

    • SSDEEP

      6144:n/PAePFesdZeIkH1AifeKsQEBhnffeyfsRqHQTB/3BRuaR7I:n/PAePMsB4ednBhffeyfsRqHQT1uG7I

    Score
    1/10
    behavioral23behavioral24

    • Target

      Kernel/PPStream/vodnet.dll

    • Size

      969KB

    • MD5

      3382daf7830ad1f99668dc8586cd2cb5

    • SHA1

      f7df9d6963d6bd8244490343f3e936d80303ce1d

    • SHA256

      385fc9329a09bfa0f10595b81747221c2255a5541fce7ea09a1f24e0de6ea2c9

    • SHA512

      79dfffbe2e8d4d49c782c5b9a6bcd98a52a3fa90e9eacf5315526e0f49ab99df9aea0447a4150e0351a0b413dfe570f2f807dd144cff5063d1c02ddd2989ae5d

    • SSDEEP

      12288:tY/bZkDaztiA2ULuJ0xL5MLkMoGpYJcJXItQlhNddrZ21/R4y1XlYXunodfU/Iwr:KeUeoGiJoldraRoUgbZRKKvNlvzXrU

    Score
    1/10
    behavioral25behavioral26

    • Target

      Kernel/PPStream/vodres.dll

    • Size

      377KB

    • MD5

      8fef394fe6e391a20fc0de77dafbd50b

    • SHA1

      7c43af316d22cdbe83cb8cbb24ff394ae426ad65

    • SHA256

      274d9bd46a73f1be410aa40297ba122fb19ce022dac0ad003a75cad8b659995e

    • SHA512

      e9002f17fe0eb24c3a6ec70363f042e309166d49dc5419d0adc06a7b0d5488d025d6fa07a2d4d13e4da622d8a24b5401aae8f2446e88e00e8f064b8abfdc661c

    • SSDEEP

      6144:iGFCZPJD0HvWlBGs9AcE+Z7ClDnLMIhGe7/J4rS1PhBO638rNOy1Aah4E5w1UKU:iGFCZPJgHvWlBGsucE+Z7CVnLMIhGc/g

    Score
    1/10
    behavioral27behavioral28

    • Target

      Kernel/PiPi/JfCheck.dll

    • Size

      218KB

    • MD5

      b1de8a963512abc61cbf3b33cfcc6a0d

    • SHA1

      622eee50f1bd8be28eb7bbf958cb19ec3c5e2143

    • SHA256

      c70a1e2b03f70ca4ff4088eec65a25e5b37accd5e2b0dc50bbe7b57e397c94d2

    • SHA512

      d9c53cdbf076a828586d86ac1f303a302a72e90c166cbbecdcd8756c7f21353090b2818dee6ca23f72e25f13f7c920e0b0d2b63371c9bada599b32f333564734

    • SSDEEP

      3072:D267bQFninpqIRfdJSmkXvcpsAg4JLHaBp4yJ3TBfCTJX5t5RnI19gXqZcbbN:SssFninpNdb76/AgCRgTBq51R2LobN

    Score
    6/10
    adwarestealer

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral29behavioral30

    • Target

      Kernel/PiPi/KmBugslayerUtil.dll

    • Size

      25KB

    • MD5

      b81c426c5cf1e529cbe740237a87f33f

    • SHA1

      eeae32c6916e18a15f33df4820684818c74ffa55

    • SHA256

      e2c8764c4b352f4d33674b0e86208833bb8e8b86bc2980d844472d8420105922

    • SHA512

      05f75ec8ec8d20a6588c85036e475b4cdf7ba94b0ec9456a2e20d5f833c9cbdd77f668f5b2bc88abcdc4deae6c2b45bccb6573fb0e11ab87050b7b56cb41f2a6

    • SSDEEP

      768:EdwgB11lgtyiiuizl3JNEsaHjLeITLL3wBuPItoRi:hwjgFy1JNEsaH/TnAfyR

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

Score
7/10

behavioral2

Score
7/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
8/10

behavioral14

Score
8/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

adwarestealer
Score
6/10

behavioral30

adwarestealer
Score
6/10

behavioral31

Score
1/10

behavioral32

Score
1/10