General

  • Target

    044c89deeeb8702d9e7d6a8c13675a88_JaffaCakes118

  • Size

    1.5MB

  • Sample

    240620-j6swyaxeqc

  • MD5

    044c89deeeb8702d9e7d6a8c13675a88

  • SHA1

    66d9f40590ed19af2fac0f2a9dfbe20eaa1db0e4

  • SHA256

    6de5093e6e65d25cd2b810da839168167b46d10e850ff25ccf0768ceb652fca8

  • SHA512

    e02fbaf038391df2eb14d6ef67f68f26a8c07a74b951e9291043983b92c288ffd0fee1cc3568ead006f08113f092f04aedf6061423a2af923f975c17da7667d0

  • SSDEEP

    24576:Mikhaw92oZpMe6tgu54sEzpoiqU/BRhRnLR3tt1e+er4XkLy0Zlq8HHRriUoVV/:MFhauZGeUgu54tqOB7Bj2+er4XS9n6v/

Malware Config

Targets

    • Target

      044c89deeeb8702d9e7d6a8c13675a88_JaffaCakes118

    • Size

      1.5MB

    • MD5

      044c89deeeb8702d9e7d6a8c13675a88

    • SHA1

      66d9f40590ed19af2fac0f2a9dfbe20eaa1db0e4

    • SHA256

      6de5093e6e65d25cd2b810da839168167b46d10e850ff25ccf0768ceb652fca8

    • SHA512

      e02fbaf038391df2eb14d6ef67f68f26a8c07a74b951e9291043983b92c288ffd0fee1cc3568ead006f08113f092f04aedf6061423a2af923f975c17da7667d0

    • SSDEEP

      24576:Mikhaw92oZpMe6tgu54sEzpoiqU/BRhRnLR3tt1e+er4XkLy0Zlq8HHRriUoVV/:MFhauZGeUgu54tqOB7Bj2+er4XS9n6v/

    Score
    7/10
    • Loads dropped DLL

    • Target

      $PLUGINSDIR/delay.dll

    • Size

      20KB

    • MD5

      215c1893e3256fb90e60b7544034964f

    • SHA1

      4095c6963194d5e0d738d0c7c2da2bd943c260f7

    • SHA256

      020431d04975ec2742921e0ebc6d6c25d7d33147e23979945546e77ada25c27e

    • SHA512

      7eecc83c8752b3531f7a1784aef055f7462f6bc186442012f7b75b4ce143160c1e4f317cb8927e8ad69bd9ef70ffecef5d4195025e5b058727567ad2c856dfb4

    • SSDEEP

      96:PQ0iukkmFO9+R/ckkCN3jPp6OAVGsJ3s6E3qLlz:Pbifb105C5wOAVrE3qLlz

    Score
    3/10
    • Target

      $PLUGINSDIR/installoptions.dll

    • Size

      12KB

    • MD5

      1d5c649dde35003a618b9679d5d71b92

    • SHA1

      0409bbab3ab34f8c01289cdd847b4d1a32d05b18

    • SHA256

      0f4d3cee24e3f310fa804983c931d3628613988a24f0be7854f63a9309b8e45f

    • SHA512

      b432ebcc52905662d61a3f17e08e209a3f9d836a9071b3b5e80070af7ebcf34cf66c44426dda041c2a258fda4787e5692e2b35acbcd73288fb84fe3c977bbfd9

    • SSDEEP

      384:pKlm7i+c3QW6ckPhyDEaLnA2bbBBIXwZ:8qi8BcyhEhLBbbTI

    Score
    3/10
    • Target

      $PLUGINSDIR/killprocdll.dll

    • Size

      32KB

    • MD5

      83142eac84475f4ca889c73f10d9c179

    • SHA1

      dbe43c0de8ef881466bd74861b2e5b17598b5ce8

    • SHA256

      ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729

    • SHA512

      1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1

    • SSDEEP

      384:3rYz6grZodORNWATt4TBmlk5ooyzFh7BukAUdJoUtSOSR:3QggDWATWNCFh7BNddJoxO+

    Score
    3/10
    • Target

      $PLUGINSDIR/nsWeb.dll

    • Size

      8KB

    • MD5

      84bcf3c71e70d5a6e9dc07d70466bdc3

    • SHA1

      31603a1afc2d767a3392d363ff61533beaa25359

    • SHA256

      7d4da7469d00e98f863b78caece3f2b753e26d7ce0ca9916c0802c35d7d22bcf

    • SHA512

      61aefa3c22d2f66053f568a4cc3a5fc1cf9deb514213b550e5182edcecd88fadf0cb78e7a593e6d4b7261ed1238e7693f1d38170c84a68baf4943c3b9584d48e

    • SSDEEP

      96:9E1ZgHfHizBkiz1zCuNrwXTP8Jx/N6SCMeNV37bnwXwPML/bUdut5tCsPb2N6nOc:9E1ZkGdbiSCMeNN7LwAY/gd+Oc

    Score
    3/10
    • Target

      $PLUGINSDIR/nsweb.dll

    • Size

      8KB

    • MD5

      84bcf3c71e70d5a6e9dc07d70466bdc3

    • SHA1

      31603a1afc2d767a3392d363ff61533beaa25359

    • SHA256

      7d4da7469d00e98f863b78caece3f2b753e26d7ce0ca9916c0802c35d7d22bcf

    • SHA512

      61aefa3c22d2f66053f568a4cc3a5fc1cf9deb514213b550e5182edcecd88fadf0cb78e7a593e6d4b7261ed1238e7693f1d38170c84a68baf4943c3b9584d48e

    • SSDEEP

      96:9E1ZgHfHizBkiz1zCuNrwXTP8Jx/N6SCMeNV37bnwXwPML/bUdut5tCsPb2N6nOc:9E1ZkGdbiSCMeNN7LwAY/gd+Oc

    Score
    3/10
    • Target

      $PLUGINSDIR/startmenu.dll

    • Size

      6KB

    • MD5

      5aae8598d8b53bcec81d8e8c8a6732f9

    • SHA1

      d071fcc74a107c7d7bc5a493d305b00976b07464

    • SHA256

      be3f03c07be54354b8a9a30a8c0ac384f43c245c9b95ed1025549c76642f3fb4

    • SHA512

      d20af152b9d1903cd9cd0ff584f14f95ee69cd7149c9ef9369257d08659d1a7ab5860055b39ebd0ead67cfc31da2571175623a5676116ce999acea2b7a643c1d

    • SSDEEP

      96:VLJdRZk8OkmE+WHw0FMXF6CWhFxKpKsBQhEfP0:VLjPk8OT30FFAmCP0

    Score
    3/10
    • Target

      $PLUGINSDIR/system.dll

    • Size

      10KB

    • MD5

      4eff5fafd746f5decb93a44e3a3d570c

    • SHA1

      a11aa7681b7e2df1c7f7492a127d332d1495ea8a

    • SHA256

      cf61ddd15d63c25a12caee70f51ea736cfc02195c42e56ee01b33f689d3754c5

    • SHA512

      cde82d2a1f28506e4c2264f6b82017a00af32f138ebcdbaf4cc58463870fa626f708aa57465294c5a6f096c886841e7b9112b85bf3ea2f1d8f2da816b51b2d72

    • SSDEEP

      192:0OycJo/rJVCmIDNLU0dq5RD00lspbub76yL:6/QQ0d0RD0USq/6y

    Score
    3/10
    • Target

      $PLUGINSDIR/textreplace.dll

    • Size

      6KB

    • MD5

      2c50b9443f7964fcf3a3cb8e9d05aaae

    • SHA1

      16221ad7e65e696531408875cfc9a1e1cdf2c33d

    • SHA256

      023334022250071efc6bfe5fa67704ea971eb0007fda9c4b9fb92df16cfde29e

    • SHA512

      4d6ea4141a68140f93736703428cd44962234c314e40dbfb11390bf3aa191fcea057c22e5a34422fefafa19d499cf50381160212986cd4e5a7fdf027f7f4a0a3

    • SSDEEP

      96:VyGX30PlRxQfRCPnaaF4hWJYd4DgxiBRVlYv:cBlRufRCPaaF4pd4DAiBR

    Score
    3/10
    • Target

      $PLUGINSDIR/time.dll

    • Size

      11KB

    • MD5

      4b1d347d9274af9ce986fc94510e8bfb

    • SHA1

      fa433988760655a97ed44dbfb705ddb72d241569

    • SHA256

      1c95542372399593b4140b4c86385a441a095546954cf237cda3d09d14354d70

    • SHA512

      577f1142cc8085a52347fea505c8d1eab8b2c429238899ff63ed94d2e6fb1662ab3ca9f7b68f7454ffac43c525ae4de58c9bbd9a8b2ce7d6c481d96b72859dc9

    • SSDEEP

      192:oNLwTnfu/972naHpZnasamcn/baTa5YbveFumiBRWpA/E:oNLwzuZ2afa7mcn/+W5YzMcMp

    Score
    3/10
    • Target

      $PROGRAM_FILES/Baidu/bar/TempData.KGB

    • Size

      584KB

    • MD5

      0c8ed82bce60e5e2860d9daa28289267

    • SHA1

      5ea9dcfadc426463c51e0abfc736a42dfc31f3e9

    • SHA256

      89bc3949eb1ab805b49f2699f0623796997ba7bf0f5acf9402f90ae5cd630d13

    • SHA512

      2a6b90d1ee12d88a9866b774de5b52b329beebbb9ce0c1655455020aeaddd0824cd3c38804e76f777b81fa5b149744b392ea8f904ba2eb71c6db779a0ef85830

    • SSDEEP

      12288:iIS8w5m7/8D9eaX2E4M+j252A2dITSfHe:iIAwwx4M+i52+

    Score
    7/10
    • Loads dropped DLL

    • Target

      $PROGRAM_FILES/Baidu/bar/baidubar.dll

    • Size

      584KB

    • MD5

      0c8ed82bce60e5e2860d9daa28289267

    • SHA1

      5ea9dcfadc426463c51e0abfc736a42dfc31f3e9

    • SHA256

      89bc3949eb1ab805b49f2699f0623796997ba7bf0f5acf9402f90ae5cd630d13

    • SHA512

      2a6b90d1ee12d88a9866b774de5b52b329beebbb9ce0c1655455020aeaddd0824cd3c38804e76f777b81fa5b149744b392ea8f904ba2eb71c6db779a0ef85830

    • SSDEEP

      12288:iIS8w5m7/8D9eaX2E4M+j252A2dITSfHe:iIAwwx4M+i52+

    Score
    7/10
    • Loads dropped DLL

    • Target

      $PROGRAM_FILES_COMMON/NSISLog/Lang2052.DAT

    • Size

      392KB

    • MD5

      6f7c5b0aa8efb062cc3bd02a322111c3

    • SHA1

      204fc1afe73a9571ea833787b2259cc84bb59781

    • SHA256

      ebc13d0a0e033ba82d6dbfacc1152fb3d9b7d3ee4836f1da5833a0c13ce04c5c

    • SHA512

      1acf42eb0dd3daaeb0cffb589c15844790109bbfcc29cd353a1cfed11f846c4b817342b62913589707c9e1888d22f613b4a341ff403f46393ff39717c2a09106

    • SSDEEP

      6144:WpSRTGEOMVBT5IpP1JKTHyjaymgiOtwNSF6Diukeg0kJ8XvaG1ynqmcI6:W6OvgMmPjc6DivTJ8/aG1EqmA

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      Lang2052.DAT

    • Size

      392KB

    • MD5

      6f7c5b0aa8efb062cc3bd02a322111c3

    • SHA1

      204fc1afe73a9571ea833787b2259cc84bb59781

    • SHA256

      ebc13d0a0e033ba82d6dbfacc1152fb3d9b7d3ee4836f1da5833a0c13ce04c5c

    • SHA512

      1acf42eb0dd3daaeb0cffb589c15844790109bbfcc29cd353a1cfed11f846c4b817342b62913589707c9e1888d22f613b4a341ff403f46393ff39717c2a09106

    • SSDEEP

      6144:WpSRTGEOMVBT5IpP1JKTHyjaymgiOtwNSF6Diukeg0kJ8XvaG1ynqmcI6:W6OvgMmPjc6DivTJ8/aG1EqmA

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      file,diz.thx

    • Size

      66KB

    • MD5

      77bd8e0ee1b801c9f546b5a7a6c5da5f

    • SHA1

      15f0e2a3c683b990bba6112e50e64d80f72b9967

    • SHA256

      8b7750316de4287d3b7a58a53ed7827ca47538959622d2924325e08bf1e17c2e

    • SHA512

      3f6ef1c1046366975f8f83a7467d9d06121f8e8ccf6254d0569910131c1699838aa6e6c35e9bf2d8b81e5b60d413a0a115fcfee519ccf72ef75939c1ca1fd5e7

    • SSDEEP

      1536:PC6is4dqxjrV+/+4uhr976ST4TBP3gTnAqwvmY:findqxjrVh1976SkxGAeY

    Score
    10/10
    • Modifies firewall policy service

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      pg2.exe

    • Size

      783KB

    • MD5

      214b5e18baaeb8b397a29e68dcfac231

    • SHA1

      0d6c65b4591fd08d1b3bb955aaf543cdac43e187

    • SHA256

      7cdd5bc733f47d2a8e57e19ecdefb11e320f4729bd4f9bf0d721bfd2b402c48c

    • SHA512

      dc233b3ef7d73fb8426e12445b02ee5fc2cc17ea9ace13bc12845ebdfc9ecd3b85b13e0fd4051f15be0037dc200ddd5b2da59ae78417d80698b152d91543c4f7

    • SSDEEP

      12288:Tpq1gdA9qZpVLBa5JGIGQvTppZmm3ySV5ScgACs:U5UZp505JRGQLp/733VR9z

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

aspackv2
Score
7/10

behavioral1

Score
7/10

behavioral2

Score
7/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
7/10

behavioral22

Score
7/10

behavioral23

Score
7/10

behavioral24

Score
7/10

behavioral25

adwarediscoverypersistencestealer
Score
8/10

behavioral26

adwarediscoverypersistencestealer
Score
8/10

behavioral27

adwarediscoverypersistencestealer
Score
8/10

behavioral28

adwarediscoverypersistencestealer
Score
8/10

behavioral29

evasion
Score
10/10

behavioral30

evasion
Score
10/10

behavioral31

Score
1/10

behavioral32

Score
1/10