General

  • Target

    047cb95963448a8ffeaee1f40f22be6e_JaffaCakes118

  • Size

    7.0MB

  • Sample

    240620-kswaksyekg

  • MD5

    047cb95963448a8ffeaee1f40f22be6e

  • SHA1

    d20271bad47dd4ce6855f9e1956e69a02a4fbe48

  • SHA256

    5f15c3b043ba6af64e0d0665f82ef90cb6b9d3399be47c13678746051c106622

  • SHA512

    7ada52d073e3ac0dd94c87b041cfc8e9a41131cd1b7118b57452d5ab793b50aca86b8612c99909bb36e09c0c1f906bfdfdff4727a19fa4c80414407c3d73b121

  • SSDEEP

    196608:8IYeS/0ECjgmbHoIWrtsNEgwUtfn/4MDQYZm:g/6gmbvN4oDNZm

Malware Config

Targets

    • Target

      047cb95963448a8ffeaee1f40f22be6e_JaffaCakes118

    • Size

      7.0MB

    • MD5

      047cb95963448a8ffeaee1f40f22be6e

    • SHA1

      d20271bad47dd4ce6855f9e1956e69a02a4fbe48

    • SHA256

      5f15c3b043ba6af64e0d0665f82ef90cb6b9d3399be47c13678746051c106622

    • SHA512

      7ada52d073e3ac0dd94c87b041cfc8e9a41131cd1b7118b57452d5ab793b50aca86b8612c99909bb36e09c0c1f906bfdfdff4727a19fa4c80414407c3d73b121

    • SSDEEP

      196608:8IYeS/0ECjgmbHoIWrtsNEgwUtfn/4MDQYZm:g/6gmbvN4oDNZm

    Score
    7/10
    • Loads dropped DLL

    • Target

      $PLUGINSDIR/FindProcDLL.dll

    • Size

      31KB

    • MD5

      83cd62eab980e3d64c131799608c8371

    • SHA1

      5b57a6842a154997e31fab573c5754b358f5dd1c

    • SHA256

      a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294

    • SHA512

      91cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9

    • SSDEEP

      384:1NWlNdqdAnhTKMLE2oIM05fnqCiWg3Yy9kflIinokN:1NWtqdihTKCldkYwkdpnoy

    Score
    3/10
    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      12KB

    • MD5

      1d5c649dde35003a618b9679d5d71b92

    • SHA1

      0409bbab3ab34f8c01289cdd847b4d1a32d05b18

    • SHA256

      0f4d3cee24e3f310fa804983c931d3628613988a24f0be7854f63a9309b8e45f

    • SHA512

      b432ebcc52905662d61a3f17e08e209a3f9d836a9071b3b5e80070af7ebcf34cf66c44426dda041c2a258fda4787e5692e2b35acbcd73288fb84fe3c977bbfd9

    • SSDEEP

      384:pKlm7i+c3QW6ckPhyDEaLnA2bbBBIXwZ:8qi8BcyhEhLBbbTI

    Score
    3/10
    • Target

      $PLUGINSDIR/KillProcDLL.dll

    • Size

      32KB

    • MD5

      83142eac84475f4ca889c73f10d9c179

    • SHA1

      dbe43c0de8ef881466bd74861b2e5b17598b5ce8

    • SHA256

      ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729

    • SHA512

      1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1

    • SSDEEP

      384:3rYz6grZodORNWATt4TBmlk5ooyzFh7BukAUdJoUtSOSR:3QggDWATWNCFh7BNddJoxO+

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      4eff5fafd746f5decb93a44e3a3d570c

    • SHA1

      a11aa7681b7e2df1c7f7492a127d332d1495ea8a

    • SHA256

      cf61ddd15d63c25a12caee70f51ea736cfc02195c42e56ee01b33f689d3754c5

    • SHA512

      cde82d2a1f28506e4c2264f6b82017a00af32f138ebcdbaf4cc58463870fa626f708aa57465294c5a6f096c886841e7b9112b85bf3ea2f1d8f2da816b51b2d72

    • SSDEEP

      192:0OycJo/rJVCmIDNLU0dq5RD00lspbub76yL:6/QQ0d0RD0USq/6y

    Score
    3/10
    • Target

      CheckUpdate19.exe

    • Size

      234KB

    • MD5

      461e404d3c462dbac1a60c70360d9885

    • SHA1

      8b205adc92dcdb87970217022bb4a74ef7d9fc27

    • SHA256

      f1e11e622e9b97acda9da0486f7df70e2165f2c3fe4cfcde30d56ee99995ff62

    • SHA512

      c14986985da63b2dc09e26d47eafd344902eac8826afc8caa896635523cdbaf066f45b69df0e67f91fee1209647c6934b5dbd01f8783944a43b36c75d7a2d0a9

    • SSDEEP

      6144:GOZ6LKiDOnKfaW95DUcvlu7rfijrCFg98+68xd30e1:Ge6+iw89UAlu7rah8exdT1

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      Res/About.exe

    • Size

      160KB

    • MD5

      f848c7d03762504d47275e07eaba281e

    • SHA1

      0ecd46e2bac640350d29436887742a663cd8fcb1

    • SHA256

      197554ea304afeb829e779060180fc7737b528deba67ef800a5d57efc7fad73d

    • SHA512

      568c39425e5cc7dace10cd31ffe06a0f425e10fdb05636aa32bbd1b1d105e6dff6518a662f791c6dfcd0c108aa8c5f38c4e317fbe14a0f9ac1bd88ba64cfd826

    • SSDEEP

      3072:1vcXloDBzm8VGcUl0gVu7xUm1D0Ja0a/sOHl/S9z3jYsAZ3ALZLfS:1vmluhm8VGx2gTm1D0Ja0KsOHl+Tn2Qd

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      Res/GetColor.exe

    • Size

      163KB

    • MD5

      0d842d31bf6b98ae1eb7c61c94a6e2a6

    • SHA1

      1d32d51c53a8185aee74ca83020a1d42c1eb2916

    • SHA256

      4b05f9d4e5a004b184d86f825be206539dca214bdedbac3777e1d8facfa60088

    • SHA512

      ef4c40353f320c1b6715b4bbaea0f6d87b94f33c0a72bca5d296a7b2c7e9b74bc9e9fc129c8b72fcc31e7ec77f1360dcf068e208f4cda5dce454869335349217

    • SSDEEP

      3072:DapkWZrqqHI3EtiO2YRtvjpDQy0zCfL8F52Q+UHE/y5D8TSpnRSeMdJo6QRi6c:DapkW53IUEV4DQy0zCf4L2nUUA8TAnRJ

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      Res/GetMoreWidgets.exe

    • Size

      273KB

    • MD5

      544b84d547666ff9ffab9fbe848e6c23

    • SHA1

      256b725e3d378198a40c21428b37740a7e488fc2

    • SHA256

      4c7291266794fb217113aef41582da11aea7779c6d02a64836d6681bdfa3b60e

    • SHA512

      2592892bd0147088b24e390f24b7fbb1198ddc349bcc8a40a9b7b1b0a6e3087db37725c76c4196aa22b75e72e442ce8229373d62f5d16bda4c3b4fca8b543cc1

    • SSDEEP

      6144:Ptob+U/k9NdeRfvRieo/Ot2P7jots1pdcNW4prqWZci:Pub+0vR1wPpZQWwu

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      Res/WidgetDownloadTool.exe

    • Size

      246KB

    • MD5

      3a6bffe3d106b5ed86070d5998f55fb5

    • SHA1

      75716c1a9ebd86f15c9538a01f03364592770ea8

    • SHA256

      e3ef9a3bbd5ef58500b67f12e5f2debef1c2fbfeb61ba9da983c7e6a10a9d35c

    • SHA512

      d1a9e0386445596958de94e6c4938ef4773d55f3a191162c9bcdfa813b5a80e8452d5c2ab3091fb1b352cb53c935544b411ed9ea12afc009c1af61faf63a6202

    • SSDEEP

      6144:2p+jDTEh1kONSSu8jJdLVhrkEsxY3T4B0RH4B+Uin1:2p+fQ/7JdJhghxY38CQ+Uin

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      Res/dll/XDeskScripter.dll

    • Size

      1.7MB

    • MD5

      5f35eb0de5324784f6490aec779f32d0

    • SHA1

      b740f2c1473279936a93612b7056085694c5145d

    • SHA256

      36943fef4e94172e61dade2bc710c8cc29e0df409df37836e7a8ad58a6ac5186

    • SHA512

      82c6f03027341dc319aa22d9dd788fd1f4890e921e52c7a070a067ee13d8263d8284a591ebf52224903b52729c6d5d60d3b69713f1d304681c369b5a33bf8d1f

    • SSDEEP

      24576:WQYLcP5hoqwlp41JXJjVus7r7LXNzD07IvizjwjHn6h3D8P56ovfn5co:WYhCp41JZj3vVjyoB6a5

    Score
    3/10
    • Target

      Res/dll/wdgtm.dll

    • Size

      19B

    • MD5

      8b7b208236f5fa1eaeaf23cbcf7a3054

    • SHA1

      fff893bbde31929a01b45e6b6a35352ae05114b5

    • SHA256

      f0d887a11dc0b14bd93f617fb9c16fbd021af6b22935ff4b8ac2cbbd1496aba8

    • SHA512

      4ac472d54a5f589422a6fbd64467818453b75cacf5344b24af979d6e136f3fa0f40197e2e42499814e7fd3ab151d26cbfa0724c42c8edca20f53c185bdf8abb2

    Score
    1/10
    • Target

      Res/widgetdownload.dll

    • Size

      183KB

    • MD5

      e248cd1d10450f289e7c8657b1f61ec2

    • SHA1

      e6069d4926814a33686199f53b4f8a780489db4c

    • SHA256

      975f5887616b45148d224a71f243f0c685c517a4de93a4d35062533bc3f62951

    • SHA512

      e88ab6fd6c4f942c0ee1a491209997728f926fef56644b8ebbd3eada38539550c815bd4ce196b7d55cb96cce1f20e144e1961ba9827fdd75097536266a5e80d2

    • SSDEEP

      3072:AAgTTpeLIKiOzm7g+C62oS3royml0hTeZQcXn5+s+lcpZT6gvua6T:AhTTkcKiO7J3tN8nIs24Z2+ua6

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      XDeskShow.exe

    • Size

      509KB

    • MD5

      f8d63b0f5ae9c7391a4f93f84a67ef7c

    • SHA1

      9bd3950a8a67ef2ff4e558dca151a0eb3404c7d4

    • SHA256

      f25d75531c85f4fd098b9a3bf280e2f240ba068448aa13e382199d74ca3c0de9

    • SHA512

      2e3f7b06e6ebb330a63aeeb9b80c577bac12c2ec4ff2198116fd253289ecff956ad595b56d4c36bb35239a0dfce8d8419d5120265ee34720b53089edd5616475

    • SSDEEP

      12288:ERZhqKJEEv1PkhnBFLK9GPHXo1230UXCa0oR0:ERZgeIF2uH4830l9m0

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

    • Target

      license.rtf

    • Size

      35KB

    • MD5

      27bcc2734b1367ab36cdd0bc4d49c106

    • SHA1

      a29bb8f5c1fb6d2bae70739da1a4a0bc9f8fdf58

    • SHA256

      f92ce500e39cea1f1b14570ec0725c783687cdc446af28573a6eda969292c4a1

    • SHA512

      023d80ece729fd579e155baf67fcf57bb9e2ea84f95e2fa540bd58c9b72d49c2ffe0554adda9d679addb45382e5fe0bd21dba9e445bbf991b6641f9f27c7b141

    • SSDEEP

      192:znDuwsGVn836pyPfy6TyEA6VGooewPNY04w9OiZXh675ieym7U3G+WR/adOM/zsP:zDulo+KF/pG9U3qadOjP5Ke4E

    Score
    4/10
    • Target

      setup_bd.exe

    • Size

      373KB

    • MD5

      a7978189da9390a2d1cdf630930761ee

    • SHA1

      925f94514fed17d4540cc358564ff7943bd73b23

    • SHA256

      bf3ec86ed4839f6a19ea46c4d8f87c7cd9a91a8621bba291eaf425999d167679

    • SHA512

      879d3e142ca9816c54cfccb8f2cce83b28cda1867d12bcaac49d1e7049246f14039c244b0ec910d988ec611fbfa136bfd1c6eaaf2388886689e2e3e2267e075d

    • SSDEEP

      6144:LhF2fYHwWb5CDM5hZLWbQKUaBzgGeIj5wKYd1bFhujerUaJv:lUDi8D0MtfBsZk5wpbFlr1

    Score
    7/10
    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

static1

upxaspackv2
Score
7/10

behavioral1

Score
7/10

behavioral2

Score
7/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

upx
Score
7/10

behavioral12

upx
Score
7/10

behavioral13

upx
Score
7/10

behavioral14

upx
Score
7/10

behavioral15

upx
Score
7/10

behavioral16

upx
Score
7/10

behavioral17

upx
Score
7/10

behavioral18

upx
Score
7/10

behavioral19

upx
Score
7/10

behavioral20

upx
Score
7/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

adwarestealerupx
Score
7/10

behavioral26

adwarestealerupx
Score
7/10

behavioral27

persistenceransomwareupx
Score
7/10

behavioral28

adwarepersistenceransomwarestealerupx
Score
7/10

behavioral29

Score
4/10

behavioral30

Score
1/10

behavioral31

Score
7/10

behavioral32

persistence
Score
7/10