General

  • Target

    060c254c36654b7bc83a99731a9d5e1c_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240620-pvb2yaxfka

  • MD5

    060c254c36654b7bc83a99731a9d5e1c

  • SHA1

    d10aae92afab39e9ee27ea058f36d586992f7ca2

  • SHA256

    ab8f1636fd3957f1f356b0fef153dbdf685f6d8488eb7919ca7f163c8cad5832

  • SHA512

    e32b8c6e5e12409747c8c7d100dcedad19dfabcba20d13456632afb3956fce553ffd8ba38912d111ddac5f2f93944d46af29a833c4d9737846c02bb09bbb61b5

  • SSDEEP

    98304:MGr8588OU+iAkadhJVcu2VP8lPhExAhWIux1hkY4NW01y6iWJNvYL:MGrj8OU+ij590PWrIO1h14c05NvC

Malware Config

Targets

    • Target

      XDeskWeather_Setup.exe

    • Size

      5.0MB

    • MD5

      03c4d9e300c3dab1cf24029e5326e2a6

    • SHA1

      d5f70523be2d32bb0d1c77f6865fbf59893be113

    • SHA256

      9b9d15109f6329aa25820174aab7c5b9f0f442574865d03b30fe1eb4b7ddb787

    • SHA512

      848c8c3d4cb7e5b061411cf09e39dee2fb935ea562d9140292cc1bd78baa234a95d08ef2f1d338fffe13c97c265a052230b70832ba63073653116046f2a740f5

    • SSDEEP

      98304:znAINB1j2AzkzCxWa2ixKpT9CbbtMXxw4RW1Ia3OkLmjqt:zAINB1iAznWtiU0btSW1zKjk

    Score
    7/10
    • Loads dropped DLL

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      12KB

    • MD5

      1d5c649dde35003a618b9679d5d71b92

    • SHA1

      0409bbab3ab34f8c01289cdd847b4d1a32d05b18

    • SHA256

      0f4d3cee24e3f310fa804983c931d3628613988a24f0be7854f63a9309b8e45f

    • SHA512

      b432ebcc52905662d61a3f17e08e209a3f9d836a9071b3b5e80070af7ebcf34cf66c44426dda041c2a258fda4787e5692e2b35acbcd73288fb84fe3c977bbfd9

    • SSDEEP

      384:pKlm7i+c3QW6ckPhyDEaLnA2bbBBIXwZ:8qi8BcyhEhLBbbTI

    Score
    3/10
    • Target

      Update.exe

    • Size

      400KB

    • MD5

      a9ac8a56749ccc5d80c124986a2a0bef

    • SHA1

      91cad89c13368e258a1420ce6fdcac6ba25c982c

    • SHA256

      4b4b03d245cac32135fea863c1088f59cd15c2fbd277f5ced54f1284a1889e0b

    • SHA512

      7b6a8f9ad7a6c7ac9c60e3531f2220691dadfb104c0370466823e93439ab5dff9ecca6cfb7548675b11849ae9fe41a4df307696eb5247b524ccbd4d60d469f6d

    • SSDEEP

      6144:4uznsnwmF8InNzQ6EsQloOF7wqW+PROhm9MtKuqV92i2c08WD1mgDMwmFxh:9nsn1nn5EeOW+pOIC3qVwf71mgDRmnh

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      XDeskWeather.exe

    • Size

      499KB

    • MD5

      842a79a517f370aa39673b33793b7296

    • SHA1

      5eb496aefbb27e06bb282cd26939f4a3b9679be7

    • SHA256

      1e54caa7a32a1556f9dc8a7c9cdf9a5a7f99c1f24d402ada2734552c3377a13c

    • SHA512

      f5c50e6bc51968539fb0ec5bf159d3a7a86ec790603b10d94804db9aa7266f0ce785933431310ad636de270040872c24e4a3d93b5f5df981d2ee13cd12103307

    • SSDEEP

      12288:OgWdtWrkPBhTZSrbsgPhMxgzaE3NAdQmG3:OgjrwD+f5Mxe73NAamG

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Target

      gdiplus.dll

    • Size

      1.6MB

    • MD5

      cdf5853178ed7f8d6623de8ec329a33c

    • SHA1

      7bdc270d994982e22bce8d5b994bd6da185b4a86

    • SHA256

      a18d814fcf6ed4ce37bad194bef77cc5e466c08b6467e82f0f4c518f4c84e50c

    • SHA512

      ffcf8ddc0f1653c282753f22a95c8ae8c7bde25154da48d0b3ac22ea28079e4307fd82846e22dae69c4b8819e71eb45b9a412cbb756457283df40b29b0edaf38

    • SSDEEP

      24576:9APRWt8eE7zOQTWaKi5lBoUWAP6qyVyiHfIeCtpy9lR3/8wHz5U1bo/e:qFhrLboUgqy3IeyulAsm

    Score
    3/10
    • Target

      license.rtf

    • Size

      26KB

    • MD5

      20c57a2bbbbaea5d10576ba14d9182ad

    • SHA1

      3d3da27464f039b50597eac247d61d128d883d8f

    • SHA256

      09aa07ee72cbc8811aa1a13bd7e9f5cf80c523c29b7ae1971da829598262cdf7

    • SHA512

      0060c7a6f215579cb60cb48cd7c90512d66e5f762c1f576ea0688c6d18d4acb3be7a79a428c5434d6c43748954d048564d772ef91353b405e9f241df54c7516a

    • SSDEEP

      192:hbxkocg97yPfy/vyEA6VMooewPLpN4w9+iZvZ6j5iey65zcGaKU6OfplK8/gwFm/:h1k+KTv5mKf7FmftR

    Score
    4/10
    • Target

      plugins/t7online_3_coolfire_v1_5.dll

    • Size

      168KB

    • MD5

      04b53f5e714130b181c5130072d1b5c1

    • SHA1

      888344e36156ff54078dd8fe873358d2e3bb89c7

    • SHA256

      28c42b747fc04d8c2574e0353032bce25e79cd8110d59cc6d3680e06111193d2

    • SHA512

      388e4e7e08b97abdf1a7c6b8664d996f5d2e7ed66dbd3fc3f2b5ce58fb90e5bd8a6ecff3e2dc62c47a9f868f722ea2fccb53e17cb5a83da0f8282a749f9c5c24

    • SSDEEP

      3072:lajeEe+4qKITl58cuYamgU2Tq7exSAUhuvcyIptQsPb1VTH/opdRkqJT+32z2BZL:la3e+4qKIfqYPJ7U+QLmPnTfoaIT+m6n

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      plugins/weather_china_6_Dong_v1_5.dll

    • Size

      200KB

    • MD5

      34412b9b82da96c61f39fedcd71efa7c

    • SHA1

      a35ecb755d0d0ff3cb0f184781065316307849c0

    • SHA256

      4376f91e0aa3a6b96b4e37094bf8b98877f97559734a188f464bc0507799a688

    • SHA512

      87c69b603dab681de0744f9da974c6c9b962a6d6436bdba69c3165d840575682e6f7998b68f0e7b33adcf9aa2a44d401c35afb2808390be49ce23ce62089f24a

    • SSDEEP

      6144:LJTDbQYFjgsizCBTy5fFibuTY2G0qyQjnHiRKIanJ:LJTXQYdJRSfMbr2dgIa

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      plugins/weather_sohu.dll

    • Size

      199KB

    • MD5

      1c10248a923a2dbd46e6db82ef326764

    • SHA1

      a6e34b3b2698face11e3d5481834908a1edbc156

    • SHA256

      71e891b7617451e9a68d26b24866ae95e14b8c17256876fba8a72aca8ce400aa

    • SHA512

      d22b2f95f8b0d84dd806c6369b9ae50763b8ff48ace85f0568439cc89c74c224c93778d27ad7331dcb7f10c1939643c3505c49c17dda54e9edd06f355fb05068

    • SSDEEP

      6144:aigAsVmUon1xxKPIitNvtgvmeRh6lia6M:tVsVEhKPIitN1geeRgc3M

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      plugins/weathercn_6_Matrix_v1_6.dll

    • Size

      494KB

    • MD5

      88aa64b8b4aaa17651c3fe4b6e81c516

    • SHA1

      6a43ec326ef7cc2b80d14978bab14569af8fbac0

    • SHA256

      f376121c82ab903f84064af57f18b5c9a46f049ef0e46ddee604b23006603706

    • SHA512

      d164492994f0e6dde5c5dd4156bcc44b428f82d41cd8fb85b3de01bc4cbed83b9e3d6f020912a0e806368c3b4493485e692525661a80874e66d25742f85484a7

    • SSDEEP

      12288:4VTHA5OePkBWIZABcYR2Wcp4pgcE+7za4aeY:ws5OtBWIGBvrc4YE2u

    Score
    1/10
    • Target

      setup_bg.exe

    • Size

      373KB

    • MD5

      a7978189da9390a2d1cdf630930761ee

    • SHA1

      925f94514fed17d4540cc358564ff7943bd73b23

    • SHA256

      bf3ec86ed4839f6a19ea46c4d8f87c7cd9a91a8621bba291eaf425999d167679

    • SHA512

      879d3e142ca9816c54cfccb8f2cce83b28cda1867d12bcaac49d1e7049246f14039c244b0ec910d988ec611fbfa136bfd1c6eaaf2388886689e2e3e2267e075d

    • SSDEEP

      6144:LhF2fYHwWb5CDM5hZLWbQKUaBzgGeIj5wKYd1bFhujerUaJv:lUDi8D0MtfBsZk5wpbFlr1

    Score
    7/10
    • Loads dropped DLL

    • Adds Run key to start application

    • Target

      skinTools.exe

    • Size

      696KB

    • MD5

      fb5a5666bebd9af4bf64155876f51096

    • SHA1

      477bf05ec7bbc2eefc484d111ff72de7ac1e73fe

    • SHA256

      808cfc762b6967469509198cd4d3e107a648df05c64e8829c67349329fae082d

    • SHA512

      92886c07fd7158ff258b306a14671c6238232bbe0f2ae85abf855c845dcda0cb54662c97fa52e47dea3e6c1c3e4e68bb274f0ed68a57ec82c3dc50c61d145d8d

    • SSDEEP

      12288:r2w6SKyK4S3ffzPR+TnQxmLeuVAGe3l3ZsSYm2Pyuij2zbFZ+JrsKxxlP:KjTd3ffLqQQry3ePyuFbFZ+JrsKLlP

    Score
    1/10
    • Target

      sogou_pinyin_mini_3275.exe

    • Size

      133KB

    • MD5

      72dab5a4a0621eb7f307faf958f244a0

    • SHA1

      68e510957c736f10613875281cdc58d3a15f10dd

    • SHA256

      406b4f545bce27137b3aea435928c5b53c7fca65366e1a16d382ac99dc90dec7

    • SHA512

      76b093d47f2a692633ef42bbc1d85a50e7b1b5ac26989b9baf85cf4ba23ec1aaf8a44a54644bd9b3aaecf1bb08a056d6ecb320757937b293136b5ffc290cbcc3

    • SSDEEP

      3072:CqugUD2v2Qx3SqCjuSGHCISF+jwS+XzvriKMtdXkAppbr:CqpIZASq0adSkjwS+/Wbr

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      °ïÖú.chm

    • Size

      116KB

    • MD5

      0d02d6242e36c0cf9f3d5ab2cfacb92f

    • SHA1

      f585481997326d094c9d91e7b788f0d8e45c960f

    • SHA256

      febcb40759ba20779d2253196fa28d69423ce8c9813484f62c6abe9b17b876d9

    • SHA512

      9602ec2b534d5f1f6d6e0785bb3e4599eef12910072feca67488a42638deef0c70749d04d4612e09c6a3e4267592eafaad5a7c2195ff995cc14dca67951398ec

    • SSDEEP

      3072:smRgrEEOGa8UrAVFYI4+4qPrLOfKt3jm65IoxSJQt:snEE9aLcFYI42rLkK3Pu8

    Score
    1/10
    • Target

      »¶Ó­·ÃÎÊ×ÀÃæÌìÆøÐãÖ÷Ò³.url

    • Size

      50B

    • MD5

      f7fd716c3e3f56838c6b2406e570dc18

    • SHA1

      bb3cf0e909958334dcf20fb538dfb170d5059885

    • SHA256

      c30f9b5cfd0180f449050ad19a02fe2746bed1ce8496f60984ed2032de6abd30

    • SHA512

      db198caa648f1b01e8a447344e63ab747bc22be58fc09736bc9762c3fc02fadde9ec8ef1b50208b95e0f6d23f3bafddd12d393f57b18f4bdd256da4bdbadacca

    Score
    6/10
    • Target

      Ð¶ÔØ³ÌÐò.exe

    • Size

      75KB

    • MD5

      cda06a7a40d449b8a12842151be4a22a

    • SHA1

      36f1f3a44c89582da07904260f2fd7a59914d8b4

    • SHA256

      97bc81f7ded433e52ec27330c2ebdfd2909503f6a710a6fd7410e2771817980e

    • SHA512

      6db6cf1ae7ab54ffd21516f3731f3bc1cb65733259b3cb296516c6ba1665f89cdeca7eb45b88239838b9594fead2cf900cfb7483caa090c11a2dd4177ceb4274

    • SSDEEP

      1536:RZFwlrRfoowfoMTIxpIplqu4VGPJB6sIcubOBMojOdlm3b5EXuzq:RZGlFw7fonu4sPJBzIZboidW5v2

    Score
    7/10
    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

Score
7/10

behavioral2

Score
7/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

upx
Score
7/10

behavioral6

upx
Score
7/10

behavioral7

persistenceupx
Score
7/10

behavioral8

persistenceupx
Score
7/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
4/10

behavioral12

Score
1/10

behavioral13

upx
Score
7/10

behavioral14

upx
Score
7/10

behavioral15

upx
Score
7/10

behavioral16

upx
Score
7/10

behavioral17

upx
Score
7/10

behavioral18

upx
Score
7/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
7/10

behavioral22

persistence
Score
7/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

bootkitpersistenceupx
Score
7/10

behavioral26

bootkitpersistenceupx
Score
7/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

evasiontrojan
Score
6/10

behavioral30

Score
3/10

behavioral31

Score
7/10

behavioral32

Score
7/10