314e7335c97f90ea32c8a04c3490587947bbe549338f96ba7e210e7f45527437

Sharing

Copy URL Twitter E-mail

General

Target

0860287445de58569923bee93cc01758_JaffaCakes118
Size

3.6MB
Sample

240620-wfmnfszdre
MD5

0860287445de58569923bee93cc01758
SHA1

022505ff6a2cdf60ee34c6b76f32d57cb7dcda43
SHA256

314e7335c97f90ea32c8a04c3490587947bbe549338f96ba7e210e7f45527437
SHA512

4303a27331593d28cb005dc02fb61a70ff0001f237bbf2a9addf97de8cef4f7c65385cda0fdfc1ba4f3b733c155dae92bfbd07bc1bd4ab4e8e048c3cbfba222f
SSDEEP

49152:n6ASK3cfSW2oHt1JfmXKRUm2LMZ5Cge9387O5QH47f6oxhaC2SvTKb/JsBVXS97S:d2d2oN/6m2O5Tey7O36ox7vWb/OvCfY

Score

7^/10

defense_evasion privilege_escalation

Malware Config

Targets

- Target
  
  0860287445de58569923bee93cc01758_JaffaCakes118
- Size
  
  3.6MB
- MD5
  
  0860287445de58569923bee93cc01758
- SHA1
  
  022505ff6a2cdf60ee34c6b76f32d57cb7dcda43
- SHA256
  
  314e7335c97f90ea32c8a04c3490587947bbe549338f96ba7e210e7f45527437
- SHA512
  
  4303a27331593d28cb005dc02fb61a70ff0001f237bbf2a9addf97de8cef4f7c65385cda0fdfc1ba4f3b733c155dae92bfbd07bc1bd4ab4e8e048c3cbfba222f
- SSDEEP
  
  49152:n6ASK3cfSW2oHt1JfmXKRUm2LMZ5Cge9387O5QH47f6oxhaC2SvTKb/JsBVXS97S:d2d2oN/6m2O5Tey7O36ox7vWb/OvCfY
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/CheckInstall.exe
- Size
  
  1.5MB
- MD5
  
  99eae10da4986df6b5e63244468b6e1d
- SHA1
  
  84f260486b9a7f80e55b3190a363eccbfbfcd998
- SHA256
  
  b7c5e8dc04e178e54cc54c975a0eed217b6972aa7ded5ab365cfd9738e9849d2
- SHA512
  
  f658f4ec40009bab4bf5bc2456c4461ff8836dca8b38a652c446cb5bc3cd7fdee2e5d836af6fa6b16bf2541ae8c646630169a8f500f38a1a2151475ee75338b1
- SSDEEP
  
  49152:46STbmuBmiyMvsA5IcgDrEgDlq95LPTQ403AYHR:/uB1sA5IcgDrEgDp3AYHR
Score

1^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  ec48a8204e1aed3d9a951cd92158cbe3
- SHA1
  
  0db29522e15448553b697b88b31a3d8392efd933
- SHA256
  
  3166399ed2ee296749aa412a4ec70807373b6349e9b94a7fcd97c3418f744f0f
- SHA512
  
  9b0ab63fbe4bf89ddf93e5fc6922cc95c0586e21dea945ce04065afd7957bd2472e34c909d356123346f62dee4c6d6077a0072810c91b61ad3df4c168cdb79d5
- SSDEEP
  
  384:u6lFg78XxXRKk9u2d58KzdlXj9m2AaCbqsb2+:9lFgmBKSukWmXjs2Avbqs
Score

3^/10
behavioral5 behavioral6
- Target
  
  AutoShutdown.exe
- Size
  
  2.0MB
- MD5
  
  0ca2b5144071c80c0fe0ac50d09845e8
- SHA1
  
  3d3c16614b940af28822322c7295387b2be92cda
- SHA256
  
  cb59af858cd42db648468495d9a70cecfc5dba69da828d73d06ffa982103282f
- SHA512
  
  f70b2485149c26c0c1e72bbf269d6cc6493f11569d71bd22b4444efbead10df85528cffe6f812410dd0b94222b0832522184638e6b1697b8ad3bbc5ac15e3cbe
- SSDEEP
  
  49152:hGT5M+S/Rv767u5SG6+pYhG1zF/sMC+L2N0uibTG0ki:hD67/G6+pYhG1zF/epN0mi
Score

1^/10
behavioral7 behavioral8
- Target
  
  ClonedFileCleaner.exe
- Size
  
  2.3MB
- MD5
  
  acc8254dc691bc840d38dc259e7beceb
- SHA1
  
  87bf1963285944ac50324a7197f75560a2b620ac
- SHA256
  
  d5f9bc45fb5e66e339709dc6ee37bd0cdf84e6ee4ad68c2416cc07a0688e4e55
- SHA512
  
  830b44092d324cddbed9629a4261cf54bd89c440e2afce707ef598291af44a70cf8a63f8d12fd5233ba7c52bf2dcb9d39810907663df8ac09fa29546825b41e3
- SSDEEP
  
  49152:1hcSLm39y6v4Hrep7L1DsCelrm7AHTGgrUMg647pXkT:1kc6v4ip7L1DsCelrmarg6c
Score

1^/10
behavioral10 behavioral9
- Target
  
  FilePulverizer.exe
- Size
  
  2.0MB
- MD5
  
  cf0589180816f35c0521984d3448b038
- SHA1
  
  0609ea149b5d816b682e85032935dfba06b32c76
- SHA256
  
  d194b2c5efbec8c752d8b788a445de8595c3d4523e90d76e1f3948e37c555dac
- SHA512
  
  f3782853af771637f4aff02e2543c63bd2f612d03d68e705ecc33cdd203a7706d311d3eb65d916d15434c5e70bfd9f5edcbad4abfe87646aa2ed4d9984354dfb
- SSDEEP
  
  49152:pcRJD8MiSKP0ydLSLY8poj09orA/DTbXX6GCp6IfK5CM+gT0h2VpTA:mySLzoj09orA/DTbXHCvfKK+TA
Score

1^/10
behavioral11 behavioral12
- Target
  
  StartupManager.exe
- Size
  
  2.2MB
- MD5
  
  d52771938b1d8279b29fa1c06ef88ca3
- SHA1
  
  c036eaa6ebb8983972ec2e34f27664d78b5f25f0
- SHA256
  
  4e9eef912a674c902c4b2c9612af606d1421c43f828c92cf52b88ed429aa7c34
- SHA512
  
  c99571d9cfc5242d191dd4766a60c89cc35118bcbc3892ff0136809545ea8c28cdd55bbb47ec997c0913a8b250045b7dcc73a67d3d887303133a9e7b6b6099bd
- SSDEEP
  
  49152:/jJDAK0cIS/5wF8tm+1QWWNUIQJw5p9NpGx6WPaukdHgNt1MTeFLhm:/jiwtmxWWNUIQJw5p9N+6AkdHg7Ftm
Score

1^/10
behavioral13 behavioral14
- Target
  
  SweepHelper.exe
- Size
  
  1.1MB
- MD5
  
  6abefb00c12e50e23ae1f2a809f345f6
- SHA1
  
  253dfebe3da262f10d6f04fca0a445cf115ac42f
- SHA256
  
  4216bafcc4821c2d2cf4e85ff735eecfc320478f04eb25fe0477840aa78ca25e
- SHA512
  
  0ca20f0abd628fe4c6912965f60c4fef12bfb2a373b8653435b899915b560f11f78996bf39bb340e9ca36468fd121106c01b50630d334b859a37e3d20ee7b249
- SSDEEP
  
  24576:03wzM9DW5ATuooslnUzEgLqnY52Cjij/jx33rvhKA+MMpw:03wAlTeggLqxpFrUA+Ppw
Score

1^/10
behavioral15 behavioral16
- Target
  
  SystemInformation.exe
- Size
  
  1.9MB
- MD5
  
  974d2d0080fe35a11ae562c10904ab94
- SHA1
  
  64f5c8cbafb48e2f45eb6d1446802cc73dff6ac4
- SHA256
  
  247d039747a825991a15e003bd49c1a5de423c2b9196d49d8608e69a593febe9
- SHA512
  
  0327ff950b25c59d0df315343b19b3912f6388ddf70cfcd38084d87451be76b46cb0edfc2e60c81d4f3c69d4a9f598d999ff9d9a10ad7e33655520f0f107ebe2
- SSDEEP
  
  49152:y0tqSds/m8nHq8GOBbuQ5yX16L9u8DNy/zx3CDTLgwD:y68nmOBbuQ5yX16LszxsbD
Score

1^/10
behavioral17 behavioral18
- Target
  
  SystemSpeedBooster.exe
- Size
  
  3.8MB
- MD5
  
  5fe191ec58c7725c33f5e4c42de36eda
- SHA1
  
  1e1da1036d56bbdf28c6f729bc69ad3d2a77ec65
- SHA256
  
  448b382e3c645862937e4b6bf28d24a937071a391c91bc7406ff1332946ce683
- SHA512
  
  79e6fb3ae4a0adbaf23398600ee7add323ff552edc841d27bf61849d4029f9ab5a600992b131bc6c692949f87d1347f475b60d76ff5a0588527d76d89b838bac
- SSDEEP
  
  49152:wy9WZCSkE+5v2cTk/fANkYB2gnedjssNMi1ycR4eTnmlGzyOZw5Z8BR1IITh51mG:xScTmANkYB2gnedjJVyPeTRZw8uTPpw
Score

7^/10

defense_evasion privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral19 behavioral20
- Target
  
  res/info.html
- Size
  
  1KB
- MD5
  
  da20456e53219ee6774f47660cdccbb7
- SHA1
  
  339647959c0bc3fccd7dcfb24c95011e38993434
- SHA256
  
  22486c636589d8b264862fcbb66957e378fbbc7d579a7106424d54612dfa76a9
- SHA512
  
  76bfc965818c045858274654bc2f95ba5bba861016dd886ab53931d9077b76a6e9817d700de21a89c321054e68ec74fdfab34e8c0bb0b5ba0ff937aa20aab086
Score

1^/10
behavioral21 behavioral22
- Target
  
  uninst.exe
- Size
  
  65KB
- MD5
  
  9441d6915ef048a2dfd3e05fd6e78a83
- SHA1
  
  32b07835a24dd627c643bd185bb005ef44dd0e59
- SHA256
  
  e17fc60e92bd169785257d692be15a9a735bdcd163c655db0c9b58f29258eeeb
- SHA512
  
  76007f695f2c52021f2fa8115a1b93b24965d009db2a1566f30c31a2bd5db5d6a51e850eb114f94fe681198c2a7716c5b94c7a3992acc505a10c7b30b272177c
- SSDEEP
  
  1536:VQpQ5EP0ijnRTXJzEBhHRtBlTo0dfUAFhdZ:VQIURTXJCRlTFdhn
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral23 behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Access Token Manipulation

T1134

Create Process with Token

T1134.002

Defense Evasion

Access Token Manipulation

T1134

Create Process with Token

T1134.002

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24