General

  • Target

    128d441a740f4c420991d627f850352a_JaffaCakes118

  • Size

    3.0MB

  • Sample

    240626-tda6javakl

  • MD5

    128d441a740f4c420991d627f850352a

  • SHA1

    ec78d8e41c530501a97052fc4ea8596c4bc1deb5

  • SHA256

    0c94282940077f10fec890543908a14aa04622af760579faaffc3a9c649a9a87

  • SHA512

    8c614ec0e7a22c9672ab8722ec8fbf6efaec870bc027f36ab40136d685dc3548e5119aa9ae95555b1ca63f52fe6e5caa0e089c31b3c7b469f0dfb77f933ef9e1

  • SSDEEP

    98304:JDTGczRsYRqQOjRzormaPCx6Bgocsuvr39R0xdfPg:JDTGsRRqJOmNzocdjQdw

Malware Config

Targets

    • Target

      128d441a740f4c420991d627f850352a_JaffaCakes118

    • Size

      3.0MB

    • MD5

      128d441a740f4c420991d627f850352a

    • SHA1

      ec78d8e41c530501a97052fc4ea8596c4bc1deb5

    • SHA256

      0c94282940077f10fec890543908a14aa04622af760579faaffc3a9c649a9a87

    • SHA512

      8c614ec0e7a22c9672ab8722ec8fbf6efaec870bc027f36ab40136d685dc3548e5119aa9ae95555b1ca63f52fe6e5caa0e089c31b3c7b469f0dfb77f933ef9e1

    • SSDEEP

      98304:JDTGczRsYRqQOjRzormaPCx6Bgocsuvr39R0xdfPg:JDTGsRRqJOmNzocdjQdw

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/ESNsisPlugin.dll

    • Size

      40KB

    • MD5

      e0dfe15ba0ec3e83dd8915994ef2786a

    • SHA1

      fbc3c9284b6c66407971bdadf1a16e22b643ed4a

    • SHA256

      8a5e04a59be25eb8cc22d2ebe40b90e116b3a76f387e6b7e6d4755dc90376cdf

    • SHA512

      74627cbcb4f2b689dbcc76fc7fad6d141a7749d09ac25d2fab515ecf775d3ed7fd03b5daf8cb041401dc6f59be80a4f03350e0ec4a07e7c4655c33fdf7613472

    • SSDEEP

      768:HIZ6DJnhzmqgdTCYaOi8JTdrhEY2ZcgJVxcAs8gyIl:H11hSqgdTCYaYJ94nJbc40

    Score
    3/10
    • Target

      $PLUGINSDIR/LangDLL.dll

    • Size

      24KB

    • MD5

      24386f3f810c1da89bc3b3db036a20c9

    • SHA1

      932cbad4b7c0259fbb66ea7eea1f7e53987443ad

    • SHA256

      d0c8eba5022201455e066a7ff97568a446b1b74baba75392c1ea8e020fc911b4

    • SHA512

      13fa7728d467e9e4fb4a9060b9dbc6d855feea333400dc520923eeddd3815e2ff18bd282df955642749c134ea8c499d5a22911e91c613548c7129885266ede9b

    • SSDEEP

      96:QGYEiykfI3qbE12xxvTEoNon3xnr+2CmutM:dYOh2bTDNg3Nr0D

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      301a9c8739ed3ed955a1bdc472d26f32

    • SHA1

      a830ab9ae6e8d046b7ab2611bea7a0a681f29a43

    • SHA256

      6ec9fde89f067b1807325b05089c3ae4822ce7640d78e6f32dbe52f582de1d92

    • SHA512

      41d88489ecb5ec64191493a1ed2ed7095678955d9fa72cccea2ae76dd794e62e7b5bd3aa2c313fb4bdf41c2f89f29e4cafe43d564ecad80fce1bf0a240b1e094

    • SSDEEP

      192:hCPej3uzvJwqJMQKN4GbeWZksMI4ETWcEbcBZ8ep2Kra7yAG:hCQ2HgN4GbeWmbI4Eybogia7yA

    Score
    3/10
    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      e47edd32aa6f55c5e0f3d7807ef7801e

    • SHA1

      a09626786256653c23d3c704417caf4a5f584759

    • SHA256

      4a775a8062dcbd2a960076af0395c8182523d65ab1bcf3da3f77f94d31051568

    • SHA512

      f7543ae3e73d29a83f80deabd5e5ace19cbf1a150bdf888ac35a5c64ba32a3261dd7644475e4a18e942808f4ee8ed73cf11c4bfae44f27473ea40989752b1167

    Score
    3/10
    • Target

      $PLUGINSDIR/newadvsplash.dll

    • Size

      8KB

    • MD5

      55a723e125afbc9b3a41d46f41749068

    • SHA1

      01618b26fec6b8c6bdb866e6e4d0f7a0529fe97c

    • SHA256

      0a70cc4b93d87ecd93e538cfbed7c9a4b8b5c6f1042c6069757bda0d1279ed06

    • SHA512

      559157fa1b3eb6ae1f9c0f2c71ccc692a0a0affb1d6498a8b8db1436d236fd91891897ac620ed5a588beba2efa43ef064211a7fcadb5c3a3c5e2be1d23ef9d4c

    • SSDEEP

      96:/VV0Rwtvrm2nQujIvP9dir3UniV/zRzVR3rN3k8Jd18tsPcaqhx:/VV0KtC2yH9d83BzVR53kEQFaq

    Score
    1/10
    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      b0165587c54350b6c9910e765f16ad9e

    • SHA1

      fd81de9f3b1dd8d6cfa8621fddf9f93c29b4710f

    • SHA256

      26006c739057373f948b11892f40b0cc686c6c97c448f79447856421f9a15563

    • SHA512

      2f69354fd433eec277a804124f5c476fd645270b89af3db22ed45b599cdf251cfccdc3c642b8893078748a0a674676ea28c5fe5b471a633de7301c6a6646295b

    • SSDEEP

      192:bzQhZDqlJcKISw99ioU3MSfwLF/+nhHUOFsdz:bzoZDGKYw9goWyFGBUVz

    Score
    3/10
    • Target

      $_12_/FtKeyManager.exe

    • Size

      630KB

    • MD5

      153934b01ba6c2033d67239d0e417714

    • SHA1

      6ed98cf1e4a6615a9b874d7f4067ff1f4cd4a825

    • SHA256

      b982158ec02b74e812258e6e6dffe032f42318534de8a45dae27189d7970b21d

    • SHA512

      cb07791079e798254d10ef2eac0948bdd1810f472b97c673948e127b22728d8e943a3b2dcd950718829739f421779e494b210e91e1ea14e4b357b705a594d83d

    • SSDEEP

      12288:eEmoO/K3GKsva2vVxCflMlUrwA9tZFcHf14GRTh+1:0oOCGvtnCf7tZF8N3e

    Score
    7/10
    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Target

      $_12_/InterPass3000_ICBC_CSP11.dll

    • Size

      918KB

    • MD5

      4771f345a2383e59495edc78974e95d6

    • SHA1

      32bded447fa715be65e1ddf34b835f57e36b9930

    • SHA256

      9c02c342658a459c72101f09791a7dc735ccfe8c7de1184606135da853de87bd

    • SHA512

      e6bf0efad5468b17f037a2f8795a90d53772594c5517427a96b32f54f8629bd73f1db2962f8cfe16a1bf0a46f15d976a8a28a02e6292c73aa26b881a8c71c3e6

    • SSDEEP

      12288:sTfAyz3F2WXGOxCjVrak6QJAcFbHrOW11iX6E7G5UWpd/hHCxLVAylKzFb47+NQn:6jz12WnojRz7fNL3114NG2MdEYTi7JBj

    Score
    7/10
    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Target

      $_12_/InterPass3000_ICBC_CSP11_s.dll

    • Size

      10KB

    • MD5

      6b27956ba886ee230281d205e09e91a9

    • SHA1

      d5c7d9297df241b52573d03185a66528a84f5488

    • SHA256

      3df383f4b0195620badc0bb9f5e1d86ebdb4975b60da4b910a26fee9b4af474f

    • SHA512

      e7b9d770ef04dda2c2cf144c218851b2b933d59395caff6594e70d0d71db4a78319a51bcbd3479668ab7dad56acee4a24cc3c4206186ad6cc91f5314a498212a

    • SSDEEP

      96:Dpn00KCDOVnXB+im0KcOqW/PLZISj0epuVuw6YQCcTvka9IN80KIbWUksykajqq1:PAXBRQC3a9C8nZUadXe/09OFH

    Score
    1/10
    • Target

      $_12_/USBShieldHelpDocCn.chm

    • Size

      70KB

    • MD5

      d5b033ad673268e08b300662981659bf

    • SHA1

      be4e18becd2b8add21dd4919d9d719add56f7ccc

    • SHA256

      8417b9498ba7006a222fcc268e595fe959ed1e2f45cc9bc1d859efdf63905f38

    • SHA512

      c0e17e51556420225b0fb2e21dcf65f39fcd83c0ab834a3f810c5616adc07123daba3977ac892500741e07de806338c569c19decef057c212440467970843dbb

    • SSDEEP

      1536:HDXpkNNp5+s3Hv+t6vIBUHeSaLeMkilBy2pZvHkqCITJcm5+8b:jXk+IPJo7LlI2pFEoNcY

    Score
    1/10
    • Target

      $_12_/USBShieldHelpDocEn.chm

    • Size

      93KB

    • MD5

      d72b5f96ca995fa0f4e61753215c5366

    • SHA1

      52ba5beb5187eefb90c36d109a8cd3b0e63c6ffb

    • SHA256

      f30c988353d70d874a83af41d8dc5e8a16a7e76a6aee09ebd5eb41a33936dfde

    • SHA512

      e8ce6f7001d61f3d6980179c3019231bb26b4a7d4ca1273ff42b3cb2ae3aadc86e00a94b895a34ff487f436fa67fee49a000c38684f383e07b6b4f8dcc52c01e

    • SSDEEP

      1536:fC+28mpxdC6PgU4F6NXMZVNCTMAvUQe0UA5CVBEhUm8m7jTSbKPD88:alCcgU4EcZEG0BCrsU2jSQL

    Score
    1/10
    • Target

      $_12_/certd_nps3000_ICBC.exe

    • Size

      403KB

    • MD5

      8540e5bea2674ebc0f64b3912a746c86

    • SHA1

      de2a6a6044d87caa4db8d799d133bb11d17fac53

    • SHA256

      f96f638219758f7c54f4254b717098affa4a6e66a43ad2cefc2a169e91f3506f

    • SHA512

      8fc3d55d705954780afb6cf01fa6680aad72b0fbd66e52f634f97d50318ce17e84483826d953fbe79f9b2f38aba807eef9a039601c342b3685c5b192984988e6

    • SSDEEP

      12288:40xHA3DyktGMII48LbMSmQU2pSE4Un1qL:+yeI6YLQU2pS1ku

    Score
    7/10
    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Target

      $_12_/icbc_ftusbkey.dll

    • Size

      129KB

    • MD5

      daf299dba1134139ec7e54776a5f2138

    • SHA1

      ca4df809c02534ba611df446a9d530bcb8fc4537

    • SHA256

      afdf9d8609d8bdbe82a0a91631a1e94f2912685ee4ab01ec6a5cd87fdc682956

    • SHA512

      76f5439830628cd47a34445681a62c2d624bb29645e04a36e68c9340150200cc99c79814c758786014b23f85c44ca14ae9e9dd5954cc02896798c8463f71b41f

    • SSDEEP

      3072:CNarWxkl/Pw62vohwLpTuL5B5xI3gpM5VpxOK:CJW/PwAEpO59f0POK

    Score
    1/10
    • Target

      $_12_/icbcgm_ftusbkey.dll

    • Size

      244KB

    • MD5

      39f3f0b3c13da77d67de06c75ab46241

    • SHA1

      44eb1e35ab05484dfd8cdfe33920ce2a315eda88

    • SHA256

      93fb6803c6168aa79b05e79d5430b19cec18e74c7b831d49503978611b88c1b2

    • SHA512

      33e59045a4b5cbaeff479886fae92f3b81150ec4aca394f37c8656e7defeb613d44fe7f613565dc18ef5ba6a3543eb863eb677b39b7fa0b4be512af1ca014106

    • SSDEEP

      6144:zg4NqGzLLJ4ckSbQo+w5ead7napf1fbhkTaxJK9:zg3GzX+nE0Iap9FkOJI

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

vmprotect
Score
7/10

behavioral1

discoverypersistenceprivilege_escalationvmprotect
Score
7/10

behavioral2

discoverypersistenceprivilege_escalationvmprotect
Score
7/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

vmprotect
Score
7/10

behavioral16

vmprotect
Score
7/10

behavioral17

vmprotect
Score
7/10

behavioral18

vmprotect
Score
7/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

vmprotect
Score
7/10

behavioral26

vmprotect
Score
7/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10