d7d47aa5796cad499374b284e865f715e7496efca16566add1c3a505730259de

Sharing

Copy URL Twitter E-mail

General

Target

2170b52a9b0e36221f5f4033f6b40986_JaffaCakes118
Size

7.2MB
Sample

240703-hk93nasald
MD5

2170b52a9b0e36221f5f4033f6b40986
SHA1

12ba90342ae6132fe4e2fdb7fd630d39ce074773
SHA256

d7d47aa5796cad499374b284e865f715e7496efca16566add1c3a505730259de
SHA512

6d074266f5ec57cdb3d6f9961ed1ab3b653a8a1949d0550045563b426b11d0002c2ee2f22d9dbb03aaf36b4ebfa346ecb2fb45e83f5236f2168afec3aa523763
SSDEEP

98304:Ib4O806Vz9S3oB08fFQuX32TsJAnxTmeMnKG9ZonejJ+SPonVQ05KkN:2UVz9AkZtQuX32TNxpMKnSQnVQs

Score

7^/10

upx

Malware Config

Targets

- Target
  
  kk_setup_game_10_1.exe
- Size
  
  7.2MB
- MD5
  
  8d2d8b15b7e189f9c6bd824f10f5cf25
- SHA1
  
  20806d79188ace4a37f027803ca489065d70e42e
- SHA256
  
  26fd98df14e64e47b3f93f672f23844d201021b3481f9f712f7fb873677cf1cd
- SHA512
  
  0d0a4adce186e9dc3a11fb1ad53d374aee2d0366233004b476a6a57836102036bbccc7e6b773d6c69bf75cc6580ef23ad2fbd064b19b1d78364f5f74d5d014c9
- SSDEEP
  
  196608:QLbtHcRN4lBmt0LqWoxkGS4P6RJF3E/8/5:QftHcb4lVqNDS4PMJFLB
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $APPDATA/KuaiKuai/KKGame/download/kkdownload.exe
- Size
  
  458KB
- MD5
  
  1f293163f3aad1ea2991b0617a4d2c98
- SHA1
  
  52a6a9b55bd06ab7cde20348b1b30e1a52e74827
- SHA256
  
  0cc64dbdfccd817d12aca859a56619b18f65551f5a2df9cda56650bc25548c31
- SHA512
  
  44fc0d2aeb15ba15baeb92bbb3a7fb8511b106413a2afbdc6088656d1bbce14e2a7765110ba8602cbc914a10bbf8b1c959f3f6f84a9c0349cdb3152097d9a9ea
- SSDEEP
  
  12288:txpvXqFFncwj07cNVaYDX2QEaYDX2QlIY:XFqFVcLoNTXDKXDCY
Score

1^/10
behavioral3 behavioral4
- Target
  
  $APPDATA/KuaiKuai/KKGame/download/libcurl.dll
- Size
  
  260KB
- MD5
  
  36fb612db1972a04c0d47b73131e4df7
- SHA1
  
  449a6f790508f67691a84e085e9c511c5e561fbf
- SHA256
  
  9cadf15983c728391f6a19c41c7d3088b31f7cdd0db5811dfa4a4ad9e409d2cc
- SHA512
  
  e3bc4f2e9316275d75baf1058ec24705ab25a7478fe8810224e80d4d9ec73ea952435cb61401e62711c4e6406ef6c7596abeb38087f9ff32fd82068504385909
- SSDEEP
  
  6144:zUteKmRYuUBbfkFWpARKOAEYfKr1UF0Mtr:zUtmRBIwWOR/AE96F0W
Score

3^/10
behavioral5 behavioral6
- Target
  
  $APPDATA/KuaiKuai/KKGame/download/libexpatw.dll
- Size
  
  148KB
- MD5
  
  226e01d42edd35c3c87bc7084b61bc10
- SHA1
  
  c640234a4988edc5ce2fc7263b27788b9ed79073
- SHA256
  
  fc580ba332907a472f8f89a4bd97d05d8fa9103aca535918f62093a230013bad
- SHA512
  
  1bbebf740619b9b8d0e2a50109717a679318bfb1cf7e8cfee1067262ed5034e13f45a49d1b83e16a85ff21ca67804209fc7999bf9d923150f478cf2cfadeadd6
- SSDEEP
  
  3072:WfDGNmrTuXsTbSm00w+oqQA3xEz5/2t+dCQ7q:WfDZW8TbD00wec5z5
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  0dc0cc7a6d9db685bf05a7e5f3ea4781
- SHA1
  
  5d8b6268eeec9d8d904bc9d988a4b588b392213f
- SHA256
  
  8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c
- SHA512
  
  814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0
- SSDEEP
  
  192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/Processes.dll
- Size
  
  56KB
- MD5
  
  cc0bd4f5a79107633084471dbd4af796
- SHA1
  
  09dfcf182b1493161dec8044a5234c35ee24c43a
- SHA256
  
  3b5388e13dab53d53e08791f492ed7d3094a0cee51e9841af83ce02534e0621c
- SHA512
  
  67ba90ec04366e07d0922ffb4dbbb4f12f90b6785b87700adaae29327db9ec2a03d750b229f858db0594f439499d6346fbf1ebc17c77162bf8da027515219ee3
- SSDEEP
  
  768:WmswCIbuzwEmd7Fp4KpDAKngV9tV3rJy63JgaVwoz7si4uYqUYWu1gYwmj552RFB:WmswCIbuzwEy7n3YD3Jgw7shKrp55io
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  00a0194c20ee912257df53bfe258ee4a
- SHA1
  
  d7b4e319bc5119024690dc8230b9cc919b1b86b2
- SHA256
  
  dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
- SHA512
  
  3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/kknsisplugin.dll
- Size
  
  82KB
- MD5
  
  01e75126c5c30022f4561daf30cc029d
- SHA1
  
  8494d4147ed1f778d4c02cb0a9bd31a3112a04dc
- SHA256
  
  238e7599426e74a5e1f1177c995bfc7bc085ec7f0fe2079e7882db4392e9b4ea
- SHA512
  
  09396d49c3aad21b2b541c6823b2be963a5305805eb4d1b46f4c34a635e8025223101c25b8f5c4e12f752f7de527367c6cca2c6c87ce646f5a37d035f16bdc6b
- SSDEEP
  
  1536:T1J+4MSFOwp3SnRJEoocOdpksWrOLLaXo5OraaCD:T1cj3w4/EKgLwo5OO9
Score

3^/10
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  ab73c0c2a23f913eabdc4cb24b75cbad
- SHA1
  
  6569d2863d54c88dcf57c843fc310f6d9571a41e
- SHA256
  
  3d0060c5c9400a487dbefe4ac132dd96b07d3a4ba3badab46a7410a667c93457
- SHA512
  
  99d287b5152944f64edc7ce8f3ebcd294699e54a5b42ac7a88e27dff8a68278a5429f4d299802ee7ddbe290f1e3b6a372a5f3bb4ecb1a3c32e384bca3ccdb2b8
- SSDEEP
  
  96:EBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4MndY7ndS27gA:E6n+0SAfRE+/8ZYxldqn420
Score

3^/10
behavioral17 behavioral18
- Target
  
  checkkkinfo.dll
- Size
  
  188KB
- MD5
  
  a04e07092b4c8223f28c1175cd65b36c
- SHA1
  
  5d383a8eb6d465f17bdf896d6d8465d2355f9274
- SHA256
  
  b67bdc72d91e965140e7a62c87405718eceeeb42a4fd4a05d4d4aaa1471e657e
- SHA512
  
  b3badd4293cdde7ad0d28498bd2f2087ffec258c0a6598876f2e8f4918e3ee4d65ecdbfb4858491050f50a639904132d573d56c0b3617cd68576f8b1abcebc5b
- SSDEEP
  
  3072:MHNNu5Qa7+F/ubiRmlGvfX0f+lkcwDax5hs+XURy8j:o0l7uubamlGvfkGlFwWsCp8j
Score

3^/10
behavioral19 behavioral20
- Target
  
  crashreport.exe
- Size
  
  338KB
- MD5
  
  2d1a8a1b99cc28107476de83ba0a77f5
- SHA1
  
  9550bed42cb51c17acb6231a12e7d12b49860035
- SHA256
  
  179a18dd3c49dacccc8d8752a3fe8da99f5e01500ffd23a6634523408f8add71
- SHA512
  
  d5d7045fd024d275a7988a30dbffb841c2fc9c70ec96737b03db579dcc2d9be1fc8abac6b647c11d7a7a6d16946c01eba92fb85cb26d66c17ff044cb7e41315a
- SSDEEP
  
  6144:jmWahng73S++KIL19tRvyLq9ZEdfkmg/cHG93I/TbGJTlUxAkvW:yHNg7zmL/fYq9Z4ng8G93sTbGJTuxRvW
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral21 behavioral22
- Target
  
  kislivx.dll
- Size
  
  835KB
- MD5
  
  78c9fb4bdce3d41b2a945371ddcf8130
- SHA1
  
  38f37dfca519c870860be3d6588b96111fb2abf2
- SHA256
  
  338f9ad6281703b4104db80e20df683a67d837a76414f488142943dcd684fb09
- SHA512
  
  dca9e620314a2b77d0969348aaa4fcae2b3c5b71e1bd30b82a21ede5fbf8ed31d2612d0ce7b16f0f3f3c7cc4752eea50613f9d89f5cb6ce6ac40dd23dec9cec1
- SSDEEP
  
  24576:sZEVwAGGopOiHTfXQ6r/v0ReBcTr5UY+RVvo7F:suapOizA6r/v0oOTNqfvo7F
Score

1^/10
behavioral23 behavioral24
- Target
  
  kisupco.dll
- Size
  
  313KB
- MD5
  
  98fc1aad0bbfb1905eaace38830c4833
- SHA1
  
  530c78e4a6b6658502813f91fd981a1c094c08eb
- SHA256
  
  df8916c996286c59475b93e50c6471236b12d8a64f2f079d773b8b5224fe0aa7
- SHA512
  
  170472986a405a412b527a34643d52f984f76bc3ccb6feb732a2943bf26743be2e35805bae26d00858a2ce1c9e302c9b679ec2b92309ab4d043212d1cf1f8797
- SSDEEP
  
  6144:nYL+rabxjGEL7zvrAfzZ+bV5HEZFx97vCzMels:nYLUsGELHvrkzZ+x5kZFxpgls
Score

1^/10
behavioral25 behavioral26
- Target
  
  kkdlengine.dll
- Size
  
  114KB
- MD5
  
  7913bd486a0f45be07f8b7d23fa6c5a2
- SHA1
  
  3bd72eff4453484d0b742e874a3907c19c9167ee
- SHA256
  
  c17473ddeaf9a9d57e065c36b58bd708cba71071d59fb450d8b8cf4d8e77ac19
- SHA512
  
  c5dbeb78684680a3faa203b772ce411ea6206c7f147c6b146f21a5e2019d58f1d0582f7e06d1d9b51462cf5568588170466bbc19c8c3818291361e82e5621980
- SSDEEP
  
  3072:SJsTvgUiNocoPooBtl14ekRJBK1GcHN8d2F:ONoOobAyN8d2F
Score

1^/10
behavioral27 behavioral28
- Target
  
  kkdownload.dll
- Size
  
  303KB
- MD5
  
  b600f10be5b9aaefc5f8c9c1a66d3037
- SHA1
  
  8b907adcd9b644e00437b36ff15ce656a605b776
- SHA256
  
  f22696351d4787e31c96dcde40fddc30c20cbd5474fa4cf2da8091830a4f4bb6
- SHA512
  
  2127fcd25322699e6916c33be44bb62bd74578ff5a4f25e1f2fb124097bc61fd8d9293c8224a1fc55f86a21c4f56a0cd7cbf91f61449aa401432a52d8ebc4512
- SSDEEP
  
  6144:OIR37oPOE9acXJRg2vtprPbmO7ACJg7Od8PsqikG07:OIJWZaotpGqJJg7Od8PsSG07
Score

1^/10
behavioral29 behavioral30
- Target
  
  kkgame.exe
- Size
  
  2.0MB
- MD5
  
  21fbe3297b710bd67e3122269527653d
- SHA1
  
  5c148af03ad2fd24dd8d6eb77e6376cc8dea8cc1
- SHA256
  
  bb6b0dee37041b5aae2f0461b09a1ceeb5fd807b6147563a74bd4afa722d5110
- SHA512
  
  6554d63c0e04e0bad0589b1e0dfb9ef40a7f57ee562bfc64b21c8936c4c8431fab36cb5c0aadefd1d541cbdc949e954dc9e0bd2f6dd75a1ebcace48930e82948
- SSDEEP
  
  49152:Jjw2H60mh3SxrYy1b5ZfydPQPL3oQkBQrbr87qDAH0ydoG26byYTIq:JjHHpuAb55ZfydPQPL3oQyQrbr8+LydB
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

UPX packed file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32