583b51287187df514ef222f1aee18d48424a64a9f50909dd27a47ad245f863c2

Sharing

Copy URL

Twitter E-mail

General

Target

24c50d287358d8bbbb2bf80e361baf63_JaffaCakes118
Size

1.0MB
Sample

240704-f2d1fawfmk
MD5

24c50d287358d8bbbb2bf80e361baf63
SHA1

eb0afff5f966f6759324c16e288e4a1398fd1b36
SHA256

583b51287187df514ef222f1aee18d48424a64a9f50909dd27a47ad245f863c2
SHA512

af85db8f65f229e2a790d0e06d4890e9a5b0aa1ddc8f6a0dfc8dfe3175badb1b7b2d35d20a283c5e32340178651a0cb7358d7804b561b83365406439f214622b
SSDEEP

24576:kf+VLLoy7yDZgDstOXV7cFxAtdEBnBEwOvMOW57Phq1uvO1zSqqhi3v:UyH7yFgiOt2BnXll7P+KOUe

Score

7^/10

Malware Config

Targets

- Target
  
  24c50d287358d8bbbb2bf80e361baf63_JaffaCakes118
- Size
  
  1.0MB
- MD5
  
  24c50d287358d8bbbb2bf80e361baf63
- SHA1
  
  eb0afff5f966f6759324c16e288e4a1398fd1b36
- SHA256
  
  583b51287187df514ef222f1aee18d48424a64a9f50909dd27a47ad245f863c2
- SHA512
  
  af85db8f65f229e2a790d0e06d4890e9a5b0aa1ddc8f6a0dfc8dfe3175badb1b7b2d35d20a283c5e32340178651a0cb7358d7804b561b83365406439f214622b
- SSDEEP
  
  24576:kf+VLLoy7yDZgDstOXV7cFxAtdEBnBEwOvMOW57Phq1uvO1zSqqhi3v:UyH7yFgiOt2BnXll7P+KOUe
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  0dc0cc7a6d9db685bf05a7e5f3ea4781
- SHA1
  
  5d8b6268eeec9d8d904bc9d988a4b588b392213f
- SHA256
  
  8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c
- SHA512
  
  814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0
- SSDEEP
  
  192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/ShellLink.dll
- Size
  
  4KB
- MD5
  
  073d44e11a4bcff06e72e1ebfe5605f7
- SHA1
  
  5f4e85ab7a1a636d95b50479a10bcb5583af93f3
- SHA256
  
  b96b39cb4ad98f4820b6fd17b67e43d8d0f4b2667d50caa46eff44af245d75bb
- SHA512
  
  e9f99b96334764ae47aa026f7f24cfb736859a9131bd1c5ec7e070e830b651787f49910911f82e4ade0dc62fea0ad54ba210b07e44830eb2be6abb710a418a98
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  00a0194c20ee912257df53bfe258ee4a
- SHA1
  
  d7b4e319bc5119024690dc8230b9cc919b1b86b2
- SHA256
  
  dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
- SHA512
  
  3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/locate.dll
- Size
  
  15KB
- MD5
  
  3ed8f71cc67857223cad786e0c7c578e
- SHA1
  
  a4864b53ac8c0d0eaffc516f891644c935de942a
- SHA256
  
  58200fbce500184e73d8cf63bc689c157763b8a63e3d1cd62165e334e8d1596d
- SHA512
  
  7424517d42dea7a3121cc9c52d490d6d1c27df59e1e1d926cf97d3543908de78c1e384061ba76b3520cd5a7eecef83f3629b565add617193d09db09a5f882430
- SSDEEP
  
  384:e3vRxT1E9qSqCDwNnN3NLNmwJOXZRPX2qkf:e/Rx2D4N95RIXZprk
Score

1^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsRandom.dll
- Size
  
  21KB
- MD5
  
  ab467b8dfaa660a0f0e5b26e28af5735
- SHA1
  
  596abd2c31eaff3479edf2069db1c155b59ce74d
- SHA256
  
  db267d9920395b4badc48de04df99dfd21d579480d103cae0f48e6578197ff73
- SHA512
  
  7d002dc203997b8a4d8ec20c92cd82848e29d746414f4a61265c76d4afb12c05bce826fc63f4d2bd3d527f38506c391855767d864c37584df11b5db9ca008301
- SSDEEP
  
  384:LCHDPMs4GdtyO5roguusMxUXiO3wOw95euooP2UgKbd9BvNtf:LCHD6Gh87MKXil/5r2U3z
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/rfshdktp.dll
- Size
  
  2KB
- MD5
  
  9410591a148871a6d0629cf25b94526f
- SHA1
  
  be1e8b0fe8327f185136a0d2460a68f720484535
- SHA256
  
  acc76e81f71e7f2ba58c36d678bc9ae4705e0187a3cdfa6d0025190467d9c0c7
- SHA512
  
  465d3e418e769b907262e07cbca3d2c5132bf328431d456be09c059821be20a6d30106562d7ef0bfa93ca219b2abe57ee891d937419fc4b8840987b184b45df0
Score

1^/10
behavioral13 behavioral14
- Target
  
  theworld.exe
- Size
  
  614KB
- MD5
  
  86304066455028632cb42c34a2b42b21
- SHA1
  
  3b00e902ce09a241024330b122ba10a354af2b93
- SHA256
  
  52b304f491abd2f4f2b364371b632eb31a99af2b9da5a63a82a00b091bac6289
- SHA512
  
  b59048f1c007f33053faa776643811a34da7882243de672c3c6692a2b08af30f84949f747237d7a5ab08e34c7205f0ad340fe8c33012f0c37497c2ac4e6698b8
- SSDEEP
  
  12288:kaWz2Mg7v3qnCi8ErQohh0F4CCJ8lnyLQYn:7adMv6CYrjqnyLQ+
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Modifies system executable filetype association
  persistence
behavioral15 behavioral16
- Target
  
  uninst.exe
- Size
  
  60KB
- MD5
  
  8459bf3f3c495ac7754671cefafd63c5
- SHA1
  
  21670a54678a8e4c94ed829b92a7cfcdf5cf482f
- SHA256
  
  5a431206fc24c8411bb1301091c38b98a304882359181ce4e1baa468669b0602
- SHA512
  
  c7dcf4db4f0cc34efb67f93a0c2f55d19c79d8b05ba2f163fa118d7ea605887944247ea0c0227d2ddffe22a6f65062d80d1c8164200a42800ad8bff776de44e5
- SSDEEP
  
  1536:5qBwbLWJLJFKqAZzrZA4kJJZgdLeAyNZEl6YvlAe9:5qBFJLzgOJJZceAVMyf
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/KillProcDLL.dll
- Size
  
  4KB
- MD5
  
  99f345cf51b6c3c317d20a81acb11012
- SHA1
  
  b3d0355f527c536ea14a8ff51741c8739d66f727
- SHA256
  
  c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93
- SHA512
  
  937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef
Score

3^/10
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/time.dll
- Size
  
  10KB
- MD5
  
  38977533750fe69979b2c2ac801f96e6
- SHA1
  
  74643c30cda909e649722ed0c7f267903558e92a
- SHA256
  
  b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35
- SHA512
  
  e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53
- SSDEEP
  
  192:oNcwTweFbs9t2n2Sgiga65/aHdaGZavaJIYX4Hw2:oNcwBFg22SEw47CPU
Score

3^/10
behavioral21 behavioral22
- Target
  
  ޸IE ɱ.url
- Size
  
  1KB
- MD5
  
  1a4696b09948361a7034e850ba299856
- SHA1
  
  d8187c923c73d272c8cb5a8b69caaf397431a2cc
- SHA256
  
  05448df298916bba4eccde34838bf782631178295b93a15fdf67cf224525465a
- SHA512
  
  57ca75d5cc22212316811a2951acfed3f80593a54db9d96ed2b2e33446569bafd174ed5e929717eae8698e0364192a0a95e8bb712b7f10290bec22f34848cdd1
Score

1^/10
behavioral23 behavioral24
- Target
  
  ֮.exe
- Size
  
  1.1MB
- MD5
  
  331810e9f6de0679e9cd337aa026aab4
- SHA1
  
  88cbc6a80afcfdd2d5506d8f73ca889a669c5eed
- SHA256
  
  7c06daa6628997c39580b86e9601ee35c7e688efe0079d11517310f6433911cf
- SHA512
  
  5c82f7a497519d8a466d898701c210c27908d12ec9ff0dae56e121b574551648fcbb30d2af0c8e2bdb9b3fc1f86801bdea0fe23858b721a61905eeabcb59e55d
- SSDEEP
  
  24576:oWTeo4A7fKVV/NeK2TYIT4/oFaASoA6Vfnw:dTeq7SH/yTYIT4QIoA6Vfnw
Score

6^/10

evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral25 behavioral26

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Privilege Escalation

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

UPX packed file

Checks computer location settings

Deletes itself

Modifies system executable filetype association

Deletes itself

Executes dropped EXE

Loads dropped DLL

Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26