General

  • Target

    259c0097328816b607375e3a739642ed_JaffaCakes118

  • Size

    4.1MB

  • Sample

    240704-vk48mazdjr

  • MD5

    259c0097328816b607375e3a739642ed

  • SHA1

    8636a2d9f9bafb2ae16aa9364c6875bc5c7bb1fa

  • SHA256

    b7f210dbfe383522954656d839e5bea626d20de4a4c2ab8d61976d42a744f094

  • SHA512

    48d81ca4b8c9340491443db0c32ebfa6e51fadac46e0945369f62f00d4ee992d4248f82eb3ba44bd81b253970ef5d2a5b1171470ce534fa19bacf1c5aafd995d

  • SSDEEP

    98304:UUn1BeJrUzLS32qCnt4N3G9LPkCrfVACBPhK6dWyBWoHH1zkUMUMUR:UUToEyTCnqQ979fnBPVWjo2UMUMUR

Malware Config

Targets

    • Target

      259c0097328816b607375e3a739642ed_JaffaCakes118

    • Size

      4.1MB

    • MD5

      259c0097328816b607375e3a739642ed

    • SHA1

      8636a2d9f9bafb2ae16aa9364c6875bc5c7bb1fa

    • SHA256

      b7f210dbfe383522954656d839e5bea626d20de4a4c2ab8d61976d42a744f094

    • SHA512

      48d81ca4b8c9340491443db0c32ebfa6e51fadac46e0945369f62f00d4ee992d4248f82eb3ba44bd81b253970ef5d2a5b1171470ce534fa19bacf1c5aafd995d

    • SSDEEP

      98304:UUn1BeJrUzLS32qCnt4N3G9LPkCrfVACBPhK6dWyBWoHH1zkUMUMUR:UUToEyTCnqQ979fnBPVWjo2UMUMUR

    Score
    7/10
    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      13KB

    • MD5

      9b2bdf058d377da28704af9ca3ef1142

    • SHA1

      0fc0d7fbc4c3a65eec33d9577ed38e545b3cc04b

    • SHA256

      92f34db47c34d6867e6928d4a9cd27747ff642392c0e361f9cab2f5d8c4df300

    • SHA512

      ba0c2a312732832874642f6ca8d3b5aa4274da5cbb3a09d990b442becdf9a1abb98c61c5cbbb55f6a5341d2997388d01f93f69e4946e923a1892c7621775b93f

    • SSDEEP

      192:pK6RrZcTOIiQP00nXGqk3XsGZ4djZbfhhjv6WoF1dBaRp:I6RNcTPPVXG0kIjZbXjv6bBu

    Score
    3/10
    • Target

      Code/Execute.exe

    • Size

      129KB

    • MD5

      c1bd8a80d0d2f4a9fa39e7a3742c6af8

    • SHA1

      6d8f947c726253d3e88b0a6206f96def96aae235

    • SHA256

      bb68b2a0ca4cbb3b7b2c7128481a7409693153741f1c386e57073a3a394098b3

    • SHA512

      5aea67a11bfde333e0d2cbbf5fb720f9534db65c5f8fe7d4843b787622e9f6bc7ca6154fe4ca1de0cc75b46b1240748c486cb2e5efed24ac4ac56313a59f92e2

    • SSDEEP

      3072:m/6kNR1WJSx3gbfnbmMzJxIURL5KZ/KvnOU9V0:U6IiSuXKURHvE

    Score
    1/10
    • Target

      Code/Start Dashboard.exe

    • Size

      129KB

    • MD5

      ee110cf01b318ff413e2434a03c75de7

    • SHA1

      bcb8816c96ac3d31e35e174bd7aa37e51fd2c98d

    • SHA256

      5def6996e905c9cf584c3ee71fa09960be6a83e24e9d8f0327c649f93a8695be

    • SHA512

      61f155db7f37c8937b8b85307126aea59eaa82999442f914b87ba480e2a28c526ba9379d9963b8009abde25789a7b7197d938be17fa5d96865c4133feb3f8d21

    • SSDEEP

      3072:m/6kNR1WJSx3gbfnbmMzJxIURL5KZ/KNKrqu1Wtxle9VH:U6IiSuXKURHu1Wtxlq

    Score
    1/10
    • Target

      Code/Start Session.exe

    • Size

      129KB

    • MD5

      9e0b4e50415765cadb82425d196aa73a

    • SHA1

      e8edbebb277e65ffb38cfba69009c05912024d69

    • SHA256

      a9da4e157af96028a259e191f2f1278f02c58854782321c98a4e1c1c783d5beb

    • SHA512

      348334b662d52aa39c2d55ea51062fffc7863c18ed91cbb4371358a103af0516b872b1d3029d64779d57879b596c546ca1aa966aab298c1f7fa3a95e3f43f672

    • SSDEEP

      3072:m/6kNR1WJSx3gbfnbmMzJxIURL5KZ/KE1/AHEH9V/:U6IiSuXKURHE1Ws

    Score
    1/10
    • Target

      Code/Test Connection.exe

    • Size

      129KB

    • MD5

      11a1947aaaeb2d51127ded629d34b283

    • SHA1

      9b5c4533c0cbbfbe1c32ebd01fe2cdacc1780bc4

    • SHA256

      e8dfd25b9a60baf1a8ecb476d993be7c30ac0de26716797967090866c497f0f5

    • SHA512

      ce0f110be4b44419b391e3b88eea6ded9b6394dc77fd7e6f3301ce2e0cd48f81952237a7fb1389ffa7844ae9e8540dc3e80ef95c26346b7db91cb94ef206df13

    • SSDEEP

      3072:m/6kNR1WJSx3gbfnbmMzJxIURL5KZ/Kxo9V4:U6IiSuXKURHxb

    Score
    1/10
    • Target

      Code/XLTemplatePC.xlt

    • Size

      25KB

    • MD5

      3fcb948d8e6caab24ddb5e7ab6a883c9

    • SHA1

      514a2a5b5402b7548750e6b27c32e1748f8afc00

    • SHA256

      99d1739cecdc2d75703bd1fc3a44838952e4f9b8ce1f4b4a9ab69272256fa09c

    • SHA512

      cdeaeb6e7980ba204f4a6720815deeb763195bd2e14ab5282c83e629582c6ecbe588200b357c7663bf303416b03abcf6a401ce86ab22a22fdd18c5e1a753e6f4

    • SSDEEP

      192:5SuX/43AgdLSUX0ad/H7WYvwbIHYYJyaVH8wBORsWdRODzQlWLbM1e3EdpX5UNaH:FuFd/7WstHvBVHdBAdIPgWla97a3K

    Score
    1/10
    • Target

      Code/install firefox ssl_cert.cmd

    • Size

      59B

    • MD5

      896c70862e5ba37b05ddcb6c21c37ffb

    • SHA1

      ea6428e7e41736198e106ce3bb94b26c408d4812

    • SHA256

      e11023ae9e1719f9d62cdab38608231c1895e62c8e670f06601e8baaf2043de4

    • SHA512

      068d64e75e7d3e486b8049773fae735cd53efcea6c24be0cf7481e4100284a06444092fb38523ffc08e3850cbbda4d244d8d63aa8514fd2cde1fc6a80be52057

    Score
    1/10
    • Target

      Code/install ie ssl_cert.cmd

    • Size

      12B

    • MD5

      4a755c74079333024fdbf5506ce329fa

    • SHA1

      7a04ba472e65b61ee90cdceac54ac214c19d6d44

    • SHA256

      7a914b496b23b9b7854c297e8bd3185d430e4aca505eada266817311b5a73161

    • SHA512

      63235332a6310f13f1cffaf0678edd62ad3ebe13844ee45a4356af063426017e534d4374bcae42f6e8207bf64097e08df40fc03eef15c58d059e7d84b42bef7d

    Score
    8/10
    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      Code/pdfviewer.exe

    • Size

      3.9MB

    • MD5

      654af68e9819729b4eb2dceb8511af00

    • SHA1

      06b1b45a753940dbd4dea750260454b0e3d70ebe

    • SHA256

      df0a41e765afe4e8d1961bb7cc085bb339d4d6f04776c009b33fd58fccbf7317

    • SHA512

      9c4ea783353d749d00a3855fd51fe3de76b33805704689a913c0bbd945962f627f5c7149afe83627e140931488992048d68c9fdb3dddc77b5e2a274eb739dac9

    • SSDEEP

      49152:0hn1HDzuUGk2oEZCjA7LuZ1yn8gRoPeW4JE956jk:un1jaUwGA+Z1ytREvD6A

    Score
    1/10
    • Target

      Code/register pdfviewer.cmd

    • Size

      43B

    • MD5

      878cf5a567ce4120f1133c92490c7685

    • SHA1

      22c22a3ad576cdc7a6c7c235079662ca67a8e971

    • SHA256

      ca93be671df7cdf5b187e064e44f5420de6873bd6c86fb860a370ad72ec57237

    • SHA512

      b047ecd035b17d145286dd84082bb83b11e6ac273389e7358a4d65d6d496e50edd01597530f250cada9fe418684d97bfd706ceb99a17f31ecc0a34aee4eab598

    Score
    1/10
    • Target

      Code/sfk.exe

    • Size

      368KB

    • MD5

      d29bf3d53fdbbaf9b7f2e5ad577bf865

    • SHA1

      2a36cc858dbfac4936ef369fbd09acb195ef9d24

    • SHA256

      fbe7ec72a2f926edcb0984959258cb473225fa414c7b5c7ae1bbf2c9744b6643

    • SHA512

      d3c66d2e29b1923537940222a57d1d3e3eb3cc9d582484c5a2531423bb9f922c7491f899e1d7fa022e5537378d56a8fde147da77bd2d4491a48aceb8b4e2af12

    • SSDEEP

      6144:8pX691EJoDJ+8mwWB6jgUYrfeWNkG+xP+g5KO1ocivybv6frGgf5oNnPp:8pX691EJoDJ+8tM6jgUYr2WQP+41livn

    Score
    1/10
    • Target

      Code/sgd.exe

    • Size

      1.6MB

    • MD5

      431c32bb0de9a6995504d1edb360d948

    • SHA1

      930d837eb089724c871b907b9ae6db0fb3c7e889

    • SHA256

      0f7172da16b31b0e2ee2703222229f12d09c32fcb6b4823758961abffedd2724

    • SHA512

      4bbb5d25d24a05dabb358db056b759f8b2d0724b69a710339d13a93cbc7a6e0c15f9e44a7fffd391bd0cd822c26a54b6faebe1eac37a7c3cb06585e78b7a543c

    • SSDEEP

      24576:/OPuzQ79f3dmw20zLnBefJwVA5jpggdi:/aFmXcn8Rwaxpggc

    Score
    1/10
    • Target

      Code/stop service.cmd

    • Size

      23B

    • MD5

      8feb837e422429ce2ed277ca4dd705a8

    • SHA1

      2cb6677735aeaadc5ac21d5f8d1f74ba963301cb

    • SHA256

      460b2dfb7969cf99c6ca1bb8763c4d9b9a21ad143e4c0e1b8d3d9d7c9f1368f8

    • SHA512

      5814e7b4b725557dabcf804cf34fdf03269ac61dbf480ccf3728f2e312f2c958070f346665e4ee40c3efbfba208c7146a94d75b9be32486c046509d01c98279d

    Score
    1/10
    • Target

      Code/testpdf.cmd

    • Size

      11B

    • MD5

      5808f39c5a6d00031200f00f7ffe741a

    • SHA1

      cec46987bc3a0fe3f823834fdf720061d8266c12

    • SHA256

      dfcfaf1e35d3a90ec0638205f6a8c19838b6bd4f75206635bfeb1eb39c99f608

    • SHA512

      8ff12b7a62a000eac9cc0fb0280e017b323c1438fe2d6112c4f90fdab126678777a9df771df93413e71edc9a36a37ee2d717a5e5fde88e31d6379726e2e03a20

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      Code/testpdf.pdf

    • Size

      10KB

    • MD5

      f7d165d1258da3422f9b0d932d3c0ee1

    • SHA1

      bf8c25e7fe9b30844046c4fa5cb8b15b3bdec149

    • SHA256

      303c438272b4a9a84add915943aa309ab2ce46dc54c51a7f3984d7392dc59f00

    • SHA512

      148085521ae5c4353fb17b6bf380c9777bf80b647b2bcd51fbc0372efb71e2a696da80367dad4ca339e89ee855e8329ae233e0f19107dd2993ec3597934cff65

    • SSDEEP

      96:18QY9Z/sk0nFwODdfMbpEZkIns78xVcXJ4vtnZkIns78CEVD5g:nAZ/sk0yqubuklJuXka5g

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

macromacro_on_actionupx
Score
8/10

behavioral1

discovery
Score
7/10

behavioral2

discovery
Score
7/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
8/10

behavioral18

Score
8/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
3/10

behavioral30

Score
7/10

behavioral31

Score
1/10

behavioral32

Score
1/10