Overview

overview

7

Static

static

3

2852ab3974...18.exe

windows7-x64

7

2852ab3974...18.exe

windows10-2004-x64

7

$TEMP/mirc632.exe

windows7-x64

7

$TEMP/mirc632.exe

windows10-2004-x64

7

$OUTDIR/uninstall.exe

windows7-x64

7

$OUTDIR/uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDIR/mIRC.dll

windows7-x64

1

$PLUGINSDIR/mIRC.dll

windows10-2004-x64

1

$TEMP/uninstall.exe

windows7-x64

1

$TEMP/uninstall.exe

windows10-2004-x64

1

$PLUGINSDI...ol.dll

windows7-x64

1

$PLUGINSDI...ol.dll

windows10-2004-x64

1

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDIR/mIRC.dll

windows7-x64

1

$PLUGINSDIR/mIRC.dll

windows10-2004-x64

1

ircintro.chm

windows7-x64

1

ircintro.chm

windows10-2004-x64

1

mirc.chm

windows7-x64

1

mirc.chm

windows10-2004-x64

1

mirc.exe

windows7-x64

3

mirc.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2852ab3974259e76c50747b1982d74c8_JaffaCakes118

  • Size

    1.7MB

  • Sample

    240706-m6abdaxbqr

  • MD5

    2852ab3974259e76c50747b1982d74c8

  • SHA1

    069fdba2f3f3249c9552a58b820f26d9e7a79a2f

  • SHA256

    0534bd590fba16ba535feaa26babf7dd209ab721ade2c11ffbd26dd44712015a

  • SHA512

    d78c52e5a7abcd9b28a5c4e6dcbe7b51e87ca4673e0aea8396aa8a9de6ef9b959ea69b939ccd5661f308746f79c0fddb18525e93128ae0d49b3610ae0cb40ecb

  • SSDEEP

    24576:qmfQ/C9e3rJ26ysOflZVk77yhLqboLnfGwgshmIicY2sik7qTGTS5Ebk1ocTeBKX:/z92QjLfGaMFEqUQkpeBrQVDrg6mV8

Score
7/10
evasiontrojan

Malware Config

Targets

    • Target

      2852ab3974259e76c50747b1982d74c8_JaffaCakes118

    • Size

      1.7MB

    • MD5

      2852ab3974259e76c50747b1982d74c8

    • SHA1

      069fdba2f3f3249c9552a58b820f26d9e7a79a2f

    • SHA256

      0534bd590fba16ba535feaa26babf7dd209ab721ade2c11ffbd26dd44712015a

    • SHA512

      d78c52e5a7abcd9b28a5c4e6dcbe7b51e87ca4673e0aea8396aa8a9de6ef9b959ea69b939ccd5661f308746f79c0fddb18525e93128ae0d49b3610ae0cb40ecb

    • SSDEEP

      24576:qmfQ/C9e3rJ26ysOflZVk77yhLqboLnfGwgshmIicY2sik7qTGTS5Ebk1ocTeBKX:/z92QjLfGaMFEqUQkpeBrQVDrg6mV8

    Score
    7/10
    evasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

    • Target

      $TEMP/mirc632.exe

    • Size

      1.6MB

    • MD5

      7d7b3d9e516b27c38d1f320a8a70315a

    • SHA1

      d5a5731edf9b9da888418248284e904e9c47a008

    • SHA256

      ca8002ef56a72e454b638ce4d43eafddeeefb84d8b9c88ef251ed622a7ba18ab

    • SHA512

      f73df64a3a8ded18cd2774ae251eacddbddc59d3f1f7b86936e67a2bc6744a70346dd0a0fb7e3d8b53ca72c4455e85350512c083a62e2f4b62e2e6e162cba60b

    • SSDEEP

      49152:PEM1fS5ddxStuE1FOmLSQl22rA0KH+ps0lN0i:PE+K3SsEnTLVY2rAopTlNn

    Score
    7/10
    evasiontrojan
    behavioral3behavioral4

    • Target

      $OUTDIR/uninstall.exe

    • Size

      123KB

    • MD5

      ce2f18f0b8be2966d5c59d55be4b0054

    • SHA1

      bb5a4f9ea6b5cccd9a925ab5d5d3d1c6e308ed88

    • SHA256

      3b95720e40d10cce5fad6e94633b5bea659186a4bed042ef414cd353ec0044ae

    • SHA512

      f3b3821e845475b9ba67bab30413ea849bc174894dcb3ad3f7a270bf0525577442d5ecd5e5d90cac39fa4d211ab125cc388df982575a4d5c3faaa580f98d2949

    • SSDEEP

      1536:uUeHiWRgkkjH8nyWmJ7qkSZZZ3EORDUibMJMF2OC8bt6nZsfwOBeOm+k6TvDqVCm:ud/vyWmJBUXRDBbpC8bknZ7OCUTvDqIm

    Score
    7/10
    evasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      3809b1424d53ccb427c88cabab8b5f94

    • SHA1

      bc74d911216f32a9ca05c0d9b61a2aecfc0d1c0e

    • SHA256

      426efd56da4014f12ec8ee2e268f86b848bbca776333d55482cb3eb71c744088

    • SHA512

      626a1c5edd86a71579e42bac8df479184515e6796fa21cb4fad6731bb775641d25f8eb8e86b939b9db9099453e85c572c9ea7897339a3879a1b672bc9226fcee

    • SSDEEP

      192:i6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxT7K72dwF7dBdcQOz:i6JaVh4I5rpPbT7+BdhO

    Score
    3/10
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      32465a07028b927b22c38e642c2cb836

    • SHA1

      309cac412b2ecf6a36f6e989c828afcdd8c7a6e4

    • SHA256

      eda545d4dcb37098a90fce9692d5094bb56897f04eff6d40e3dedd122a4d1292

    • SHA512

      9d886a722bbbb5d8d77e97d256057fe685f1932042257a8382e13548fe835d01c64de65e2b5ad2c2ff99692b14c924e6ddb84797f6224f1772e8699b421e6aff

    • SSDEEP

      192:gO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1axgMO:ZKAFERdlxhGRYUzqZax

    Score
    3/10
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/UAC.dll

    • Size

      14KB

    • MD5

      b7d7324f2128531c9777d837516b65a6

    • SHA1

      e15e44fc7c907329e1cd3985e8666b4332f4fa48

    • SHA256

      530dc2b26366fc86072487438317a5723a10ff8b38522f9e813df19146a31033

    • SHA512

      829fc241cd377de094faf80bb38828c3d877170ca4a3fd85810bc911d2ce38941f8067ef681c21d8bbc04be8a99a3d32b3aec51ae7b32d3a89e5a9d9597ed8d5

    • SSDEEP

      192:+kipfAcFT9GlPjP5yIUbf7V8rdawGYiYIRTRGczl6MAW1p2oXO8ham:+VNAcXyDUB3VJbR5l6MAW1p88z

    Score
    3/10
    behavioral11behavioral12

    • Target

      $PLUGINSDIR/mIRC.dll

    • Size

      30KB

    • MD5

      8423ec692d326f92dfa7db57f977d315

    • SHA1

      65fd701692fab6dfe24ba0fa2b29e474b6f5da56

    • SHA256

      0d1218f43e2b5b0d4e052918b5193e7e050bb9f0a9bfc39f7395276b8399b50e

    • SHA512

      fbb0f057dc192362584efbbb5e0c9c6fa56584580b3190aba83017905a50b9b3f54aa535281eac34f4a07538a4ddee822d974cb512b4afe28e15b504376102fd

    • SSDEEP

      768:mbMSwdtV3+m2eTu9WumcyQYbHYsvcdQ0:aMVtTu9XBPYhvcb

    Score
    1/10
    behavioral13behavioral14

    • Target

      $TEMP/uninstall.exe

    • Size

      26KB

    • MD5

      ed623fa2550adc153bc47f5dc25e193c

    • SHA1

      bdf665961d0fad6d5929b3571ae3552d38b6a544

    • SHA256

      90de7c00c741e45a62a29521784f9f8e82ac6db9c7595f540e733a927bd79b16

    • SHA512

      f3ea64971f5aba5860f4dc297cf657e543ee78e1c0126fe78efd82b7ceb5b46c9041ab6723dbb1f41a9280f7b5b9bf9771d259cc70004b97a31cad81348b5b14

    • SSDEEP

      384:tq7watW5jFKNyIkIMDzyHZ0oK78hUZZZgYa8IRraGFIdcTtwbM4:sw5jsyIkRDzMqkhUZZZ3DIx7Ribd

    Score
    1/10
    behavioral15behavioral16

    • Target

      $PLUGINSDIR/AccessControl.dll

    • Size

      9KB

    • MD5

      ac426cc4fb1fd52e45333a26d0c0c173

    • SHA1

      aefeb4520503670ec19043f30b52515515bddaca

    • SHA256

      dcd93abe74c1b1191dce90b5764bb9acba1e5d17845ebc26a016ff888c14c1a8

    • SHA512

      1e959012d70c5ca52853b5ffe9032aac1b2569c6875274e494fc9692654eb1c9ebf2d34f2aa8fe99b0a870c00d937826c36c1c4073c9cb53cb1c7697514b897d

    • SSDEEP

      192:kuonnASQXSyIWZ7w6B7lGl6NHdlJmYkw8y:boARxko

    Score
    1/10
    behavioral17behavioral18

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      3809b1424d53ccb427c88cabab8b5f94

    • SHA1

      bc74d911216f32a9ca05c0d9b61a2aecfc0d1c0e

    • SHA256

      426efd56da4014f12ec8ee2e268f86b848bbca776333d55482cb3eb71c744088

    • SHA512

      626a1c5edd86a71579e42bac8df479184515e6796fa21cb4fad6731bb775641d25f8eb8e86b939b9db9099453e85c572c9ea7897339a3879a1b672bc9226fcee

    • SSDEEP

      192:i6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxT7K72dwF7dBdcQOz:i6JaVh4I5rpPbT7+BdhO

    Score
    3/10
    behavioral19behavioral20

    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      32465a07028b927b22c38e642c2cb836

    • SHA1

      309cac412b2ecf6a36f6e989c828afcdd8c7a6e4

    • SHA256

      eda545d4dcb37098a90fce9692d5094bb56897f04eff6d40e3dedd122a4d1292

    • SHA512

      9d886a722bbbb5d8d77e97d256057fe685f1932042257a8382e13548fe835d01c64de65e2b5ad2c2ff99692b14c924e6ddb84797f6224f1772e8699b421e6aff

    • SSDEEP

      192:gO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1axgMO:ZKAFERdlxhGRYUzqZax

    Score
    3/10
    behavioral21behavioral22

    • Target

      $PLUGINSDIR/UAC.dll

    • Size

      14KB

    • MD5

      b7d7324f2128531c9777d837516b65a6

    • SHA1

      e15e44fc7c907329e1cd3985e8666b4332f4fa48

    • SHA256

      530dc2b26366fc86072487438317a5723a10ff8b38522f9e813df19146a31033

    • SHA512

      829fc241cd377de094faf80bb38828c3d877170ca4a3fd85810bc911d2ce38941f8067ef681c21d8bbc04be8a99a3d32b3aec51ae7b32d3a89e5a9d9597ed8d5

    • SSDEEP

      192:+kipfAcFT9GlPjP5yIUbf7V8rdawGYiYIRTRGczl6MAW1p2oXO8ham:+VNAcXyDUB3VJbR5l6MAW1p88z

    Score
    3/10
    behavioral23behavioral24

    • Target

      $PLUGINSDIR/mIRC.dll

    • Size

      30KB

    • MD5

      8423ec692d326f92dfa7db57f977d315

    • SHA1

      65fd701692fab6dfe24ba0fa2b29e474b6f5da56

    • SHA256

      0d1218f43e2b5b0d4e052918b5193e7e050bb9f0a9bfc39f7395276b8399b50e

    • SHA512

      fbb0f057dc192362584efbbb5e0c9c6fa56584580b3190aba83017905a50b9b3f54aa535281eac34f4a07538a4ddee822d974cb512b4afe28e15b504376102fd

    • SSDEEP

      768:mbMSwdtV3+m2eTu9WumcyQYbHYsvcdQ0:aMVtTu9XBPYhvcb

    Score
    1/10
    behavioral25behavioral26

    • Target

      ircintro.chm

    • Size

      74KB

    • MD5

      54894412afd9245018c61ab16f8fdf71

    • SHA1

      97027061402d2f567d262f67c40104a9676e1016

    • SHA256

      220be6f09b32b09be6394b10e278d1e62520ef2ea83707f5d48523bac11ff547

    • SHA512

      a2c18c7e74f386cfa84244265cf43d9e7476ec22eb9561c4bcc3bedf12730ef6b80d8255ab1a15e33ff3298cfc0bdab5e90f28f00f737ff2dda8aae50d3e3331

    • SSDEEP

      1536:sm41sU6WD8cMEfx1ndHrsA+TPrEzqsj0gcNbsctcXk0n:7gsUD8Efvnxrp+TzEGJxbsfkC

    Score
    1/10
    behavioral27behavioral28

    • Target

      mirc.chm

    • Size

      358KB

    • MD5

      4bdd75ecd5a0cdbeb7ff963b2c14f6c3

    • SHA1

      7072bcfc865edf417603c12c2a698f6c791c90f5

    • SHA256

      55c4a9590017c9172d600494ff90bef5c103fcee06463b6a0e22a54182c44364

    • SHA512

      7b35b27d94e7188446d20ff93c437a3a2949a2b331996d4fea3cda24ae16bf2c4d5d633f1ece254cf9aab659bafb4aacca9e7e0440db80a4fc5ecc43b74fddad

    • SSDEEP

      6144:+u8LqG9DwZL9WwOBoDC/vVTAGzJ9jsZh0cVa88nHhm7lylQy:pZLUoDU9jsD0cQ88nIhPy

    Score
    1/10
    behavioral29behavioral30

    • Target

      mirc.exe

    • Size

      2.7MB

    • MD5

      880fcba90fad39cd0d778fb02af3fd5b

    • SHA1

      acb94a207a732bd61e773f81cf54db92219d8b9d

    • SHA256

      9cdd89d661ab70d0fe5daa7874ceef53b4af095be1aeb395d696a5f8cdffdc8c

    • SHA512

      cfd3b8fe1eae43bec669438ee2b45e8f5ef9981a6dffefa42344dda9b094514431fa08ab35ea4b2c75ccba48c8306704a8bf575da4d128827299030c5a8ad717

    • SSDEEP

      24576:hX+riBEs1i6Dw9ijYSOOFI+fj9s/2pHk5TTvV5WFAnY2lRARnoJYDhk134i28RSo:QhLHNIUYDhk19rHWchO3YIzLTm0E

    Score
    3/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

evasiontrojan
Score
7/10

behavioral2

evasiontrojan
Score
7/10

behavioral3

evasiontrojan
Score
7/10

behavioral4

evasiontrojan
Score
7/10

behavioral5

evasiontrojan
Score
7/10

behavioral6

evasiontrojan
Score
7/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
3/10

behavioral32

Score
3/10