a827aeef1409269f76c80f60250f45b379cd688e6800c14bd767478dcdfdfb75

Sharing

Copy URL

Twitter E-mail

General

Target

2bdd82a68c04db9e9f53a02e7314f020_JaffaCakes118
Size

2.1MB
Sample

240708-lrdjtatbpl
MD5

2bdd82a68c04db9e9f53a02e7314f020
SHA1

e3aa309b76f60d5cf67ab80d683366c4578550d6
SHA256

a827aeef1409269f76c80f60250f45b379cd688e6800c14bd767478dcdfdfb75
SHA512

e45591aef694120d9ec17265ac25e356058c5d7698e8a25a96f3a85fe86315939e2a3bebc2341d45a1f5f69ac8cd4256e1214eb436fff0799a84aca8aac8ba62
SSDEEP

49152:zL/jf/gDmDn/cKy7+gATTC7w94qW0uwGv6umAOKIyZk:zLrfkW/U7X0QZTIyZk

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  2bdd82a68c04db9e9f53a02e7314f020_JaffaCakes118
- Size
  
  2.1MB
- MD5
  
  2bdd82a68c04db9e9f53a02e7314f020
- SHA1
  
  e3aa309b76f60d5cf67ab80d683366c4578550d6
- SHA256
  
  a827aeef1409269f76c80f60250f45b379cd688e6800c14bd767478dcdfdfb75
- SHA512
  
  e45591aef694120d9ec17265ac25e356058c5d7698e8a25a96f3a85fe86315939e2a3bebc2341d45a1f5f69ac8cd4256e1214eb436fff0799a84aca8aac8ba62
- SSDEEP
  
  49152:zL/jf/gDmDn/cKy7+gATTC7w94qW0uwGv6umAOKIyZk:zLrfkW/U7X0QZTIyZk
Score

7^/10

discovery
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/DLLWebCount.dll
- Size
  
  28KB
- MD5
  
  3d320f250297fe1dd1ddc350fa154b3b
- SHA1
  
  9236e354d2fe2b9f25a36f1ba686f1f2785e0b26
- SHA256
  
  f1ed5586759eaa6e5edf92bc589b0812620a3d48db3724c833b1fd9ea6c837bb
- SHA512
  
  8e259f6025080180fedcf13b1493910c20242d02c1776a84a79c8ff1aba00ca64873b251578000867bbcd129c46503470e364817afa267bb631e0d47ef31366a
- SSDEEP
  
  96:j4pe13nQHmwy5PFlufG/cg6TGkB4iuGBudGax+suQHV:j4I1XZwy5NbgB5NYdbX1
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/Dialer.dll
- Size
  
  3KB
- MD5
  
  4e6686aece13707435cce60dcb2ab572
- SHA1
  
  9bc7bcffa81e19ad315cab0f261e2394b99aa8f4
- SHA256
  
  b8bdabefe8360a157f287bf2b672d8d9a0453224a6b377348aa6a98438fccaf2
- SHA512
  
  a1936a86e1fd28a0d44e3e2bab4e41d3ebc6322155d47cd64df9d4ec1b3a093872f74f9848d39c6062242ea4f5af69b32e99f06fd892279b2a1a3cc6c1586e3e
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  0dc0cc7a6d9db685bf05a7e5f3ea4781
- SHA1
  
  5d8b6268eeec9d8d904bc9d988a4b588b392213f
- SHA256
  
  8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c
- SHA512
  
  814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0
- SSDEEP
  
  192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/KillProcDLL.dll
- Size
  
  32KB
- MD5
  
  83142eac84475f4ca889c73f10d9c179
- SHA1
  
  dbe43c0de8ef881466bd74861b2e5b17598b5ce8
- SHA256
  
  ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729
- SHA512
  
  1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1
- SSDEEP
  
  384:3rYz6grZodORNWATt4TBmlk5ooyzFh7BukAUdJoUtSOSR:3QggDWATWNCFh7BNddJoxO+
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/Math.dll
- Size
  
  66KB
- MD5
  
  9eb6cecdd0df9fe32027fcdb51c625af
- SHA1
  
  52b5b054ff6e7325c3087822901ea2f2c4f9572a
- SHA256
  
  54cf1572ed47f614b0ffb886c99fc5725f454ef7ff919fbb2fd13d1cbe270560
- SHA512
  
  864742ec6f74f94057b54cd9b09707c0125ac8db4844fa80af201e8b72a811bb68276c993e75bce67e5ece4f83644572edbdee5e963634c5a37839615faea97a
- SSDEEP
  
  1536:LP43WZ4Ql60gam+2MwRmPeqFVHbQH0ZZ1Iet:LwU609VMH0T/t
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/SelfDelete.dll
- Size
  
  24KB
- MD5
  
  7bf1bd7661385621c7908e36958f582e
- SHA1
  
  43242d7731c097e95fb96753c8262609ff929410
- SHA256
  
  c0ad2c13d48c9fe62f898da822a5f08be3bf6c4e2c1c7ffdf7634f2ca4a8859e
- SHA512
  
  8317af5cc3ac802eb095f3fa8cc71daa1265ca58fead031c07872f3d4bb07663a7002ae734fad392a7617f0923fe0caf1f54ed55afdf8516a6a08e202d86fa7f
- SSDEEP
  
  96:1dIrJYYrzPpqAAZ9sNIaI2y9WulXEGNRrG:nuYATpq/viyYuEYRr
Score

1^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  00a0194c20ee912257df53bfe258ee4a
- SHA1
  
  d7b4e319bc5119024690dc8230b9cc919b1b86b2
- SHA256
  
  dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
- SHA512
  
  3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/services.dll
- Size
  
  7KB
- MD5
  
  89408795f143525890bbda9281c42f45
- SHA1
  
  bd9f08641cbe86d18c985cea5325dc2ad8525aa6
- SHA256
  
  065564c3d7e19e7dea083fb9a426dfdfeabba6ca3a7587bee938f75db5753114
- SHA512
  
  ba11a243b97326f6cd12f7f6f8b81e67f7e8f55b5dcf63a7e705813f85c9af1866891770077514051ce153527b074dcba2881b94bdb1925dedc81354e9a84cd6
- SSDEEP
  
  96:XrXHYWyrDznMnpuQQQjGVw1DVjjQrFUsuL579yAwEN3sKPqg3k+9tyz:XzbcUpuQQcCSDVjjQrFDkZ9Fw+3fiYH
Score

3^/10
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/svrreg.dll
- Size
  
  1.5MB
- MD5
  
  9984d4d8a4d912e4a1c34dd9324e2356
- SHA1
  
  7693138b480aa2bfae44b3b07649f30e09ae7e62
- SHA256
  
  e9133b9aff90f271881fefa99f562fbd2860d874e723f5945e72d04b9d6b2474
- SHA512
  
  28cd31da030b0ea13e7b96b1bd3e41f61e4c54fba63c9c650c5409ca669c16698a5610e126dca26d6de61e80d70f01b37183b8a82ccb2a75e54b6e4b6d9799f7
- SSDEEP
  
  24576:zL6B4nqJax6gF2+sGv6tPQ0hqNKo43duJFYxu1BJDVoR/FFATtMLX5CyXnxwYM7b:36B4nqJa1F2xo6tY5NS3dk1BJZojrIED
Score

3^/10
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/time.dll
- Size
  
  14KB
- MD5
  
  8676721a04a174016e5d3f3c554302f1
- SHA1
  
  5f230d048560e70bfcb05aace39ad349bc8ff0aa
- SHA256
  
  700cf2c2ae144ad688a33d2df320b415425749e1ee87b9ae61edcb42650a1390
- SHA512
  
  aa54460dbfe691ece82080df64af98eaf66374060bbf85d8e48e17ec0ab296489a9822c6e8020d5809481e90b1fec9f0558559a0f096ab0452502f7a404a2d0e
- SSDEEP
  
  192:FMGPLjEMXjEMY6X+o5lo2kCK2nKhgOezjEVLmupUH0YBMfVkKlm:FBvBz/Y6Pls2Khx7pm080Q
Score

3^/10
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/wingfavi.dll
- Size
  
  1.6MB
- MD5
  
  96c2faa6800f061e2e03f6368b12dad4
- SHA1
  
  43a339e298e6786dff59c68d2ab6793fe34bc6a0
- SHA256
  
  f5d055f3ec74394ea4e988d9476b00107542bfc40032b6bf99b5662c42c33b98
- SHA512
  
  a283c3ebb906f0d6d6b43d4f99da851c9ad6884676da7e9c9dfcd809c4563f1e562e03cde4c9b76e1ad75fb0c784ebcbf5d17a81fdf59d4b99d5d95fcf70111f
- SSDEEP
  
  49152:q4riMwYihpeVd9dwfCmky77XZp+zNVZeg0mFUqfo07xXm:qjMIhpeVndwfCmky77pEzNVZeE6Co07g
Score

3^/10
behavioral23 behavioral24
- Target
  
  WingSearcher.exe
- Size
  
  1.7MB
- MD5
  
  a1f12343e5fd7f58e69635b8b06d2910
- SHA1
  
  08cb3da1ff9a32b3622a400cff8e62c170f4f1a8
- SHA256
  
  54e100af21959f812a00b970ac8c56c98fece30782c72345ff490c95d7a3ed2d
- SHA512
  
  73a47c7c4219086c81fa680a034e911c4c3fea82bb9d6f83879942afd10d474b43016f2f9664a85cff1dc221f56108a3a8621c0a0e1642c4817981aa0d46b3c6
- SSDEEP
  
  49152:0XVwWQUId4vZn7SvS5ECmCPCsK4usSbACS69z6PeqlR6Ci0yuhBSlE:cwWQUI6ZncS5EsPCsK4usScCBQblR6CV
Score

1^/10
behavioral25 behavioral26
- Target
  
  WingSub.exe
- Size
  
  1.7MB
- MD5
  
  30debbed434c203fe087a166b3fa4400
- SHA1
  
  471428494c4a5a735212b9ea124efe48b615e7f2
- SHA256
  
  8010f549f061d02a60ce9edcd9f470a16572c669cff63c839f8539fc712e3af0
- SHA512
  
  10b8457eff79e1417403ed396657e215fdcec15465e9b34c3eefff66e51b51b718558c7ae77f0ac83cd42916b7246e837922966ad4d9c4e9eb6d6ce52eb796f8
- SSDEEP
  
  49152:wLahZOSWCKrKf/97v1H4WIK8He5l29vFyIg6FDrP87o9tjTeitP:w+ZOSWvr697v1PIK8He5l29vFyIgd7od
Score

1^/10
behavioral27 behavioral28
- Target
  
  WingSvrs.exe
- Size
  
  10KB
- MD5
  
  7b9ed09fa5d96eec6ec2d330b49c5b61
- SHA1
  
  e3a7b005ab9b25250e598d85e238db53f755bd8e
- SHA256
  
  a48ac4c9801ce568a566f2501552419ac7216e5bb0da7af27571178e1ff6dfed
- SHA512
  
  b0f39baf0b8608788a58348d52ad9bf2709c6e1eba67cb65e3926859cc3a84c97b95a58349a6fbbb8dc0feec01baca38518e4f6fc99a4cc9e7b07f92930ea0c6
- SSDEEP
  
  192:Mngv8awzGfs6KAYEHFnFDar+52jSzrRXVQG6JaP+2:RJ2Us6KAvHrar+EjSH1Vr+2
Score

1^/10
behavioral29 behavioral30
- Target
  
  msvcp100.dll
- Size
  
  411KB
- MD5
  
  e3c817f7fe44cc870ecdbcbc3ea36132
- SHA1
  
  2ada702a0c143a7ae39b7de16a4b5cc994d2548b
- SHA256
  
  d769fafa2b3232de9fa7153212ba287f68e745257f1c00fafb511e7a02de7adf
- SHA512
  
  4fcf3fcdd27c97a714e173aa221f53df6c152636d77dea49e256a9788f2d3f2c2d7315dd0b4d72ecefc553082f9149b8580779abb39891a88907f16ec9e13cbe
- SSDEEP
  
  12288:zNb8zxr1aWPaHX7dGP57rhUgiW6QR7t5qv3Ooc8UHkC2ejGH:zNb8Fpa6aHX7dGP5Kv3Ooc8UHkC2eKH
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Deletes itself

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32