fc658f3cbfef5d8e977eead8b8cad4c7238a6b47cafcdbfad26def954a1ff775

Sharing

Copy URL Twitter E-mail

General

Target

2d45e37bc2df95a2916db7b3f7c9fb0d_JaffaCakes118
Size

243KB
Sample

240708-we8vastcmf
MD5

2d45e37bc2df95a2916db7b3f7c9fb0d
SHA1

adc6f23f0d8e9925f03936bf57333cf0b9a40b38
SHA256

fc658f3cbfef5d8e977eead8b8cad4c7238a6b47cafcdbfad26def954a1ff775
SHA512

be59623dbcd07687ad9131e222d6d475b5623c0e43c97194a86a6e7c413ae16afef2a0ba6bb1ebbc8625ad50a34a13cfdfdfba0834f234ca2788d1359e61aff4
SSDEEP

6144:4e34627fYY536rFeCCp/HZodCgWL1TSMp:dyfYq36kn/HzgWhSMp

Score

7^/10

upx

Malware Config

Targets

- Target
  
  2d45e37bc2df95a2916db7b3f7c9fb0d_JaffaCakes118
- Size
  
  243KB
- MD5
  
  2d45e37bc2df95a2916db7b3f7c9fb0d
- SHA1
  
  adc6f23f0d8e9925f03936bf57333cf0b9a40b38
- SHA256
  
  fc658f3cbfef5d8e977eead8b8cad4c7238a6b47cafcdbfad26def954a1ff775
- SHA512
  
  be59623dbcd07687ad9131e222d6d475b5623c0e43c97194a86a6e7c413ae16afef2a0ba6bb1ebbc8625ad50a34a13cfdfdfba0834f234ca2788d1359e61aff4
- SSDEEP
  
  6144:4e34627fYY536rFeCCp/HZodCgWL1TSMp:dyfYq36kn/HzgWhSMp
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/DLLWaitForKillProgram.dll
- Size
  
  28KB
- MD5
  
  9c4b8ec42d89f7557bfd90798ce52787
- SHA1
  
  2376dde426ea65aa27c30e304086310605382475
- SHA256
  
  ed52bdad7b383a179b9b0e21fefdda2d72695c5263a815d5e1e0bfac6c718548
- SHA512
  
  17c12a27a08746755868558c037376dd7e20f03f0f71888c1329903b70975a54f57786c3c32bf88aaf30119f11ed978a6830ba91949e11cfc94fbb5ad95305b7
- SSDEEP
  
  96:EP5ZuFye0MyQW4uPwhs+R/+gFrE1m/U/uG98bp2y+HS21kEZ1b+4Tu9C1uGg8wBu:akFyFRQ5wIzlH/UGq36EZY4T+Gul8U
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/DLLWebCount2.dll
- Size
  
  28KB
- MD5
  
  c49642ba9d55a615e141b3d08d929c1d
- SHA1
  
  537229bbac385da55e2b405db64f4bf3c7d4aac5
- SHA256
  
  03d23f6d0106e407ec499aaebd9db3884f8347ffb6fd60328623eacd1b29aacf
- SHA512
  
  2b24fbc76343dcdf0823265d141c9828c31b05d7a62522f26fa63b98cd3e3df7f60296361f6502f32ee269167649ff290f861c69cd645b61067fb21a20f9f9f6
- SSDEEP
  
  96:6K9Q0hcgBkt9te55782Yf2062GKofHkxbt1USvf97kzPaJsvvuLBudGaQJ86nU:PQ0mgfplYfAKom5+Sd0NvYYdbQJ8n
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/IEFunctions.dll
- Size
  
  3KB
- MD5
  
  9701818d39318145dd164794ef3a3846
- SHA1
  
  7db701f8dc19163d46ba88e8b68d8dbf428a8152
- SHA256
  
  3122b0413f74e88518cfd1b9c6e18435dd326ca177a2374b6405df78f43e776a
- SHA512
  
  d92786630250e9eb6c47537b09684fa107f959b50d255c7f3952741eb438c3be47e171827d3a4407b049c33c12dad73f8ec381a7265b28a6d8ca101ff702e8a4
Score

1^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/ISCHECK2.dll
- Size
  
  48KB
- MD5
  
  408dd8f636aa981aee54680d7b3823b0
- SHA1
  
  279d57cb450e8f523e2b42461e96aeec20116a87
- SHA256
  
  df74e680cbca9c3debd520c3b05291a40f4d579a64e71a49e41f588d58060c16
- SHA512
  
  2a44ae2d957e23d34fc3b2b6661c11d0c19eaabdb18dde9f392c03808d4f4c44b6dfe3e06b64aa350a0e947d05c83e4c7380ee4c4eec221106c03dd22e5f0743
- SSDEEP
  
  768:MSLHDf9yTTh0y1ziVJarqwi0w4Kc1Jcl5d/vtxD:MuyTTyy1u7H0wqclH
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  325b008aec81e5aaa57096f05d4212b5
- SHA1
  
  27a2d89747a20305b6518438eff5b9f57f7df5c3
- SHA256
  
  c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
- SHA512
  
  18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
- SSDEEP
  
  192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/KillProcDLL.dll
- Size
  
  36KB
- MD5
  
  6958016193a066833556992077bad4fe
- SHA1
  
  5f564945936f99381d7e2408f034f97d069005a4
- SHA256
  
  f38c669c87f2a73768a27a01622690997e9d93d5ca3830b349bd24c3ff9f8d2e
- SHA512
  
  fd6ab5c341b331b80c940ba97a2cd14547c796933a2df26d3dd87ede1602b86d9f8c37baebd7dd4c68d811199fc96a27ad4cb995bb8889d51af91db9f43ba0a7
- SSDEEP
  
  384:IL6T2Izs/XGCanZSwEfj5lwTSYlml89oayKA15JiQNRw/9uosAUdJofiiqd:88Y9gZSwq1lwTS2XA15DRm9cddJo6l
Score

1^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/SelfDelete.dll
- Size
  
  24KB
- MD5
  
  7bf1bd7661385621c7908e36958f582e
- SHA1
  
  43242d7731c097e95fb96753c8262609ff929410
- SHA256
  
  c0ad2c13d48c9fe62f898da822a5f08be3bf6c4e2c1c7ffdf7634f2ca4a8859e
- SHA512
  
  8317af5cc3ac802eb095f3fa8cc71daa1265ca58fead031c07872f3d4bb07663a7002ae734fad392a7617f0923fe0caf1f54ed55afdf8516a6a08e202d86fa7f
- SSDEEP
  
  96:1dIrJYYrzPpqAAZ9sNIaI2y9WulXEGNRrG:nuYATpq/viyYuEYRr
Score

1^/10
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/processes_second.dll
- Size
  
  140KB
- MD5
  
  f0a1eae66dd2f54fbe26c26db5493a6f
- SHA1
  
  46d56b4c6694da1ec4d88b0a5b153dad02b5dca7
- SHA256
  
  8fe4dad8f894bcdb9a83a9d302907de404695be4b50e619afd88f09d72583e69
- SHA512
  
  e1b3c946e90fc30b6cdf953c8c7e96121b462bf8529099e0587f7f243b9d73eeba52b510dd2598937f188f7a35bc1e3785b7589ec6c249996a5795c10dafd1e7
- SSDEEP
  
  3072:F+WSoWifAbFBgChOQcNg3kirQDNgv3gp9Ibzls8:iAAbFBgChOzNgUrDNgvgp
Score

3^/10
behavioral17 behavioral18
- Target
  
  UtilZoneUp.exe
- Size
  
  192KB
- MD5
  
  979eb163393a64fa737ca37e5e324465
- SHA1
  
  79595cacf32a3916d29ee30e2699aebb0fa93f07
- SHA256
  
  73df65c90eb94a13b0bd91980031f090e47a4e48ea0e6e2e872ca0ad945cfa8b
- SHA512
  
  8ea250b1ac235194f616527c0a6796329c48f7b0f7266b76d9f937355a4076cbdf9bc0ebd21fe96e00b0ae2ff3629cbeab79dd525a6d9a12265538603ce9627f
- SSDEEP
  
  768:wPYw2MTsXQjm6za0MKqi3BaQsdFricZ8adkWCQDCdgtJtQ8+0GK4KpiY:wT2MTsa1GRK+brEs2OtUq4siY
Score

1^/10
behavioral19 behavioral20
- Target
  
  UtilZone__UZ65.exe
- Size
  
  73KB
- MD5
  
  44b42e41e2322c59bf765556aa0bec67
- SHA1
  
  1336f85f96abdcd03b137ff2c0cbe62f929ea708
- SHA256
  
  e5094e2495fa4b34bf1940e05457c0b68415a1f1c59ed10e0e31d77de25c3f71
- SHA512
  
  ecb18c909065242f0bc438c6b5c547ec096b1fa39c066c73c15aec9e7025f3b409a5d873f000f0ca85642b014ecc4de7b84f57096a836e0efc212edf24089967
- SSDEEP
  
  1536:HpgpHzb9dZVX9fHMvG0D3XJOhWBV9OdxkqIzjbanyjtg:JgXdZt9P6D3XJ4WBV25Kfg
Score

7^/10

upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Deletes itself
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  14KB
- MD5
  
  a5f8399a743ab7f9c88c645c35b1ebb5
- SHA1
  
  168f3c158913b0367bf79fa413357fbe97018191
- SHA256
  
  dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9
- SHA512
  
  824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977
- SSDEEP
  
  192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go
Score

3^/10
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/SelfDel.dll
- Size
  
  4KB
- MD5
  
  7cff7fe2caea5184d98c147e7e263132
- SHA1
  
  21f39d3d0dd5f7198d67ef30e95d10ae3460093e
- SHA256
  
  281c39b733579e031c62bdd247b41543ece1fe3bd6eda26fc8ad474b10f33101
- SHA512
  
  fb1161b8571d1d0c67e2df0d571b08f5e7a73f81409aed847344154d02406910629181bcce4e18e998ec472f51a6a1b40d956a010abdd10e850413aafa87808a
- SSDEEP
  
  48:CzHDh3jgWMynQfXKsJ3eAn67wN4VDm0pmoZSeJY8JTaCILFoyTFS7lWsaEaSueq:S18WMynkXKOOATEVUPnS7s9TShqTM
Score

7^/10

upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral25 behavioral26
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  13KB
- MD5
  
  29858669d7da388d1e62b4fd5337af12
- SHA1
  
  756b94898429a9025a04ae227f060952f1149a5f
- SHA256
  
  c24c005daa7f5578c4372b38d1be6be5e27ef3ba2cdb9b67fee15cac406eba62
- SHA512
  
  6f4d538f2fe0681f357bab73f633943c539ddc1451efa1d1bb76d70bb47aa68a05849e36ae405cc4664598a8194227fa7053de6dbce7d6c52a20301293b3c85f
- SSDEEP
  
  384:RlNMjIH4DnFnyJ0Dt5ZtmVWsSLr4z9VwzU:RlqMYzFnD/tmQFLrSw
Score

3^/10
behavioral27 behavioral28

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

ACProtect 1.3x - 1.4x DLL software

Deletes itself

Loads dropped DLL

UPX packed file

Suspicious use of SetThreadContext

ACProtect 1.3x - 1.4x DLL software

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28