Overview

overview

7

Static

static

3

31e78a1c8c...18.exe

windows7-x64

7

31e78a1c8c...18.exe

windows10-2004-x64

7

$PLUGINSDI...eb.dll

windows7-x64

3

$PLUGINSDI...eb.dll

windows10-2004-x64

3

$PLUGINSDI...ge.dll

windows7-x64

3

$PLUGINSDI...ge.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

1

$PLUGINSDI...ns.dll

windows10-2004-x64

1

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMP/nsisos.dll

windows7-x64

1

$TEMP/nsisos.dll

windows10-2004-x64

1

IDBoan.exe

windows7-x64

3

IDBoan.exe

windows10-2004-x64

7

IDBoanMon.exe

windows7-x64

3

IDBoanMon.exe

windows10-2004-x64

3

IDBoanUpdate.exe

windows7-x64

1

IDBoanUpdate.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    31e78a1c8c0d6bb31adf7dd599262a79_JaffaCakes118

  • Size

    1.7MB

  • Sample

    240709-zg7xkavcnq

  • MD5

    31e78a1c8c0d6bb31adf7dd599262a79

  • SHA1

    8848e97f859308e47cddc29de45feffe7e90c06f

  • SHA256

    48cd257503086299b5d8fc831375518e29a667c0a5367e85d97056f248ff8662

  • SHA512

    99b71af44e1b4f14656157412c066f815606252934804b20f63b4199e2e7213ab3b9630f37d4712740acc533f31eb0d54203736e1811843bcfc43385cd00eb19

  • SSDEEP

    49152:xzZCD2li5nJU4V4S+wqOeyR5Ewz80WhK1A79Wc:/CDkis4V4Bw/Cwz80UK1A51

Score
7/10

Malware Config

Targets

    • Target

      31e78a1c8c0d6bb31adf7dd599262a79_JaffaCakes118

    • Size

      1.7MB

    • MD5

      31e78a1c8c0d6bb31adf7dd599262a79

    • SHA1

      8848e97f859308e47cddc29de45feffe7e90c06f

    • SHA256

      48cd257503086299b5d8fc831375518e29a667c0a5367e85d97056f248ff8662

    • SHA512

      99b71af44e1b4f14656157412c066f815606252934804b20f63b4199e2e7213ab3b9630f37d4712740acc533f31eb0d54203736e1811843bcfc43385cd00eb19

    • SSDEEP

      49152:xzZCD2li5nJU4V4S+wqOeyR5Ewz80WhK1A79Wc:/CDkis4V4Bw/Cwz80UK1A51

    Score
    7/10

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/DLLWeb.dll

    • Size

      28KB

    • MD5

      b382d6c8d5c6a437b2064d79b5dee47b

    • SHA1

      f8f4eae50d59b3b94762b10984c1fdcf4c08ff47

    • SHA256

      bdb051e1d7fd7b062341b8cb2efce180f2fbb83739fd2143262034be0f2396f3

    • SHA512

      e6d604d18b28beb30c09d987472540306abd925048f58a3c99a4013d44b9f29112419ca15c1bb7ee1560300bf179f9e98dd7e6db75e5aeb0e44fba47ac2dcc99

    • SSDEEP

      96:rP3KIyqFIAedN/0AatJ/l7R6TxNFOUodK8X9/r+uFBudGaxfP0:rP3K79N/HatJ/36T15jcAyYdbx3

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/ExLicensePage.dll

    • Size

      44KB

    • MD5

      134f3a813b42a48cfb11255d90fe7e83

    • SHA1

      b2eadf92260397c8ae1a3dc54b68281d85001858

    • SHA256

      47f59ea4f15db669932f996b658bb87b2f57ff1862ad4976053cd2e9e4568b33

    • SHA512

      7b492daf3038a54a6103dc996b4bb44ece03a4544ae6242cf17ab5e62edede5c60f9553ee16b4fb2ad2be1805163d0b8b5e9568680df84fd738421e36a9aabcc

    • SSDEEP

      384:7um13eB6kWUnHOpI9p8+6P95H282nv2JKiXn5IODyOx:6km6kxHOpIT8LWqHWO

    Score
    3/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/IEFunctions.dll

    • Size

      3KB

    • MD5

      9701818d39318145dd164794ef3a3846

    • SHA1

      7db701f8dc19163d46ba88e8b68d8dbf428a8152

    • SHA256

      3122b0413f74e88518cfd1b9c6e18435dd326ca177a2374b6405df78f43e776a

    • SHA512

      d92786630250e9eb6c47537b09684fa107f959b50d255c7f3952741eb438c3be47e171827d3a4407b049c33c12dad73f8ec381a7265b28a6d8ca101ff702e8a4

    Score
    1/10
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      eef9e469e8a30717974499f277d97e2a

    • SHA1

      2d33c25984ebd9116beeb55cdde4c5c86c023e5d

    • SHA256

      1f35bb6728237483c779005fc227e69fef51b0bafd32d15855d483948a337078

    • SHA512

      d860132106a1c03dfa23f983b3c503f1216ac02f3d47833b96dfb333fb30bc8ab4d4fecd1f1f0a89f0c7f3586405461e2d53c26f282bb48970e549659b364b48

    • SSDEEP

      192:8np6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+MTjK72dwF7dBEnbok:8p6UdHXcIiY535zBtMTj+BEnbo

    Score
    3/10
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c6f5b9596db45ce43f14b64e0fbcf552

    • SHA1

      665a2207a643726602dc3e845e39435868dddabc

    • SHA256

      4b6da3f2bdb6c452fb493b98f6b7aa1171787dbd3fa2df2b3b22ccaeac88ffa0

    • SHA512

      8faa0204f9ed2721acede285be843b5a2d7f9986841bcf3816ebc8900910afb590816c64aebd2dd845686daf825bbf9970cb4a08b20a785c7e54542eddc5b09a

    • SSDEEP

      192:qADKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQbVUSF:qAViJrtFRdbmXK8+WVUw

    Score
    3/10
    behavioral11behavioral12

    • Target

      $TEMP/nsisos.dll

    • Size

      5KB

    • MD5

      69806691d649ef1c8703fd9e29231d44

    • SHA1

      e2193fcf5b4863605eec2a5eb17bf84c7ac00166

    • SHA256

      ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

    • SHA512

      5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb

    • SSDEEP

      48:6EyuygeHCfxwU5x+6kx/k1gONv27oBc2OkIrHHl:VeHCf2762kKsu7oGjkIrn

    Score
    1/10
    behavioral13behavioral14

    • Target

      IDBoan.exe

    • Size

      4.6MB

    • MD5

      9eacc91a2f3d4a7e59982eb682c6bd81

    • SHA1

      ed851a23146136464de013b04d8a503956be9300

    • SHA256

      b70ca38aef941783c8eea06cea5e668a457142f81b69f0a607e737c8bc06658d

    • SHA512

      3e793b9909fe98daec656f70ea79e0b4d25057462b1dddc43ec67d8fc8b441c5a4b9664509347dc8a927bf398cb85ca212a17088b9570c17f72cb31fc78061cd

    • SSDEEP

      12288:1V3NW8FO5+wvx1RhfLYHXQj2FBoO4uwwFjqwnZtoPzmvnbBgOHNETuiKqLW:1ZI8Y3jjwFjqWZWPzmvn9gOHuTuiKqa

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral15behavioral16

    • Target

      IDBoanMon.exe

    • Size

      700KB

    • MD5

      d05328c1eddd20f3334c350e9745b07c

    • SHA1

      54f7d2f1559542d281e260930b28ef5c398f266b

    • SHA256

      0c13cb71d96e672d1b35307be7ab029a6280660f6c540756b4f7acc5445b5cb5

    • SHA512

      949bfc372461cb488e1429ebc117e52b223af4a54e5cde452f5ccbd82c91fd29a53bc521f190a16ee34feb4dc3de95ca463dec8ac151e7b6e3eed27a53474f37

    • SSDEEP

      6144:pCidrGNRZGTEy/UC7DoVrXNCPKQWZh8M3CLZlnG9F60Ugd9ZzI:pCidrkZGkPXNCaZh8MyznGn60bdj

    Score
    3/10
    behavioral17behavioral18

    • Target

      IDBoanUpdate.exe

    • Size

      1.8MB

    • MD5

      f428927c294079a265ff1a4cf3c4c252

    • SHA1

      4b990853f7b94fd15fdcec1f8cd987d84b826acf

    • SHA256

      bc833a2b28b9a73a9388b7552f13de4c6df2ac6c9614579ae60ede41a646de0d

    • SHA512

      9ed22c98ed76cbec82f201e78e40dcf42775418215b9c505de6c80b58c978e5cf5f03c94626d20eeabb6ee76b002dba6c0024bc47e5bb0c3ba5173aa061f4eef

    • SSDEEP

      49152:KfCqCyK0Ks1pDGtXX1QSjhZb1jTilS5erTy+U:KaE7v1pq5X1QOhZbhTsSsrTy+

    Score
    1/10
    behavioral19behavioral20

MITRE ATT&CK Enterprise v15

Tasks