Overview

overview

7

Static

static

3

34ff09035e...18.exe

windows7-x64

3

34ff09035e...18.exe

windows10-2004-x64

3

$PLUGINSDI...64.dll

windows7-x64

3

$PLUGINSDI...64.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ew.dll

windows7-x64

3

$PLUGINSDI...ew.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$TEMP/KWMU...te.exe

windows7-x64

7

$TEMP/KWMU...te.exe

windows10-2004-x64

7

$PLUGINSDI...64.dll

windows7-x64

3

$PLUGINSDI...64.dll

windows10-2004-x64

3

$PLUGINSDI...ew.dll

windows7-x64

3

$PLUGINSDI...ew.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$TEMP/soba...wo.exe

windows7-x64

7

$TEMP/soba...wo.exe

windows10-2004-x64

1

$PROGRAM_F...er.exe

windows7-x64

1

$PROGRAM_F...er.exe

windows10-2004-x64

1

$PROGRAM_F...ar.dll

windows7-x64

7

$PROGRAM_F...ar.dll

windows10-2004-x64

7

$PROGRAM_F...rX.dll

windows7-x64

7

$PROGRAM_F...rX.dll

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    34ff09035e69a5cc710b3bf8229922aa_JaffaCakes118

  • Size

    1.9MB

  • Sample

    240710-q7pn8s1hmn

  • MD5

    34ff09035e69a5cc710b3bf8229922aa

  • SHA1

    7f02081945e9305c4a816f630a0b46d1dff3d945

  • SHA256

    c9cf241b510622abc59c2c15a217a7dab5467c09548e3b24401ae202401a69bb

  • SHA512

    854668f0fe2c2f08afd4efe21f6761d796b2dc0f87cca5074f0e5b6f1433103ad8d40abd3364c1291f504dbc1d2981d227fc4f1a0e7bbcc6edcd9d09e302b374

  • SSDEEP

    49152:ne6q6SzktuBSFk92pLkOhNark9gAbzHyDAEcavTzmGxPQ41:e6FC8Fk926IawziAEcajQ41

Score
7/10
adwarediscoverystealer

Malware Config

Targets

    • Target

      34ff09035e69a5cc710b3bf8229922aa_JaffaCakes118

    • Size

      1.9MB

    • MD5

      34ff09035e69a5cc710b3bf8229922aa

    • SHA1

      7f02081945e9305c4a816f630a0b46d1dff3d945

    • SHA256

      c9cf241b510622abc59c2c15a217a7dab5467c09548e3b24401ae202401a69bb

    • SHA512

      854668f0fe2c2f08afd4efe21f6761d796b2dc0f87cca5074f0e5b6f1433103ad8d40abd3364c1291f504dbc1d2981d227fc4f1a0e7bbcc6edcd9d09e302b374

    • SSDEEP

      49152:ne6q6SzktuBSFk92pLkOhNark9gAbzHyDAEcavTzmGxPQ41:e6FC8Fk926IawziAEcajQ41

    Score
    3/10
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/Base64.dll

    • Size

      32KB

    • MD5

      fb6ffa30b708e9413d71a2c95558d0f1

    • SHA1

      a4a67a7b6c53e47f9a741e06c701e03382dc548f

    • SHA256

      3ae1c3fbf851e0de9865191b00b5fc26be32eb4f2ccb81b47e1488c2805402ae

    • SHA512

      b1e4e9e263add6c6d9f7309d739375725f7c4afd645caebea903f7b8963c0ac8d2728dee3edd999f8496b100ba8bd5fd7e5c3c4c17ca0bbcd24923c0cb270415

    • SSDEEP

      384:zFE2o6I2uTFKX342X5xzumltM//yaGPzUo7o5F8:zFES1uTE4W7zwmPzt7o5F8

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      12KB

    • MD5

      1d5c649dde35003a618b9679d5d71b92

    • SHA1

      0409bbab3ab34f8c01289cdd847b4d1a32d05b18

    • SHA256

      0f4d3cee24e3f310fa804983c931d3628613988a24f0be7854f63a9309b8e45f

    • SHA512

      b432ebcc52905662d61a3f17e08e209a3f9d836a9071b3b5e80070af7ebcf34cf66c44426dda041c2a258fda4787e5692e2b35acbcd73288fb84fe3c977bbfd9

    • SSDEEP

      384:pKlm7i+c3QW6ckPhyDEaLnA2bbBBIXwZ:8qi8BcyhEhLBbbTI

    Score
    3/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/KillProcDLL.dll

    • Size

      32KB

    • MD5

      83142eac84475f4ca889c73f10d9c179

    • SHA1

      dbe43c0de8ef881466bd74861b2e5b17598b5ce8

    • SHA256

      ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729

    • SHA512

      1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1

    • SSDEEP

      384:3rYz6grZodORNWATt4TBmlk5ooyzFh7BukAUdJoUtSOSR:3QggDWATWNCFh7BNddJoxO+

    Score
    3/10
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/KuWoNsis_new.dll

    • Size

      131KB

    • MD5

      435f56efd65613ea1cbd34ca5e95f8e2

    • SHA1

      09fe51d8cf18eff80d9bc2ee3b5b2d59d7793bf6

    • SHA256

      f90bbd3423ef81b05c7fbe62a7fc0ed3257e615144272beafcf8305cf457fa34

    • SHA512

      54fdfbd43b98abc0ee437f359d53735dcaa020a5fdadd9242966bcba02aac172eec921de2d18fa2be0d5bf056d273bcd6f2fee04bcd41c7cc1144d899a460be3

    • SSDEEP

      1536:Wy8MsIG8DZxvF4azRi/IwH/PuBnQPt3da2Cgbxzv6DGn43PA5rBdefgAO2:WJxp89/zQQ2t9v6DG445Fdm/

    Score
    3/10
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      4eff5fafd746f5decb93a44e3a3d570c

    • SHA1

      a11aa7681b7e2df1c7f7492a127d332d1495ea8a

    • SHA256

      cf61ddd15d63c25a12caee70f51ea736cfc02195c42e56ee01b33f689d3754c5

    • SHA512

      cde82d2a1f28506e4c2264f6b82017a00af32f138ebcdbaf4cc58463870fa626f708aa57465294c5a6f096c886841e7b9112b85bf3ea2f1d8f2da816b51b2d72

    • SSDEEP

      192:0OycJo/rJVCmIDNLU0dq5RD00lspbub76yL:6/QQ0d0RD0USq/6y

    Score
    3/10
    behavioral11behavioral12

    • Target

      $PLUGINSDIR/inetc.dll

    • Size

      18KB

    • MD5

      94a8ace2be90a687c1b1729c32c66e50

    • SHA1

      94cff89cc170c00b1f849460f78cb12ab8730538

    • SHA256

      1a6c160fd844dea35195371476119f91eab302d701b0f6f1c3fe87ad92cc93df

    • SHA512

      ba23dfa7a29450451ac3f6ef6bf9e89352e1d17f7a2b7c7e5a87839becd6676542d2189d443322b3cad08b1bcac8851eebf9964fa37190e551f0bd717dcc5deb

    • SSDEEP

      384:jlkcI7HjShsRSSMxCkRimJrr7Jsc8Xtya9zT0Ac9khYLMkIX0+GiBgAqkF:jEjVQRjRiml5vSQa9zSm

    Score
    3/10
    behavioral13behavioral14

    • Target

      $TEMP/KWMUSIC/DownloadUpdate.exe

    • Size

      128KB

    • MD5

      af7aa1d51bf97c249aca404eda269e8a

    • SHA1

      2284331a6e41906baf23e60016555d55952506cc

    • SHA256

      2b0230edd09e775590fb8b7597ad1eee692ccda704a575bfd50433099f7b55c9

    • SHA512

      498c402e81e7eaf2f217d5a8a0a580f4a2d45edcab65a06c8011ca8682a80388a23fe3c1ffcebdfbb6f9221096e68ce7b1ab6bb675a6b57df01618ea1de2fce0

    • SSDEEP

      3072:+ZGlFw7fonu4sPJBWU4jlod8BiqHprM1ZZtDDkbimVmj:yWwMnudZfX2sj

    Score
    7/10

    • Loads dropped DLL

    behavioral15behavioral16

    • Target

      $PLUGINSDIR/Base64.dll

    • Size

      32KB

    • MD5

      fb6ffa30b708e9413d71a2c95558d0f1

    • SHA1

      a4a67a7b6c53e47f9a741e06c701e03382dc548f

    • SHA256

      3ae1c3fbf851e0de9865191b00b5fc26be32eb4f2ccb81b47e1488c2805402ae

    • SHA512

      b1e4e9e263add6c6d9f7309d739375725f7c4afd645caebea903f7b8963c0ac8d2728dee3edd999f8496b100ba8bd5fd7e5c3c4c17ca0bbcd24923c0cb270415

    • SSDEEP

      384:zFE2o6I2uTFKX342X5xzumltM//yaGPzUo7o5F8:zFES1uTE4W7zwmPzt7o5F8

    Score
    3/10
    behavioral17behavioral18

    • Target

      $PLUGINSDIR/KuWoNsis_new.dll

    • Size

      128KB

    • MD5

      9bb7eeaf65c2a6367956374c6105bea7

    • SHA1

      530b83c65939abcec7b1ed17ee13d8e169ad9e34

    • SHA256

      5ac5cd24d0dc531ca1113c62209575e25f6dbb3c3734e8cc1f7c5237a3c94b52

    • SHA512

      b3221cc2f3217482e0de772c496a1adcd7966a81f670b8400d4bde5fb69026fa76e5f71793070ce1143c81d44eddc83fffaa00ba5ea27c3d5aa854e6de476d06

    • SSDEEP

      1536:FrsTtUNS1rRfGZ7x2/tzP2yNbslfwIEN61gkEKZuEVnSA5m63:F+tKS1lG/2VcFg6ErEVn/5P3

    Score
    3/10
    behavioral19behavioral20

    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      4eff5fafd746f5decb93a44e3a3d570c

    • SHA1

      a11aa7681b7e2df1c7f7492a127d332d1495ea8a

    • SHA256

      cf61ddd15d63c25a12caee70f51ea736cfc02195c42e56ee01b33f689d3754c5

    • SHA512

      cde82d2a1f28506e4c2264f6b82017a00af32f138ebcdbaf4cc58463870fa626f708aa57465294c5a6f096c886841e7b9112b85bf3ea2f1d8f2da816b51b2d72

    • SSDEEP

      192:0OycJo/rJVCmIDNLU0dq5RD00lspbub76yL:6/QQ0d0RD0USq/6y

    Score
    3/10
    behavioral21behavioral22

    • Target

      $PLUGINSDIR/inetc.dll

    • Size

      18KB

    • MD5

      94a8ace2be90a687c1b1729c32c66e50

    • SHA1

      94cff89cc170c00b1f849460f78cb12ab8730538

    • SHA256

      1a6c160fd844dea35195371476119f91eab302d701b0f6f1c3fe87ad92cc93df

    • SHA512

      ba23dfa7a29450451ac3f6ef6bf9e89352e1d17f7a2b7c7e5a87839becd6676542d2189d443322b3cad08b1bcac8851eebf9964fa37190e551f0bd717dcc5deb

    • SSDEEP

      384:jlkcI7HjShsRSSMxCkRimJrr7Jsc8Xtya9zT0Ac9khYLMkIX0+GiBgAqkF:jEjVQRjRiml5vSQa9zSm

    Score
    3/10
    behavioral23behavioral24

    • Target

      $TEMP/sobar/Baidu-TB-ASBar-Silent_kuwo.exe

    • Size

      1.3MB

    • MD5

      8ea8a0ed6b1d1e8dac94d077db2829a9

    • SHA1

      d6a0ac5e6050b094b13c6394a30cb9e814d95c6a

    • SHA256

      b601c7af794efc689a621c07c603b823045064fce3ab9b6cfe636dc911f8a205

    • SHA512

      3ce7525d3a767f3e5e4cff7d4d5c95fb57dba548ac85184722ba9119a6c3637eeba8b356e796c7ca75224fe284e1ca721f707a9aa230158df91e57f360ea981b

    • SSDEEP

      24576:j2hb7qMRVe4uCpatoAKlERcbLoGgnDmUW+KpsiQpcolabndso7zJk1r4CN:j2NVeN/2AKOGbInIuAolabndNXi19N

    Score
    7/10
    adwarediscoverystealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral25behavioral26

    • Target

      $PROGRAM_FILES/Baidu/ASBarBroker.exe

    • Size

      129KB

    • MD5

      0ebf8f583abb1ffb40c07b87eae4edb3

    • SHA1

      ef91b3245f426b86c2b69fd9678176d3be05c009

    • SHA256

      00a481ef9985281177c1f6cc6d055c2bdb719db224637e7eb474a3eaab6305cf

    • SHA512

      0bca7bc46019628149afb00cd69d26fd59195c4cbecbb472f9afabf73e8b3eb1da20fdaa4ef03c0776d11b5c8532d16b40a927e4b8b68640067c145cb7e463b4

    • SSDEEP

      1536:K+4yiwujgLVFsP+TCwXCqm5vb+cNCZkBfT3ol9t7tG2Tn+8Z7nzrNPTJdSnaxCi7:AdwusDXUfvbhNCool9t7tG2TXJz9maD

    Score
    1/10
    behavioral27behavioral28

    • Target

      $PROGRAM_FILES/Baidu/AddressBar.dll

    • Size

      1.1MB

    • MD5

      57d9f8b6e595ef4a02d8630c53fddcc3

    • SHA1

      523dedd35613dc3221657876a3f5248e38e2a842

    • SHA256

      c9a2b8ff0be921e2ac2ff6993f7fecc486b02969254884f89af3a19babfcf7e6

    • SHA512

      e95f144caa3bb636fd4a085a24a41d95ac6dae1c47d729400bb65a37527863b02b15e98cb62121f2155956f8a2b177f3b1a11d9ba08881858924d9bd75be985e

    • SSDEEP

      24576:ToJx/zjXPRxxgihJfn9svZw/UDkK4ac3tHtTKJZTXjSH/:ToH//nxzhlXtNTKJdXjSH/

    Score
    7/10
    adwarestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral29behavioral30

    • Target

      $PROGRAM_FILES/Baidu/Toolbar/BaiduBarX_Tmp/BaiduBarX.dll

    • Size

      2.7MB

    • MD5

      71946bb03e05a64a16a0656e09e6b5eb

    • SHA1

      788f4ddc25c4d83f86d333c19a4bf0194b9475f5

    • SHA256

      c2335cdd499511baf39d434b2e7e884b2792808696dc5621e9001bebcac68348

    • SHA512

      3cb13346691788f443f80d19b2d15123bfc30070c89b15a46627e2694319ea0c500a2d6914a2f01c1f588dded0631b59f3ae93aad3af7960766c45f52b87697d

    • SSDEEP

      49152:y+iYHeGF8oBqZeyk4ErwrbS1zK/bmN0xThIAywkLFmTmjIGiANja:xFem8oBqZeyk4ErwfS1fNyitLHI5

    Score
    7/10
    adwarestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
3/10

behavioral2

Score
3/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
7/10

behavioral16

Score
7/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

adwarediscoverystealer
Score
7/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

adwarestealer
Score
7/10

behavioral30

adwarestealer
Score
7/10

behavioral31

adwarestealer
Score
7/10

behavioral32

adwarestealer
Score
7/10