Overview

overview

7

Static

static

5

MARD_25_2/Point32.exe

windows7-x64

3

MARD_25_2/Point32.exe

windows10-2004-x64

3

MARD_25_2/Update.exe

windows7-x64

7

MARD_25_2/Update.exe

windows10-2004-x64

7

MARD_25_2/atwtusb.exe

windows7-x64

3

MARD_25_2/atwtusb.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3663905eff488218f5ff929c7efcd3ff_JaffaCakes118

  • Size

    814KB

  • Sample

    240710-zy3zyasejf

  • MD5

    3663905eff488218f5ff929c7efcd3ff

  • SHA1

    0a1276b23e703eed916f278181b683a3b9ed97a2

  • SHA256

    08656f012511f74c5fc1ce196dceb15b7cfc722c37263bb856b820f19ffc091f

  • SHA512

    b9cfc8ea9c0574cfefbb89bf92364f8018160851cb5e7c9de0428c0b30a5ab243bcba19536b046a5f641f7479a99ce537d62a71014a5a7b975ced450861ec646

  • SSDEEP

    12288:tMc+0aqFrLBw3hKvFlF9KvdMou+6hxRjL84NtGJi0qJc8f9kNKMp7yEWMT0KMK6q:Kn0aAJv/M6hQ0wN8JpMZy27Ao3B

Score
7/10
adwarepersistencestealer

Malware Config

Targets

    • Target

      MARD_25_2/Point32.exe

    • Size

      512KB

    • MD5

      50b759474208ed15db3e792da2f39a72

    • SHA1

      eef49a36c3275f5529f9b6cbd4124765bb147543

    • SHA256

      2810028f749d734fb09fca8aaa4e0dc67ad794fff1f4872bee88452bd7075568

    • SHA512

      a59e10401f8cdba98716d5a3fd36ba1e4ec239becf4cf9c560c9da20ca874893cdad135b9aeba1d535e0b642eae37f5555fc6777426bd7de29182516ff1caee2

    • SSDEEP

      6144:4/8JeJfEuGs8k/bUlgqjpJDHCq17WSTLp980sbpy3KR/ie5bTEju4IIQVa:lJeJfEuGstgg/kjp98zHpie5nsaIQVa

    Score
    3/10
    behavioral1behavioral2

    • Target

      MARD_25_2/Update.exe

    • Size

      284KB

    • MD5

      ae6f29676e667282d7a35007b4a546a3

    • SHA1

      16cd9fb072b6b5209833db54a4f2e382fdba06d6

    • SHA256

      5635cd7c6aad1bf6e1915d207a99c92d2bc48cbaeb673416cc5f913dd233309f

    • SHA512

      ccfab3f8f1fbdf414d4164ee4d1080c08e44a312934befe338637e287427c3c49a35d28dcb36ffd3650fbdc5d5ec0565ed07f9a6c8ac8290c74ae6b686542296

    • SSDEEP

      6144:FY94N434H7Kl8QiPaShZhcI9gzICFBYiA0ppw35RJx:29OVehCYSgZuB35RJx

    Score
    7/10
    adwarepersistencestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral3behavioral4

    • Target

      MARD_25_2/atwtusb.exe

    • Size

      600KB

    • MD5

      ad9dd508d210487f099ab56fe2ea40d6

    • SHA1

      031e2c1d484c8c215f48f851df8cda2ac2e7dd96

    • SHA256

      46c05479987097e5d4a4a128db1011182bdd9ed339ef97ef6a99bd973bc5738f

    • SHA512

      58905b72ec63bbd8ce6f7623b16a17e91c4be53357bebe2dbefbf2cf2165ef555848916039db00160e4537e3ee8820a590ac0c845ad89ee9921321ebb8488f92

    • SSDEEP

      12288:lJeJfEuGstgg/kjp98zHpie5nsaIQVbOIi7ulr:lJeJfAqkjp98zHpieds+bXp

    Score
    3/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks