c3005294d4fa3fd59ee4492607e39076ff8e455e23dc6391277feb34b185978b

Sharing

Copy URL

Twitter E-mail

General

Target

3f9eb923df0704d8b0020383f194ad7c_JaffaCakes118
Size

2.3MB
Sample

240713-bmlphsyhmm
MD5

3f9eb923df0704d8b0020383f194ad7c
SHA1

1524c28a726dd90f6416cc3ab306fe4d0fee7cbb
SHA256

c3005294d4fa3fd59ee4492607e39076ff8e455e23dc6391277feb34b185978b
SHA512

6b71dfdbd2eaf05fda8dbe60b81c8a4ff6218b30dfcbd3bc2245faa3adafaf21e7104802f235acc417ec555d38fdb78571feab7067532ccc1eccdf904cd7fe96
SSDEEP

49152:5Fu7U7pIv0BoUoXBj5jracNibLHkJkgZv:io7av0BoPj52DkJ

Score

7^/10

persistence upx

Malware Config

Targets

- Target
  
  3f9eb923df0704d8b0020383f194ad7c_JaffaCakes118
- Size
  
  2.3MB
- MD5
  
  3f9eb923df0704d8b0020383f194ad7c
- SHA1
  
  1524c28a726dd90f6416cc3ab306fe4d0fee7cbb
- SHA256
  
  c3005294d4fa3fd59ee4492607e39076ff8e455e23dc6391277feb34b185978b
- SHA512
  
  6b71dfdbd2eaf05fda8dbe60b81c8a4ff6218b30dfcbd3bc2245faa3adafaf21e7104802f235acc417ec555d38fdb78571feab7067532ccc1eccdf904cd7fe96
- SSDEEP
  
  49152:5Fu7U7pIv0BoUoXBj5jracNibLHkJkgZv:io7av0BoPj52DkJ
Score

7^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2
- Target
  
  $TEMP/setup.exe
- Size
  
  1.3MB
- MD5
  
  822c753f5b8737072d30ad468e15d436
- SHA1
  
  1186d8957c2d1d68f711d398d431a13289935dba
- SHA256
  
  1c2d82d5c78cf8ca293d174c540eac003bca79be52d34f2404cfc4ac4879c42e
- SHA512
  
  7e38acaaf47c8f672a31732070c2941dd3c17e6da74998bbf7d118244f75cc2f1dbbae52862cd33173e9c4f8e438fc3e056c3e4f1eade03caf865054b40897f9
- SSDEEP
  
  24576:NXnD5tfLR57jXacNi9JLHgZJJkDofjZSS1:tjracNibLHkJkgZv
Score

1^/10
behavioral3 behavioral4
- Target
  
  $TEMP/svchost.exe
- Size
  
  633KB
- MD5
  
  a10354f476aa8c50b96d55d9e8d2bb0d
- SHA1
  
  4490f75e0b3b0653896a1ee4add263485f20fc22
- SHA256
  
  a467d6f91034d1936d550745a4514344115341e3c9b1228ebe17cdaec24f7172
- SHA512
  
  2a99dc95c2bf58ade2157d2bf49d9b2b7152224df6637e3f2ec169510791b5bff2691eecad3e5f6d9593daa7633e118dc609e44f72fd1ac4192215ef6465657c
- SSDEEP
  
  12288:OmMD2tn5CCppD2tnN40OyuE3iPlkwdisMVUoX27aqu1VSX4ZdjnpKS:Om/tn5bpItnNH0BoUoXY4Djpd
Score

7^/10

persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/NSISArray.dll
- Size
  
  19KB
- MD5
  
  14b848866035dea39b912da628307231
- SHA1
  
  d00c8963aee8038d8a22f098cef69b31007196e5
- SHA256
  
  6a129a9eefae85a9412e889e0c74fdaa21d20254fa13cacef5429885775017dc
- SHA512
  
  4538058426c742bf7d823d1cac5303eeff8bf0b524459262181ac79695eead705e7590ae63ce996b8e3afd9a6c8d1fec503f9a11772ebe5c5c4e01930ed97b16
- SSDEEP
  
  384:J+o6oNJDOD4mqjCQ2UcW3++Mnnm8GPHltUIH4qpjiX:gDoNJyD4mqjCOsnmtHltUIYqFi
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/blowfish.dll
- Size
  
  22KB
- MD5
  
  5afd4a9b7e69e7c6e312b2ce4040394a
- SHA1
  
  fbd07adb3f02f866dc3a327a86b0f319d4a94502
- SHA256
  
  053b4487d22aacf8274bab448ae1d665fe7926102197b47bfba6c7ed5493b3ae
- SHA512
  
  f78efe9d1fa7d2ffc731d5f878f81e4dcbfaf0c561fdfbf4c133ba2ce1366c95c4672d67cae6a8bd8fcc7d04861a9da389d98361055ac46fc9793828d9776511
- SSDEEP
  
  384:yTxz0Cv0hqd+1TjQmd9YWrSUEc//////OD5hF92IJpJgLa0MpoYfAz6S:jCvsqdS3QGBREc//////Q53NgLa1ub
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/inetc.dll
- Size
  
  24KB
- MD5
  
  1efbbf5a54eb145a1a422046fd8dfb2c
- SHA1
  
  ec4efd0a95bb72fd4cf47423647e33e5a3fddf26
- SHA256
  
  983859570099b941c19d5eb9755eda19dd21f63e8ccad70f6e93f055c329d341
- SHA512
  
  7fdeba8c961f3507162eb59fb8b9b934812d449cc85c924f61722a099618d771fed91cfb3944e10479280b73648a9a5cbb23482d7b7f8bfb130f23e8fd6c15fb
- SSDEEP
  
  384:XErRo4TdlKCdUk6qz46qu2vPqUcnlSHmkuPJOiya4fF0Ac9khYLMkIX0+GvBgK3M:XiRoW7Kc5bBq1qNlSHmkuPJOJa4f4CD
Score

3^/10
behavioral11 behavioral12
- Target
  
  bfw.exe
- Size
  
  355KB
- MD5
  
  2fcdf1cac08db959d41078c3296bab40
- SHA1
  
  611479a912a1c13565fda76542df2dce048e60d8
- SHA256
  
  848616dba8805eb304f0daab2156b37402adb3256b2a17144c8ba3a3a4f01bce
- SHA512
  
  f6c33bfede57d92e35eb5035033e62901871ead0242f8e91aee5113b98cd6dd9cc477356a6a92f2ef1ef6420cefb931c7da6739f9c91a611cc483016d60dd6ae
- SSDEEP
  
  6144:p6Jb/iKDIv2ZQXQt7zBUnTna10f9YpnFQ7FrPtr8rM+HuLFd:p6Jb/iKDIQpzBUnf/rl+7u
Score

1^/10
behavioral13 behavioral14
- Target
  
  cftmon.exe
- Size
  
  102KB
- MD5
  
  75cedbcff197897f97629194d631145c
- SHA1
  
  4843b854dbfcf8ac0350843857319f340c9ae4d7
- SHA256
  
  d74d2e5ae997d48fe7eb705338d27e95ecd40a9f08c1e8fa989a98c6a3f19994
- SHA512
  
  f2868a8f867a4676213edae6bb382adef1c7c831985cb5df56cd0c1de3eba1b171ac537f6d83c9525db1a5311365a0d121e7cddc51761b2adda2dc054ca340a2
- SSDEEP
  
  1536:/pgpHzb9dZVX9fHMvG0D3XJHNUZF47BLK9rjd1V/DOJ/x6s+bMnikqIzjbanyb:hgXdZt9P6D3XJtkFQKNhDqx3tni5K5
Score

3^/10
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/NSISArray.dll
- Size
  
  19KB
- MD5
  
  14b848866035dea39b912da628307231
- SHA1
  
  d00c8963aee8038d8a22f098cef69b31007196e5
- SHA256
  
  6a129a9eefae85a9412e889e0c74fdaa21d20254fa13cacef5429885775017dc
- SHA512
  
  4538058426c742bf7d823d1cac5303eeff8bf0b524459262181ac79695eead705e7590ae63ce996b8e3afd9a6c8d1fec503f9a11772ebe5c5c4e01930ed97b16
- SSDEEP
  
  384:J+o6oNJDOD4mqjCQ2UcW3++Mnnm8GPHltUIH4qpjiX:gDoNJyD4mqjCOsnmtHltUIYqFi
Score

3^/10
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  14KB
- MD5
  
  a5f8399a743ab7f9c88c645c35b1ebb5
- SHA1
  
  168f3c158913b0367bf79fa413357fbe97018191
- SHA256
  
  dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9
- SHA512
  
  824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977
- SSDEEP
  
  192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go
Score

3^/10
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/blowfish.dll
- Size
  
  22KB
- MD5
  
  5afd4a9b7e69e7c6e312b2ce4040394a
- SHA1
  
  fbd07adb3f02f866dc3a327a86b0f319d4a94502
- SHA256
  
  053b4487d22aacf8274bab448ae1d665fe7926102197b47bfba6c7ed5493b3ae
- SHA512
  
  f78efe9d1fa7d2ffc731d5f878f81e4dcbfaf0c561fdfbf4c133ba2ce1366c95c4672d67cae6a8bd8fcc7d04861a9da389d98361055ac46fc9793828d9776511
- SSDEEP
  
  384:yTxz0Cv0hqd+1TjQmd9YWrSUEc//////OD5hF92IJpJgLa0MpoYfAz6S:jCvsqdS3QGBREc//////Q53NgLa1ub
Score

3^/10
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/inetc.dll
- Size
  
  24KB
- MD5
  
  1efbbf5a54eb145a1a422046fd8dfb2c
- SHA1
  
  ec4efd0a95bb72fd4cf47423647e33e5a3fddf26
- SHA256
  
  983859570099b941c19d5eb9755eda19dd21f63e8ccad70f6e93f055c329d341
- SHA512
  
  7fdeba8c961f3507162eb59fb8b9b934812d449cc85c924f61722a099618d771fed91cfb3944e10479280b73648a9a5cbb23482d7b7f8bfb130f23e8fd6c15fb
- SSDEEP
  
  384:XErRo4TdlKCdUk6qz46qu2vPqUcnlSHmkuPJOiya4fF0Ac9khYLMkIX0+GvBgK3M:XiRoW7Kc5bBq1qNlSHmkuPJOJa4f4CD
Score

3^/10
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/md5dll.dll
- Size
  
  6KB
- MD5
  
  0745ff646f5af1f1cdd784c06f40fce9
- SHA1
  
  bf7eba06020d7154ce4e35f696bec6e6c966287f
- SHA256
  
  fbed2f1160469f42ce97c33ad558201b2b43e3020257f9b2259e3ce295317a70
- SHA512
  
  8d31627c719e788b5d0f5f34d4cb175989eaa35aa3335c98f2ba7902c8ae01b23de3ccb9c6eb95945f0b08ef74d456f9f22ca7539df303e1df3f6a7e67b358da
- SSDEEP
  
  96:GL2PcvGn5olZMTZxEp8agTsflVwn4GogZcko5N1ub:U2Pxn5UZMTZipyaw4ZkKP2
Score

7^/10

upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral25 behavioral26

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Loads dropped DLL

Adds Run key to start application

ACProtect 1.3x - 1.4x DLL software

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26