79f16938bfbb43225489e05d8b75dc982720f723a07318623e7d638633f8237a

Sharing

Copy URL

Twitter E-mail

General

Target

5b2263b31fdf0c91b335494d22c5156c_JaffaCakes118
Size

1.0MB
Sample

240719-j5238avaqc
MD5

5b2263b31fdf0c91b335494d22c5156c
SHA1

587317ae94a89521c3ef31f72d3d960f1af63799
SHA256

79f16938bfbb43225489e05d8b75dc982720f723a07318623e7d638633f8237a
SHA512

916bfa242bc5f91ed554fce6a9222e5ad92492f31f343696c81b64281a6de77b412d1ae4a0a37272490c49d331048fc12d92222be53f3826f30503836b3f30fc
SSDEEP

12288:n94iIWKWdHaaNXib4W8e80M8J3OHFXC8WflEdAKEFD7z4hgK6LQf7H5jVhPcWryO:nSiIadFVibp6OOHF2HchgxeH0WryAv

Score

9^/10

Malware Config

Targets

- Target
  
  5b2263b31fdf0c91b335494d22c5156c_JaffaCakes118
- Size
  
  1.0MB
- MD5
  
  5b2263b31fdf0c91b335494d22c5156c
- SHA1
  
  587317ae94a89521c3ef31f72d3d960f1af63799
- SHA256
  
  79f16938bfbb43225489e05d8b75dc982720f723a07318623e7d638633f8237a
- SHA512
  
  916bfa242bc5f91ed554fce6a9222e5ad92492f31f343696c81b64281a6de77b412d1ae4a0a37272490c49d331048fc12d92222be53f3826f30503836b3f30fc
- SSDEEP
  
  12288:n94iIWKWdHaaNXib4W8e80M8J3OHFXC8WflEdAKEFD7z4hgK6LQf7H5jVhPcWryO:nSiIadFVibp6OOHF2HchgxeH0WryAv
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InetLoad.dll
- Size
  
  18KB
- MD5
  
  994669c5737b25c26642c94180e92fa2
- SHA1
  
  d8a1836914a446b0e06881ce1be8631554adafde
- SHA256
  
  bf01a1f272e0daf82df3407690b646e0ff6b2c562e36e47cf177eda71ccb6f6c
- SHA512
  
  d0ab7ca7f890ef9e59015c33e6b400a0a4d1ce0d24599537e09e845f4b953e3ecd44bf3e3cbe584f57c2948743e689ed67d2d40e6caf923bd630886e89c38563
- SSDEEP
  
  384:nUOPTbiJmdztwwKq8W1cyMjPzV0Ac9k+LMkIX1+Gn+XHdjf:nTikliwKq8W1rMjPzz+f
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/MakeDll.dll
- Size
  
  392KB
- MD5
  
  eb907eaaf1d86c90112783c8a189882a
- SHA1
  
  04ca0180f47096b3ef711914cf93ca6ec2b6c390
- SHA256
  
  42e21a9f51079d8a8c211b20ffbb31e86ed1e68f306cf72442a5b46c49ffff1a
- SHA512
  
  0e5327d7447ce77ab2001d1bd2bdd634da5adf1160064d77747381e3912e0b9716134edf847fdb0fd32847a5ec8efa4edd6bddbb568b7e849c99e4cbde9817ac
- SSDEEP
  
  6144:LET26hNKPuz98w6DkrSbu0ia7TOscYT0DEw0isbDfg7dNpJ7yOSc3gvlb/wl:l+NKPs6oubumRqoisw7P7yOF3yb+
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  72f18eaa88886bd0d46de64a17d9720c
- SHA1
  
  e604c84de0ded023cf4c5e215c0534faf1d18227
- SHA256
  
  05f699d932f1fea8e6f1a711c3bc8ba51463b924b78a68bfd0683295de008da1
- SHA512
  
  5a80e303f1418dde67ffe0b9b60d574b85634de0d2b557a6691229812e9b376fb34ba7e276efd0e20f35baec91f1030b738e2138d7b7ee146715fcab5cd7e018
- SSDEEP
  
  96:VgJbo7bG2VHk3C45rJixqE+6nSvMn0iGLG8wq/aAtJ1t2RhU1fU:qJk7ZHgRJRHvcwBwqP/t6wf
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  00a0194c20ee912257df53bfe258ee4a
- SHA1
  
  d7b4e319bc5119024690dc8230b9cc919b1b86b2
- SHA256
  
  dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
- SHA512
  
  3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  c6284e23cd7e4d11db8298deb4541083
- SHA1
  
  e338686c7579620383ab8cc5a51bbb8d846f60cf
- SHA256
  
  79914940cbbf70a385f13a9970a9d577d7a7e07d240fe44563b45a472cd4bc3f
- SHA512
  
  72103e470d770fb402a18e975ff339526a3e4c9aeb8fac1b0977995a6eace0eca965b1915404df9b5a25b59628db1b199d2b9b10372841309c137054356a5cd7
- SSDEEP
  
  96:q0HzOxnC1hncrcpRciM8wcxMkDOW6LbUXv8X2PXv5bcndYosRn:qJxw3pmiMRxNE/8c5bcdo
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  40909a97db3a51fc83aaeff503128b3f
- SHA1
  
  9693d68a1fb11db70f61b8277e1195dd298abbab
- SHA256
  
  f2633b3604a80a7b1be67858fb43288fd7b686730bad158f347dfa38c6df59d9
- SHA512
  
  cd1425e28302dfeced644fa155a09549aae25b96f5f6a7688624135a69be7abee8e6eaac89194dc6ec89281c45e00451fae43db5953360ee9a47dc0d11d07c77
- SSDEEP
  
  96:+Vyk3+0P+gcVUzWKw1lq4xNmuUUOnyX3z9zJ5cVK23EHC:+40P+gcVUzWlyuUStJ5cVKXHC
Score

3^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/nsRandom.dll
- Size
  
  21KB
- MD5
  
  ab467b8dfaa660a0f0e5b26e28af5735
- SHA1
  
  596abd2c31eaff3479edf2069db1c155b59ce74d
- SHA256
  
  db267d9920395b4badc48de04df99dfd21d579480d103cae0f48e6578197ff73
- SHA512
  
  7d002dc203997b8a4d8ec20c92cd82848e29d746414f4a61265c76d4afb12c05bce826fc63f4d2bd3d527f38506c391855767d864c37584df11b5db9ca008301
- SSDEEP
  
  384:LCHDPMs4GdtyO5roguusMxUXiO3wOw95euooP2UgKbd9BvNtf:LCHD6Gh87MKXil/5r2U3z
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/registry.dll
- Size
  
  16KB
- MD5
  
  351f89337642c165a48dd763aa210023
- SHA1
  
  a5b204cbc51a0ad84248aa680b85be7824f3354e
- SHA256
  
  b610ab13da00e05b000026c73081cfdf0d2ebd3f2fad05e1d0f277060fc3c07f
- SHA512
  
  10326b95ea81b377f74cb9e42135e891930a354b65ce50a4562246da33ca6816f5397089bb60cd1eb647bd28829d70f6425c3113440e11f9a9a4f7fecaac7f4c
- SSDEEP
  
  384:tTVUUuJHxgeh2OTU+X9pCtlohiTV0pWY7:tTqzHxgeh5X9oaiTgW
Score

3^/10
behavioral17 behavioral18
- Target
  
  $TEMP/v.txt
- Size
  
  3KB
- MD5
  
  7dd5b42c6430c95daaa78d819a976831
- SHA1
  
  72d84b93404c6f37ce3d9f2a5aa1d38445740315
- SHA256
  
  bfc85625539ed0d5e8bd5cbe1239776ef4895cd5fee73eb7d0858c803158129a
- SHA512
  
  0a81ceee170bb7e687a24fe13d8b3780c7ed3fe7011454fc0241386fbda7f2e749b9a391b8c9056eedcbff5aa169203e3dd655840e29d334a0f4a663bca075df
Score

3^/10
behavioral19 behavioral20
- Target
  
  $TEMP/xcmd.exe
- Size
  
  32KB
- MD5
  
  378e0103156f2e6844c83087d80a7156
- SHA1
  
  c3e577e294ee81cd763625b4f6657795c4a8a6c4
- SHA256
  
  82fbc8842aceeb471967d2e78b7336c972e3d1379fcd23662df022af958f40c1
- SHA512
  
  0d9e162042f0894aeefb4d43a2c98161686b4451605cbaddcf12f367b17ed1a3796370e770dfbbe6b2ce7ddfba7dc42747ce564b8f80c292b331a600910103bb
- SSDEEP
  
  768:vGw9ERxPw5DAKshWRjzrjBav9+IZ5deSbA:vGQc4TsYznBA9LISbA
Score

9^/10

upx
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral21 behavioral22
- Target
  
  $_48_/$APPDATA/xcmd.exe
- Size
  
  32KB
- MD5
  
  378e0103156f2e6844c83087d80a7156
- SHA1
  
  c3e577e294ee81cd763625b4f6657795c4a8a6c4
- SHA256
  
  82fbc8842aceeb471967d2e78b7336c972e3d1379fcd23662df022af958f40c1
- SHA512
  
  0d9e162042f0894aeefb4d43a2c98161686b4451605cbaddcf12f367b17ed1a3796370e770dfbbe6b2ce7ddfba7dc42747ce564b8f80c292b331a600910103bb
- SSDEEP
  
  768:vGw9ERxPw5DAKshWRjzrjBav9+IZ5deSbA:vGQc4TsYznBA9LISbA
Score

9^/10

upx
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral23 behavioral24
- Target
  
  $_48_/1.html
- Size
  
  321B
- MD5
  
  29cbd9faab5b4527d56a284341959a93
- SHA1
  
  63ff7726e5c4fdf34b35b9cb9b3abf1912998aaf
- SHA256
  
  490ea5924c03ae27b37431e8aea826435990be94b20513872d8cf609e0745f9f
- SHA512
  
  4b770ce51a9aff2693d78571f6e443e5ec36d5a0a7ca3a8a89134cc758941cd26bc46321604ce04bec531d2decde723412972653181ed504d6c88a7949ed1117
Score

6^/10

motw phishing
- Mark of the Web detected: This indicates that the page was originally saved or cloned.
  phishing motw
behavioral25 behavioral26
- Target
  
  $_48_/3.bat
- Size
  
  2KB
- MD5
  
  e60158d93a3d15f6248fd3aa44029096
- SHA1
  
  ab6bdcb2ea21645a3a1eacf7dfa20b8e729b762b
- SHA256
  
  68b791d546081f0b26ba3a10bb6c4adeb2da05318b581a491961149d5bacf601
- SHA512
  
  5d1eb8a138fb70502da60a6a0d9f32904df41ff3292156da403a51f3cb796e26f5702b6ea8024c39f1645c2a953d036297558401e0b55b6009a000fa7cf95568
Score

1^/10
behavioral27 behavioral28
- Target
  
  $_48_/3.vbs
- Size
  
  2KB
- MD5
  
  a1e554f682917f550a2e2724e4de948a
- SHA1
  
  b969a24c3581b7a3c8a1493bb5f28410b3359dce
- SHA256
  
  2b4aa2bd62996af03ef4669df853ecb883e676e9ddbb92139d43413fabbad0c0
- SHA512
  
  dfdc643f220be01c6ee9c90970ed84887038d8dd3199c8092d435d8cf6e5ac75a3f2f2b2f5fe020c8bcf0cfcefc64af28d91ef77b80075380b071c284e59c2ad
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral29 behavioral30
- Target
  
  $_48_/qq
- Size
  
  1KB
- MD5
  
  73290cf237739a717d6635cce6863ae4
- SHA1
  
  ce8b179f95bb23f63d9620aed1984245c4e78713
- SHA256
  
  77dce01c2086e7fbba95de7beaef12e8e7ef848563e5a7e31d8faed1d01676c2
- SHA512
  
  b5e91821ed63157b898cc599e504614bbc160a6f056f6c396789dbc3af2a0c2ebb97707830b2d4187be0a83e458a2a2ebd38efe409b708433a170f996abb5e7e
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

UPX packed file

Detected Nirsoft tools

UPX packed file

Detected Nirsoft tools

UPX packed file

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Checks computer location settings

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32