Overview

overview

7

Static

static

3

5c03ec27bc...18.exe

windows7-x64

7

5c03ec27bc...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

WindowCont...01.exe

windows7-x64

7

WindowCont...01.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    5c03ec27bc96f052b33b52fea00585a8_JaffaCakes118

  • Size

    1.4MB

  • Sample

    240719-p3esssvgrg

  • MD5

    5c03ec27bc96f052b33b52fea00585a8

  • SHA1

    4031bda61fea8ee8b30e7e0429788644e6f3059c

  • SHA256

    c27724b9397359fb47bc58c099b631617c8e4136677986f0b59548888f5dc729

  • SHA512

    078aaa762453f27cd9869d8f671b2447ce68cd0a42df5e9e23d659b71b7ec7fc2565a05825c80d547493435641677941fb2131a40e640cdc2026142b6c2a35f5

  • SSDEEP

    24576:QbGprgccDiqL8vBjEmeFFaEfRfqatnY6Bo2WDaP0nmZfnvbXntu++6T:25cN7BM48SatfPZfv5h

Score
7/10
adwarediscoverypersistencestealerupx

Malware Config

Targets

    • Target

      5c03ec27bc96f052b33b52fea00585a8_JaffaCakes118

    • Size

      1.4MB

    • MD5

      5c03ec27bc96f052b33b52fea00585a8

    • SHA1

      4031bda61fea8ee8b30e7e0429788644e6f3059c

    • SHA256

      c27724b9397359fb47bc58c099b631617c8e4136677986f0b59548888f5dc729

    • SHA512

      078aaa762453f27cd9869d8f671b2447ce68cd0a42df5e9e23d659b71b7ec7fc2565a05825c80d547493435641677941fb2131a40e640cdc2026142b6c2a35f5

    • SSDEEP

      24576:QbGprgccDiqL8vBjEmeFFaEfRfqatnY6Bo2WDaP0nmZfnvbXntu++6T:25cN7BM48SatfPZfv5h

    Score
    7/10
    adwarediscoverypersistencestealerupx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      325b008aec81e5aaa57096f05d4212b5

    • SHA1

      27a2d89747a20305b6518438eff5b9f57f7df5c3

    • SHA256

      c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    • SHA512

      18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    • SSDEEP

      192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo

    Score
    3/10
    behavioral3behavioral4

    • Target

      WindowController_setup_01.exe

    • Size

      1.4MB

    • MD5

      cbb042c279c90e63becb2aa3dfb9ee07

    • SHA1

      0d6300469924c70141d16054aea0d8048bf1f377

    • SHA256

      d6a4c190874e0f3e25b30acbb750b26b772fd58bd947c729a40b8fd0858dcaa1

    • SHA512

      31e6a4efcef066fc40446ae20adc1df75e6e953bae9238de436af999a654b4200c5e8bdc44ea6b9512e6cc1c4a5b46fae267f40ff33f24d9e82f192d51f828ce

    • SSDEEP

      24576:unvUEZlqA8+B4fmdcN/3Jt6iQaDnY6Uk22+U6nMZf9vR40tt++/q:uvRbBKN/PTQaDflZfRr+

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks