Overview

overview

3

Static

static

3

iis_rewrit...te.dll

windows7-x64

3

iis_rewrit...te.dll

windows10-2004-x64

3

iis_rewrit...if.dll

windows7-x64

1

iis_rewrit...if.dll

windows10-2004-x64

1

images/fon...ex.htm

windows7-x64

1

images/fon...ex.htm

windows10-2004-x64

1

images/fon...ex.htm

windows7-x64

1

images/fon...ex.htm

windows10-2004-x64

1

images/sec...ex.htm

windows7-x64

1

images/sec...ex.htm

windows10-2004-x64

1

images/sec...ex.htm

windows7-x64

1

images/sec...ex.htm

windows10-2004-x64

1

images/sec...ex.htm

windows7-x64

1

images/sec...ex.htm

windows10-2004-x64

1

images/sec...ex.htm

windows7-x64

1

images/sec...ex.htm

windows10-2004-x64

1

include/de...r.html

windows7-x64

1

include/de...r.html

windows10-2004-x64

1

include/de...e.html

windows7-x64

1

include/de...e.html

windows10-2004-x64

1

include/de...e.html

windows7-x64

1

include/de...e.html

windows10-2004-x64

1

include/de...r.html

windows7-x64

1

include/de...r.html

windows10-2004-x64

1

include/de...k.html

windows7-x64

1

include/de...k.html

windows10-2004-x64

1

include/de...h.html

windows7-x64

1

include/de...h.html

windows10-2004-x64

1

include/de...g.html

windows7-x64

1

include/de...g.html

windows10-2004-x64

1

include/de...k.html

windows7-x64

1

include/de...k.html

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5d40f3b68b12341ef95f23f196b881f6_JaffaCakes118

  • Size

    6.0MB

  • Sample

    240719-xplyysvfnp

  • MD5

    5d40f3b68b12341ef95f23f196b881f6

  • SHA1

    73a8cf4f3da45c84109c882bc8b649270720ee39

  • SHA256

    f6a5826ce051383ccb2054a121186fe321efe92f9a6bf49f84b13f518f29175d

  • SHA512

    26d3badec5bca56fcefe476c8c1a4f34c834486a64e74730a7db288d6d611623ac6f9e1a58e64d1716ef7f8e5b64d828fd66d667fbe9955ac52a9df6bbf6e557

  • SSDEEP

    196608:MyM2t07io+eqDzFaKgxdHQXx+U/rg4fBVb:MyM2ymozIzFaKgbQXxj/rgQBVb

Score
3/10

Malware Config

Targets

    • Target

      iis_rewrite/Rewrite.dll

    • Size

      136KB

    • MD5

      afe04864cb12e4a50dbf78cc7a0286b3

    • SHA1

      8c979cc31ff93269b362545e46a2edef7482b7c4

    • SHA256

      318fc2f6025aaeed7a236e57b4b6fc86ab218c9dd49bf2d0b027dcccb9a49499

    • SHA512

      e88f202679e55c779335e587841731903c2bebbc4049dfdf9da8c644a906f15805e8a9da20824145b3629a85a4f4385b5a72a7a77d640d6ef2e85b677cf3001b

    • SSDEEP

      3072:vODKsHGDzhimd4xW0BUPpj9WImxHWwkuqihyg9:11bj9WIUTVyg

    Score
    3/10
    behavioral1behavioral2

    • Target

      iis_rewrite/mtbnotif.dll

    • Size

      80KB

    • MD5

      e75014ef4096b22fbd120398424102a5

    • SHA1

      1fa336d3df933ccd70d5d98430219ff51fec8296

    • SHA256

      9733873f8b5847bd5f9c5ba133798492313d36a352a975659b305e02a13ca798

    • SHA512

      0ff5ff78b95ffa8e925e26a45e8aa306f0aa8d5f18e1998b6b2dd24130adfcd10139fe4d2fa431d766943083c0d10c05584e1ce173ffb784920660e1de8a80f4

    • SSDEEP

      1536:/rOLavn+l7DGSBEJonjPTb0QwNIC/1y0++GrKcSaI9o:TOL2n+5hEW/2yC/1Q+GecSaeo

    Score
    1/10
    behavioral3behavioral4

    • Target

      images/fonts/en/index.htm

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    1/10
    behavioral5behavioral6

    • Target

      images/fonts/index.htm

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    1/10
    behavioral7behavioral8

    • Target

      images/seccode/background/index.htm

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    1/10
    behavioral10behavioral9

    • Target

      images/seccode/gif/OCR_A_Extended/index.htm

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    1/10
    behavioral11behavioral12

    • Target

      images/seccode/gif/Small_Fonts/index.htm

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    1/10
    behavioral13behavioral14

    • Target

      images/seccode/index.htm

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    1/10
    behavioral15behavioral16

    • Target

      include/deditor/images/edit/BackColor.html

    • Size

      3KB

    • MD5

      d9bf98a037d778d36e97c13d06dad0f0

    • SHA1

      d0f4f7728f55ca11042830e920b05e81e2ee2279

    • SHA256

      31b4435b7c6a1fa3ef640de67885eedd73c0e26e3ec633b5ae993a23a24c08fc

    • SHA512

      c49557d4aa05d25f7159b405fb9fe71688064ff68514680441ea6bcce66e13683f146acc9d3b72330f1e2c5e80f4210c3799eaa535b7666e0ecec3f34c1629cf

    Score
    1/10
    behavioral17behavioral18

    • Target

      include/deditor/images/edit/FontName.html

    • Size

      2KB

    • MD5

      f6f55121bea50e997acd9ef29e5785bb

    • SHA1

      79815ac228ba0a4638107229d6a334b7c177bc96

    • SHA256

      be42ac8707463a349aa1b40f2b8c4138debe0c4d3f770111d83671481d445343

    • SHA512

      c996f8177f0a4e42ce80384f247f575cbb172b00f85e08b9d9ffcecd254f6be252f565782c4a3779013edc5b169f2bbd060422cdcb86d5b49162898a0df9a28e

    Score
    1/10
    behavioral19behavioral20

    • Target

      include/deditor/images/edit/FontSize.html

    • Size

      1KB

    • MD5

      81a10ebdf3cb642aada77aeb75815542

    • SHA1

      e4ccc31c889a5d4c73156382891af36b184dfccc

    • SHA256

      54175f77df1e3a25e73b8412fad0ab768d96a78f7bce1cd814577fe11600a6ca

    • SHA512

      caabdbeb737a1cf2ee3a755f61d0052e9ad3ddfbc3972a87bd1b34becc6d0e835d5c4343a342d998f7c4347a9ebcc4b0ba483717f0f1d5fb6f9714a2ad708ab4

    Score
    1/10
    behavioral21behavioral22

    • Target

      include/deditor/images/edit/ForeColor.html

    • Size

      3KB

    • MD5

      614829a6234d2abdaf3eb151ca2a3de3

    • SHA1

      98fc556afb43cbd50c72d9669a0f9b456b9d4402

    • SHA256

      437d4cd2428a5fa7405b48afd77b809d6b7b8650f13f06bf4ad9d1f66b390ff8

    • SHA512

      bcc28c02036309bab4504fddfca15032fde0039fc0244fa37a39aa5eeb3b08e5cc00d92a9954506fa953ac4ff3852a9b027cbc1d16a23f8bb45b8f66bd4bacc5

    Score
    1/10
    behavioral23behavioral24

    • Target

      include/deditor/images/edit/FormatBlock.html

    • Size

      2KB

    • MD5

      6d19254fb187bad4a6ae213e83331243

    • SHA1

      ca93ab45741fa2c8e3dee5d204eb5a94ead031d0

    • SHA256

      59019563cd735d492a5471859cc8f1b39551b3a606fe230f5e796002197ce5fc

    • SHA512

      fb7e950515ea928c973094b728e3ca9367f0b012636adbda074e09854626d5cfe2a82bb75e598dfbe3a2fdcd9d56b5bc2287152adb61198931cb401dc042a9a7

    Score
    1/10
    behavioral25behavioral26

    • Target

      include/deditor/images/edit/InsertFlash.html

    • Size

      1KB

    • MD5

      f73c8412b8b25b3c032f44b9fbc147f0

    • SHA1

      8ea55222d21fda2feea6fb326ca2c8a8978f05fa

    • SHA256

      2bb063a07566be763b289acfff87391173b6c9c9e708b237cc6f1dc87c4718e1

    • SHA512

      1e05e2c5bd5dcfb210ebb631c234fdf8efd37bac0a3b3ce9602adc6ec928e4f780cbb0a6e3550b67f2f855d62ea7f8f6be1ad7a6f11da31ed6048fd3d9125578

    Score
    1/10
    behavioral27behavioral28

    • Target

      include/deditor/images/edit/InsertImg.html

    • Size

      1KB

    • MD5

      c02a6700ebb9c4d498854e84444626fa

    • SHA1

      762b7fb194c0e8899950f1959ee56828da7362f0

    • SHA256

      9fb56f783e7aa02507c67265264aa8cfe1c5dcd16c7464f2d0772b7f656813da

    • SHA512

      926e40ef76096b488a9e8e2a7be852c3d004bc8ea9ac8480de499dd3cfdd387b284413b2e208d3ad9e7077ed520b4eab40477df2065e8476569ccf1650aec320

    Score
    1/10
    behavioral29behavioral30

    • Target

      include/deditor/images/edit/InsertLink.html

    • Size

      2KB

    • MD5

      57eb3294ed0e24b6dd783c8d9e502caf

    • SHA1

      d3981ce868e475ccc1c108b9c9bd6cf03ddd722f

    • SHA256

      cc4509140cce15278449d0259b7a7235efacf42049584cedb7eff079d593f486

    • SHA512

      736283369325f43bafdc8a03dc12fa8d4a2b282d7bae677d74b3f66ce7f4f3870a77897747b2e083c74bfd0bc3b9393498f615405b0ba9f2f7e5a715cc81c3cf

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

14
T1112

Credential Access

Discovery

Query Registry

14
T1012

System Information Discovery

14
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks