Overview

overview

3

Static

static

1

api.js

windows7-x64

3

api.js

windows10-2004-x64

3

api/uc.js

windows7-x64

3

api/uc.js

windows10-2004-x64

3

api/uc_api_db.js

windows7-x64

3

api/uc_api_db.js

windows10-2004-x64

3

api/新云软件.url

windows7-x64

1

api/新云软件.url

windows10-2004-x64

1

images/sec...ex.htm

windows7-x64

1

images/sec...ex.htm

windows10-2004-x64

1

images/sec...ex.htm

windows7-x64

1

images/sec...ex.htm

windows10-2004-x64

1

images/sec...ex.htm

windows7-x64

1

images/sec...ex.htm

windows10-2004-x64

1

images/sec...ex.htm

windows7-x64

1

images/sec...ex.htm

windows10-2004-x64

1

images/sec...ex.htm

windows7-x64

1

images/sec...ex.htm

windows10-2004-x64

1

images/sec...ex.htm

windows7-x64

1

images/sec...ex.htm

windows10-2004-x64

1

images/sec...ex.htm

windows7-x64

1

images/sec...ex.htm

windows10-2004-x64

1

images/upl...min.js

windows7-x64

3

images/upl...min.js

windows10-2004-x64

3

imjiqiren.js

windows7-x64

3

imjiqiren.js

windows10-2004-x64

3

include/db....db.js

windows7-x64

3

include/db....db.js

windows10-2004-x64

3

include/db....db.js

windows7-x64

3

include/db....db.js

windows10-2004-x64

3

include/en...ass.js

windows7-x64

3

include/en...ass.js

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5f47dfe5c526e480d09ff8d53e1045b2_JaffaCakes118

  • Size

    4.2MB

  • Sample

    240720-gm37fsyhkl

  • MD5

    5f47dfe5c526e480d09ff8d53e1045b2

  • SHA1

    0bcef53237950b6d9b16430d27783ddec412f067

  • SHA256

    a1f2e5d2bb3d97e7ab6893d46c72c5e5545f224f55c997878f232be89f6edd38

  • SHA512

    a01ba6905a0aa8aad07a228b1be2706d5115f2b3a6e0e9c802dcefac3fd7e1a794c99e34d4c258df5d94fd2198d77be910955d567e32aceba5a3defe4cf1f9e0

  • SSDEEP

    98304:gPqrSh9lxRRgMZjaVzJPKhk75rEoq09nYfZtIeKZ5YQ/AD:4fh93RA9JT753sfZ/8YIY

Score
3/10
execution

Malware Config

Targets

    • Target

      api.php

    • Size

      4KB

    • MD5

      935d202e7c78015791ec784eaf7893f0

    • SHA1

      65ba739e51e5d519cdfdbe078cdabec67c62342c

    • SHA256

      db28ca82d80053d1af95e8c01c8015677466a60f3bada203ee27bb6dc5d5245b

    • SHA512

      63b8c879d49dfb33e3616884236942478eacfb52f6c1aec6384fa14a1dbc8a479de6637a936f735bb14bd5bacc5848663b724ffe0fb2c4609a4c30b001cfa50d

    • SSDEEP

      96:hi4DqziU+RrBqTJ4m/FO2qTs5zI2vMpXV1B8IzEz9Ig4YjMSAW4:hi4WKrEZ/FLI2vYXVsu6qe4

    Score
    3/10
    execution
    behavioral1behavioral2

    • Target

      api/uc.php

    • Size

      7KB

    • MD5

      0479eafca0e721c110686fb987e9dcb7

    • SHA1

      e28d9c58f54922a83f3279adc5fcc943235bf60c

    • SHA256

      789c3d726daf5bcfb281505c5e2c4bcb4599d703095899f298ebb422e2eb7dfc

    • SHA512

      0be45ee8473b668bd35e73e5b73bde3f0f7820d2794b696072d4f70bddf1ad077182037401057c9ea7556e904ab463e12565e79febce6a97fd26eab724d63b99

    • SSDEEP

      192:/Vohj60Du6uh1LF94Rboi2bB17bCHaGPQ168:/Vu60Kd94xoieB1vC6GPQ168

    Score
    3/10
    execution
    behavioral3behavioral4

    • Target

      api/uc_api_db.php

    • Size

      3KB

    • MD5

      e2eb999bb18b85222a2b13311e456d91

    • SHA1

      a34a419531d4863a9295ef1131be495ec45d9a34

    • SHA256

      731c4e11f60a991c2dc18812180088729b4fce7bfbbc6e40da1ea3511afd6985

    • SHA512

      7563ed64ff6e51f0e4f6abfc1f0e3796889ddf4ed1db4c6ec11a8ab427391dafc6cee5ca0b39bfd575afd56927da118fad8aecead016973fdc5393d64c07fbc8

    Score
    3/10
    execution
    behavioral5behavioral6

    • Target

      api/新云软件.url

    • Size

      133B

    • MD5

      4f0017b3b346bd0626f0c3b915e6e734

    • SHA1

      823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92

    • SHA256

      df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678

    • SHA512

      0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6

    Score
    1/10
    behavioral7behavioral8

    • Target

      images/seccode/background/index.htm

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    1/10
    behavioral10behavioral9

    • Target

      images/seccode/font/ch/index.htm

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    1/10
    behavioral11behavioral12

    • Target

      images/seccode/font/en/index.htm

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    1/10
    behavioral13behavioral14

    • Target

      images/seccode/font/index.htm

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    1/10
    behavioral15behavioral16

    • Target

      images/seccode/gif/OCR_A_Extended/index.htm

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    1/10
    behavioral17behavioral18

    • Target

      images/seccode/gif/Small_Fonts/index.htm

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    1/10
    behavioral19behavioral20

    • Target

      images/seccode/index.htm

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    1/10
    behavioral21behavioral22

    • Target

      images/uploadify/jquery.uploadify.v2.1.4.min.js

    • Size

      17KB

    • MD5

      67a0e26e777ddebd326ee917c81f95c8

    • SHA1

      569de0346eb34918ab7a5e4ab11317d434e34fa7

    • SHA256

      1b948d34b3fbc1682f1188390cbf40b5dcc6b006bfd9589c031d808bdbcacc42

    • SHA512

      2edc1e958f3a086ba50551b7e5a8a61467467b2251cdce1970764961697f0042529291047c6e0adc0ce48eb9847728358c8920e67e7e031649392cca342ff6c8

    • SSDEEP

      384:dTsWGAZvwGxP1hNWwI9V0YO1NkRHe4yGyfq7LMoOyYyw6xsHlQywdYC/Mo0GaOou:+WGAKGxP1h4wI30/7kReHhf9Cw6xsH1U

    Score
    3/10
    execution
    behavioral23behavioral24

    • Target

      imjiqiren.php

    • Size

      4KB

    • MD5

      b3017d89d563c7b071e6738d2fdfdba4

    • SHA1

      ae33f05909b2a4d086737fee38c1389d3de93cfd

    • SHA256

      1ae4a624d86e1aebab58c06f1085aabbf2ef4c24b33db9e6e7c12af7cb5686f2

    • SHA512

      a4b75f15240c225feafdf51dac29565e17f6d8f1fc608ec38354759e46bffbad432ccc4c95570413d065d46e41fbd218139ddb0bcd594edbcfdf14709c6b9bf5

    • SSDEEP

      96:h24DqziU+RrBqTJ4m/FO2qos5zI2vMpXV1B8LZzsz99vwjMSGx:h24WKrEZ/FUI2vYXVsL5Shx

    Score
    3/10
    execution
    behavioral25behavioral26

    • Target

      include/db/database.db.php

    • Size

      2KB

    • MD5

      501eb5f2b5f06783df07639dca47e785

    • SHA1

      1c65b97c88e601c9d0d2b16fe5ee7bac6329a4c7

    • SHA256

      748ab7f1cd0d21760d7756177a3fc3ad6f3af3c7ad1145271c6a3848c67df1da

    • SHA512

      def516d7c4ed94f69d2eeeccfe049cc953a471863db5458fd16f45265d63741fb2cc49a7c71197f10cadd8567423db379e95e64470f5c2b8b1b9a1c1d291fd8c

    Score
    3/10
    execution
    behavioral27behavioral28

    • Target

      include/db/mysql.db.php

    • Size

      11KB

    • MD5

      ff5a66f3035537350482012226fcb714

    • SHA1

      d86238d322b8ddf1cadd7ec928c7f84cf8c09d63

    • SHA256

      0f49e96b87e7d2e7e88baaca28e7aaaa03d25c7a92aa71eaacb053939f631144

    • SHA512

      bbd8e85c5825a0e27f83525eda3c0fe51fe693b1296d8069599f6b907c53578629f7ad75c654403016075916693cf644ebed3f3888f8df3f50d80dfc2058c1cb

    • SSDEEP

      192:1ksxyTRue9d3tMlOeZ/F8aZU2n+KJy4wH+YglzaapX:NxGRNilPDrIFwlx

    Score
    3/10
    execution
    behavioral29behavioral30

    • Target

      include/encoding/chinese.class.php

    • Size

      6KB

    • MD5

      3f98b12740c54569a888e2817a38ebfd

    • SHA1

      6fa9d5d299b92f39fe0b05883398fd1f4769aaee

    • SHA256

      055604a68ae4433145090d99aecca434c44d7d5e87683a4b72df6b1d6a91d548

    • SHA512

      f4f23fdd12150211d982dd5d2af8c05aab35cf1d88ae3dba7602e91c6cf0248157d87c0564ccd2f0818089f66bf3cf412d9e008cb4b3251aaeffbe2349c96166

    • SSDEEP

      192:PFCxT5RdrImn31eGHXvCH0HBd+poeZjS7vEiV/HXvpH0ks79:tCxNrImn31eGHXvCH0H3ioehSzEiV/H0

    Score
    3/10
    execution
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

8
T1059

JavaScript

8
T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

7
T1112

Credential Access

Discovery

Query Registry

7
T1012

System Information Discovery

7
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

Score
1/10

behavioral1

execution
Score
3/10

behavioral2

execution
Score
3/10

behavioral3

execution
Score
3/10

behavioral4

execution
Score
3/10

behavioral5

execution
Score
3/10

behavioral6

execution
Score
3/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

execution
Score
3/10

behavioral24

execution
Score
3/10

behavioral25

execution
Score
3/10

behavioral26

execution
Score
3/10

behavioral27

execution
Score
3/10

behavioral28

execution
Score
3/10

behavioral29

execution
Score
3/10

behavioral30

execution
Score
3/10

behavioral31

execution
Score
3/10

behavioral32

execution
Score
3/10