6f8b540361c734dd1b08c829483cc31674ad5dd38909e6e9692bc95f2dfaf24e

Sharing

Copy URL

Twitter E-mail

General

Target

6442836c748e63da7521355251d95dcd_JaffaCakes118
Size

3.5MB
Sample

240722-wwm9xszgkf
MD5

6442836c748e63da7521355251d95dcd
SHA1

c2e35a8ed8fe8f3b4d5b6713291c36d198d9fffb
SHA256

6f8b540361c734dd1b08c829483cc31674ad5dd38909e6e9692bc95f2dfaf24e
SHA512

aa0dfff456b7a3f8f4d98b2cb9c44988d1b66caeeabe1108e7ae2b2db48b42dd225c50c579fbf9ce306fe87b8403cd4a082757fe3e9f7b83a51ac629e9504a24
SSDEEP

98304:+dBKd/OaDUP7ueWseQ0OnTYCrZP7Zf68p2:0Kd/OaDP3QJTYCphk

Score

7^/10

ransomware

Malware Config

Targets

- Target
  
  6442836c748e63da7521355251d95dcd_JaffaCakes118
- Size
  
  3.5MB
- MD5
  
  6442836c748e63da7521355251d95dcd
- SHA1
  
  c2e35a8ed8fe8f3b4d5b6713291c36d198d9fffb
- SHA256
  
  6f8b540361c734dd1b08c829483cc31674ad5dd38909e6e9692bc95f2dfaf24e
- SHA512
  
  aa0dfff456b7a3f8f4d98b2cb9c44988d1b66caeeabe1108e7ae2b2db48b42dd225c50c579fbf9ce306fe87b8403cd4a082757fe3e9f7b83a51ac629e9504a24
- SSDEEP
  
  98304:+dBKd/OaDUP7ueWseQ0OnTYCrZP7Zf68p2:0Kd/OaDP3QJTYCphk
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $FAVORITES/520ҳ_www.520.net.url
- Size
  
  209B
- MD5
  
  cf8d59c473aa7e54b49622cd29c685b0
- SHA1
  
  cda00a5ed791ff481e81b376575faf676ed30ba9
- SHA256
  
  824501d70a02091bc7ba34db762da1ccba4ddef70270be6efd736e9f26a57162
- SHA512
  
  05891f0649a43a943691af4e1c0d8ba7afc533a022adbb396a1590603d4d5ac0bcd9a88a0104318389dc5c1a8e37de39de26cbe11e3df84ae298d511d92576ea
Score

1^/10
behavioral3 behavioral4
- Target
  
  $FAVORITES/뷨ٷվ 52hxw.com.url
- Size
  
  166B
- MD5
  
  21050ee7f144e4f1a373a1145a3c7084
- SHA1
  
  1e40f0eaa6b72d79496ee6881b07d8967e34db04
- SHA256
  
  aaba091d3c9d36ea83abe926d079033c06c5cdd22a269b0a889b78560109b4d0
- SHA512
  
  6346766dbdc40d749338a678f19937fae9a238ec7341fd2af27c92a2b27b90d4e94e66fc85e8b7f2dd0dabc9d5f129067a7453d9be83a83281c7fbd92fa787df
Score

1^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  eef9e469e8a30717974499f277d97e2a
- SHA1
  
  2d33c25984ebd9116beeb55cdde4c5c86c023e5d
- SHA256
  
  1f35bb6728237483c779005fc227e69fef51b0bafd32d15855d483948a337078
- SHA512
  
  d860132106a1c03dfa23f983b3c503f1216ac02f3d47833b96dfb333fb30bc8ab4d4fecd1f1f0a89f0c7f3586405461e2d53c26f282bb48970e549659b364b48
- SSDEEP
  
  192:8np6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+MTjK72dwF7dBEnbok:8p6UdHXcIiY535zBtMTj+BEnbo
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c6f5b9596db45ce43f14b64e0fbcf552
- SHA1
  
  665a2207a643726602dc3e845e39435868dddabc
- SHA256
  
  4b6da3f2bdb6c452fb493b98f6b7aa1171787dbd3fa2df2b3b22ccaeac88ffa0
- SHA512
  
  8faa0204f9ed2721acede285be843b5a2d7f9986841bcf3816ebc8900910afb590816c64aebd2dd845686daf825bbf9970cb4a08b20a785c7e54542eddc5b09a
- SSDEEP
  
  192:qADKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQbVUSF:qAViJrtFRdbmXK8+WVUw
Score

3^/10
behavioral10 behavioral9
- Target
  
  $SYSDIR/atl71.dll
- Size
  
  87KB
- MD5
  
  8f2097e8b174f38178570c611464935f
- SHA1
  
  86476819229f4bf00f32e5f0969e19c5b61d1b2a
- SHA256
  
  3f25e7b097b65eaf82a6d5b58646dff38ca19347664f40c2b8a409b9d6939457
- SHA512
  
  85f60b00b4d2e7d5047d4d0f1b834c23073797fcaea0e14161baac9a7ec719d79782a17ba6aa8da55b933c89b3d94c89696da194c3cf7170c746c8bab7e38904
- SSDEEP
  
  1536:oERCMDI2M2n5lJsYx+J55I+EfA+GsKdQrnzEC560hf/GLKqTM4Zwmibv/4:HnM25V+RI+IGsKVC560R/GOqTJZwmI/4
Score

1^/10
behavioral11 behavioral12
- Target
  
  $TEMP/KanKan_1020.exe
- Size
  
  2.2MB
- MD5
  
  56e5f4611a542ca833721569749cb291
- SHA1
  
  50e5813d6b78b32392e39c868ace99f46c829cdc
- SHA256
  
  f984adb81a9bb0945692c0377d770ece26c09e63e138c1843127d7993cc202a1
- SHA512
  
  3963405c67ef80e2c8bd33e4cd2156a15d35700011b5147506c9f96af813cfbf839c7668e031f9813eb1201a67ed65c7ed9101dd5c23da3b5e6e7bc88cca6e64
- SSDEEP
  
  49152:vcdZYkrOtorhQQUw4pyyp/d8XaaXWe4P+ynePQPX:vcfOtotQ++yyp/d8XaaXKneIP
Score

7^/10
- Loads dropped DLL
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  32aa6334fc543e70ef0f792bb9a0c45a
- SHA1
  
  54be1f5004f7e5afe7c9ba160495076ea2a4d60c
- SHA256
  
  610e54bcfc2831d4f9d7030ceb16d35ee33006403d842f01b6e75bebea0083e2
- SHA512
  
  ac92116821a032de8df64bf9aea9c6ba4040467eebaa4e028c2bf031f1c81bb69531288b9d89d951b952fe0b4ecccade874a5ae76d04db8b4dee2d13c486f9ae
- SSDEEP
  
  192:V6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTwK72dwF7dBdcQOz:V6JaVh4I5rpPbTw+BdhO
Score

3^/10
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/KillProcDLL.dll
- Size
  
  32KB
- MD5
  
  83142eac84475f4ca889c73f10d9c179
- SHA1
  
  dbe43c0de8ef881466bd74861b2e5b17598b5ce8
- SHA256
  
  ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729
- SHA512
  
  1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1
- SSDEEP
  
  384:3rYz6grZodORNWATt4TBmlk5ooyzFh7BukAUdJoUtSOSR:3QggDWATWNCFh7BNddJoxO+
Score

3^/10
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  7d85b1f619a3023cc693a88f040826d2
- SHA1
  
  09f5d32f8143e7e0d9270430708db1b9fc8871a8
- SHA256
  
  dc198967b0fb2bc7aaab0886a700c7f4d8cb346c4f9d48b9b220487b0dfe8a18
- SHA512
  
  5465804c56d6251bf369609e1b44207b717228a8ac36c7992470b9daf4a231256c0ce95e0b027c4164e62d9656742a56e2b51e9347c8b17ab51ff40f32928c85
- SSDEEP
  
  192:IDO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1afgMO:TKAFERdlxhGRYUzqZaf
Score

3^/10
behavioral19 behavioral20
- Target
  
  KanKan/CrashReport.exe
- Size
  
  88KB
- MD5
  
  42251e41371a080bc8309a8f576f434e
- SHA1
  
  34a4b8cf7c2ff0637052d67d04f45e6b60a587e6
- SHA256
  
  f20c1f1286338695a032d887d60b7e0d0c3cee9790983d457b3cc8eb5cf5979c
- SHA512
  
  7c28e8acbbb075ffff8da3783d9112f547b44ce7fac1b46514341a4110f4dc1857bc6b556373e1d8ae9f7548b5bf1816b82fa491fa4b2b102aa722aacf3e2e0a
- SSDEEP
  
  1536:EPe0FGMEGZug8YMgibMH282z+7iKi9Me4ftnlJsfL+WDqd/Mv2po3sa:EPdGm8t+T++eKi9MrnlGed82+
Score

1^/10
behavioral21 behavioral22
- Target
  
  KanKan/IDesktop.dll
- Size
  
  20KB
- MD5
  
  774cac2587f90aa9647c109c80e9ad7a
- SHA1
  
  e261132d98699c33896fa0ab514ad01ce81dc1bd
- SHA256
  
  a93c8bda526303f683d50d659b09cc9fabbc4df8f0fed438ca44539dddff3f9b
- SHA512
  
  f68c249b7b5326c698049b143cb2c2d8d6f3168bcb6ec20a3f02a788dab4978fb110563b5592661ea2ea9ae702bc8f369509ef797749dafea4c6e8823b512552
- SSDEEP
  
  24:eNGSDkNifzWgEqdsbTuTXt9kkdam/r5/VyRHtPU42MEu0le8urioyvJMQSAB:aDkcKqdTr/1jit2MEuD8u++kB
Score

5^/10

ransomware
- Sets desktop wallpaper using registry
  ransomware
behavioral23 behavioral24
- Target
  
  KanKan/ImgFmt.dll
- Size
  
  520KB
- MD5
  
  88860bd93501f6945a2f06e6e2bf4423
- SHA1
  
  01998a9ed7a7cfbb814dfc2238c7e9abf9de9d11
- SHA256
  
  e8aecf086d734671b79e4aa2f8b7bb468754392c968b4abe27e0b2d2b827f941
- SHA512
  
  d78a71c1af629e22f8840c9ccb2717adf4c1b5d6ff2bccd2f2c6f0a1c81c1c88fe570365be642e699b88d4137a00ba04ca75400ad9e58a7bc69a775c4256af26
- SSDEEP
  
  3072:FaimVXlXOrQ1Wdadp5ykVSA80rmyusDAkb1MN3Xyk1XHnAi8COO8L6/iKWCp5qea:F6FV1HBKjlNH36JKHqaK
Score

1^/10
behavioral25 behavioral26
- Target
  
  KanKan/KanKan.exe
- Size
  
  2.9MB
- MD5
  
  2b42d9a69ad17ddea409a55af2b2ca82
- SHA1
  
  494ec740af0a5dfd80b820a0b524ab00e44f6913
- SHA256
  
  64152982a776a8e100cd216b194e00730b7c93a45d7cc196c108124740bce19b
- SHA512
  
  41bd954b6b800e7c9f57bddbef711caecfd2fe8fc60fa06f0fde0693280f5bdc7728688bae774fdf3e47d0b11e04b48e5bfe15bba2d53259d0420ca68904ecd1
- SSDEEP
  
  49152:u9XwIKIhTrITE1SOjbSKQVZMpOsgWfwPfdhTsVpQ6t:0KIhTrITE1EX3UwPfdapQ6t
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral27 behavioral28
- Target
  
  KanKan/KanKanGengxin.exe
- Size
  
  120KB
- MD5
  
  f0b14d3655dff5a1c619500d1cba0d6b
- SHA1
  
  d6621f1981f4fcb4ab39417167e9c5d622461d5f
- SHA256
  
  24701b6ba09575a8d004b7fd5f8fdb284b3b6ca63e548e4c59c7ede4b7f3fc17
- SHA512
  
  58e6d3bf0ca524e37ad9ad4687bbf7848ef859058118d46736a92fd76cbecc51f79548e6bf0ff1df8bd81545da295f5a156d820e9a74abf1ca1ee24961b5bcc9
- SSDEEP
  
  3072:aLLPIvwI4n8L0j91TOITlJkul3SihqojPTBfCl3DsQi9udFQ:0LgvwMLeTOITFtnqojPTBql3DFC
Score

1^/10
behavioral29 behavioral30
- Target
  
  KanKan/zlib.dll
- Size
  
  52KB
- MD5
  
  4965107d112666d3835308a831a29274
- SHA1
  
  50439b99ce525ecb74c554e1dc43ddb39481dfa4
- SHA256
  
  105280995cd5746078d67b8651dfe4ad2abcd532d7ad528d3100c535b0b538af
- SHA512
  
  38fa8f0eeadd75bf212eaab458833cfd3445d00f3d77f1f8a86b7c3ba99376231c8b3fc3cfdff6f02f2ca9c90956c76f9055717712d35a7ca7b30172a0010b59
- SSDEEP
  
  768:MX8TJyuiie4tVkIuCE8U8tOF5GqqQhGbY5ma78ct+Jn0r25mSSIjpe5uw+/Bz4o1:MXGJxIIuCE8U8tOF5pUB0wEo+X
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Loads dropped DLL

Sets desktop wallpaper using registry

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32