bca64540a033b12247f730c2afaad55f710c1e5054c297b84ea56e50388079fe

Sharing

Copy URL

Twitter E-mail

General

Target

663177581b2be94f003e5f6aba84248e_JaffaCakes118
Size

4.2MB
Sample

240723-feenfsyfjn
MD5

663177581b2be94f003e5f6aba84248e
SHA1

71233f2191416e4933619e75c5db547ab6b53320
SHA256

bca64540a033b12247f730c2afaad55f710c1e5054c297b84ea56e50388079fe
SHA512

6a4470c289576e91c74beab5c7fd3080420bed743246f57af55c47d1be7d6a0456ecf994f726396096c771c2222db65a160fb26c20523d6372b87ca77ea30994
SSDEEP

98304:6chh0hYdLuruK4eb8QXv2YY9s84dW55TuDocfmHf2v:6Sh0uLu/6bF9s8F5TgUf2v

Score

8^/10

Malware Config

Targets

- Target
  
  FPC411/FPC.exe
- Size
  
  592KB
- MD5
  
  35a3c06e213ff4017b91cc7c0668a532
- SHA1
  
  f2ebc49175b93d06466370b2a65640accafb4d08
- SHA256
  
  bf12c11db993d3224fcfa5c47d1e4c550dd74b3be083932bea5597c0b0da203f
- SHA512
  
  0a128f6a5a14ec6f5ab67ac94d0f2970637879116b249b599e08259edc9fd5cdb5c90966c09a0378d784ebe348adea39dd614a7eb3053f0fff7408b1ef1e4937
- SSDEEP
  
  12288:nOTMM1IKwMnoQN5dVhf9ZYYQ/vBTN52I50opU8tFYfTcc8uzvY:nO5ZwpcpeXBH2I5vOL8uzvY
Score

3^/10
behavioral1 behavioral2
- Target
  
  FPC411/Model7.DLL
- Size
  
  470KB
- MD5
  
  abc91a4bf753e3ae99dbc6b95de6728a
- SHA1
  
  999dea2c17bc3ba9fc14a3dbbebe5e49f5bd5903
- SHA256
  
  f11fdc9061e15dcec03c4e5d7c842c7ba89219ef73b01e394c1b4bcdacf7c737
- SHA512
  
  8b95aa6150e7ded1499886715492711faddf798b7edf926fda39560250d4e460e9d9914462e00dc75bcd673a04921b4ad3e37f9159a7d777344318fb1c098863
- SSDEEP
  
  12288:Wd4ZkhIVr01DNt0YtKYd/cr51+1p7cVS+oSAcp:Wd4lr05Ntpt1AkpYSAAcp
Score

1^/10
behavioral3 behavioral4
- Target
  
  FPC411/Model8.DLL
- Size
  
  707KB
- MD5
  
  c67dad1c26fa4f26032719b0b9bb7bb7
- SHA1
  
  732e199369802c6ca2a377c868b298a894fdddcc
- SHA256
  
  c4c2d9ef057ea31e5809f7070db2a95ae608d94f6f5a69732f3571f3a99db366
- SHA512
  
  a2a0413b36b41fb31d8ff240255fab96c9451ee0f014bb8bf3ad10d03ee151dce9b5b09aa55603694252d5ff2b58ae690afd85f8fcca35959a1747d4527b7e81
- SSDEEP
  
  12288:UyF7FS5nMy0tb0Ep6trVsc06pZME4aIqMRVXLZdpPLBKkCVDRMNSfEknhb7AN8:Us45MZ0Eo5Oc02ME4NddpdK59ySfEkhd
Score

1^/10
behavioral5 behavioral6
- Target
  
  FPC411/Model9.DLL
- Size
  
  1.1MB
- MD5
  
  b100ba0fde5964792adb11fed5b754a7
- SHA1
  
  01752920f0a1f92487489752cd8550cfc08d5233
- SHA256
  
  65075a2362951a4186455431638d44b046f7fc9c93c4d86576648a0157d30dac
- SHA512
  
  6c38b5caff41e4d48d26f2359d705c2cbd35dda3aef8469bf6ce2478133a281ebf85f169103378e5d3501a1228064dc2decde0f9b4c3a674f291080c0dd2e1eb
- SSDEEP
  
  24576:QsGR3HSlk6SmN1BMtyoLM2AAvh70fneksEyhxHAblo1jCt3gnN:QZslklvAiCneksEyxYQC6N
Score

1^/10
behavioral7 behavioral8
- Target
  
  FPC411/Scr.DLL
- Size
  
  200KB
- MD5
  
  2e4c60836e16cad339b1b58dfb9f3c6d
- SHA1
  
  5be0c4d13d3f046c74db8d494d80ffd7ab03c9cc
- SHA256
  
  6cb8ffa90d61bdde39ccdb318b5c92fb71fb56a2adf0ef67d076eeabb32762d8
- SHA512
  
  eeccaeb64eea3364e0ae676c4eadbc484c45c89baee44de05a6ecbae5eaf892f03b407636966523316fc461a0f9105e4b76f37eb8a31fce62889ac2e2eebb5f2
- SSDEEP
  
  3072:OV4HgQ1Ukig1+i4W946XMkk3ClonrLArq9ZdnJxUTAtVoQXmE+9h6G/GneAi6syD:OVLQ1XOhrErq93bUctCTsFeF69Gc
Score

1^/10
behavioral10 behavioral9
- Target
  
  FPC411/install_flash_player_active_x.exe
- Size
  
  1.2MB
- MD5
  
  2d4b0f75ab3b1d4b41cebd80708cb8ac
- SHA1
  
  25b262c619c29c0c472684deb2e7b8e5febd920b
- SHA256
  
  ad1601efde80b1eb3c631b6865da3d02ece5f880fc9e86e890afaa956201986d
- SHA512
  
  0fe9c2036e73e092c16ff8ac7018a8a68bdb74010c10bcebf25a25c5fe215396de2b4f283650a86a83d561878ae58549d12caeaa00b70ec8d2871906e938ee8c
- SSDEEP
  
  24576:4UdWyV02uMTFHrNxVXDhTjlgfPkzd3JjRoUWW6NjR5qYo8:4Uh/LjVX1jSkzd5my6N1nl
Score

8^/10

discovery persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/NSISArray.dll
- Size
  
  17KB
- MD5
  
  2b8574f6a8f5de9042baa43c069d20ba
- SHA1
  
  07959da0c6b7715b51f70f1b0aea1f56ba7a4559
- SHA256
  
  38654eef0ee3715f4b1268f4b4176a6b487a0a9e53a27a4ec0b84550ea173564
- SHA512
  
  f034f71b6a18ee8024d40acd3c097d95c8fd8e128d75075cc452e71898c1c0322f21b54bd39ca72d053d7261ffbab0c5c1f820602d52fc85806513a6fe317e88
- SSDEEP
  
  192:YAFuV2Ow8mbPNnDSnYJly4RX+VGeSDlsGUlyGaWNn3B3/WXZWsQs5PaqJ7En/5U3:YA4V2Jb1nDSnc+Zos1lP6Suhe/q9l
Score

3^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  16ae54e23736352739d7ab156b1965ba
- SHA1
  
  14f8f04bed2d6adc07565d5c064f6931b128568f
- SHA256
  
  c11ffa087c6848f3870e6336d151f0ba6298c0e1e30ccddf2da25a06d36a61fc
- SHA512
  
  15dbfcdc5dc34cb20066120045e3250f8df9e50b91de043f2ada33ac0235907d98668e248828a7ed9c75e25dfb5103b7248867530ce73ee36f6a35c30b4afa9f
- SSDEEP
  
  192:HO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1a8gMO:GKAFERdlxhGRYUzqZa8
Score

3^/10
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  68d73a95c628836b67ea5a717d74b38c
- SHA1
  
  935372db4a66f9dfd6c938724197787688e141b0
- SHA256
  
  21a373c52aaecce52b41aebe6d0224f53760fc3e5c575e821175eee3a1f7f226
- SHA512
  
  0e804deab4e647213132add4173c1d2c554c628816f56e21e274a40e185d90254e29c8bfc6fbfdfea2a492d43d23c0bfa4b276252a3f5e1993ab80ff832c4914
Score

3^/10
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/fpinstall.dll
- Size
  
  3KB
- MD5
  
  7d448e856571c3cc9a403d62e429484c
- SHA1
  
  75698fd133c13ad2fc8e234254a492d686900dfd
- SHA256
  
  5a70946e57565d9e4327d3832f3e2d836608c3c4408394752d690fe9a5687d50
- SHA512
  
  903f4564f84fdc4e65f98f0abe99cf18692f349fcc168677b3424bd46d358c0380f8f2f73bb9091f04086698b9795f5b7a6695c60d6b4d6aecae19742468003b
Score

3^/10
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  e5f9d339d035e054e01648b4a00f8502
- SHA1
  
  cce01d02210f0480393d9fc5289fa692ce7f34af
- SHA256
  
  181d9ea85a56693e005d9991115e0d4179cf6bd0c18be71b19c69a330df70507
- SHA512
  
  4af944a5a5dd7cea6a375e5d12dbf8be8bb6e8c60ac174d688f295aa6b2bed09fe686ee4c213fedb6013b58252a53acc7553a8e05e12deebebc6e466a4839f1b
- SSDEEP
  
  96:GjX1XJX70rn3jud5ClMdOfHFI2NaeI0u1qND1qN3riUTEVX/cL1+:GDx1Arn3qd5ClyOtIs1uUhUZriUTEVXa
Score

3^/10
behavioral21 behavioral22
- Target
  
  Flash9e.ocx
- Size
  
  2.3MB
- MD5
  
  38010f8b9dc0e06cc78ab871c15b7e6e
- SHA1
  
  82baa8d12bd0b68b183328e463eedc16613001ed
- SHA256
  
  ccb605076d0f6211621956c0295eff4d408574bc7fb766fdb8b1cd4be05d76bc
- SHA512
  
  dedb52556297fba187e0fab285ad7a61956a7036fc068c653e8dfadce98758ea7125fe09d25a1da6f2b408a052f40edbab29298e579f8e9e4f4da2f4d889dec8
- SSDEEP
  
  49152:k+hQNLBHgs/8NjQ/zsUFvOpEMfcqwXEwOXw+XTpal:vQNLBHgn2/zsOvDGcB0wOXBVy
Score

1^/10
behavioral23 behavioral24
- Target
  
  FlashUtil9e.exe
- Size
  
  186KB
- MD5
  
  f609389a57286e108f3aad061995e743
- SHA1
  
  b1d5f586bd5ba36b684a2609d9c37692ca303a8d
- SHA256
  
  09e5d8fab7e2cbce9daecfafcaf7ad705ac59abfa4395a32fcd57dbd9a337052
- SHA512
  
  522250b72874b5264a6a5bc79981d859647d5df12d0050e479fdf781945840719cad56cba9f07a6a11ba221a486732c46fe62fe93ad4ee260480da41a2407ca7
- SSDEEP
  
  3072:IiiNVbu27+u4qZjjiEjRWTBfrOtJuIOgs8/ufQzpX2oa:0K6jHsTBjO1Oe/ufSXg
Score

1^/10
behavioral25 behavioral26
- Target
  
  FPC411/新云软件.url
- Size
  
  133B
- MD5
  
  4f0017b3b346bd0626f0c3b915e6e734
- SHA1
  
  823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92
- SHA256
  
  df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678
- SHA512
  
  0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6
Score

1^/10
behavioral27 behavioral28

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Boot or Logon Autostart Execution: Active Setup

Loads dropped DLL

Checks installed software on the system

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28