General

  • Target

    197d3c795c3a6989a3430400ebcdd5f2_JaffaCakes118

  • Size

    4.8MB

  • Sample

    240728-vxyavavckm

  • MD5

    197d3c795c3a6989a3430400ebcdd5f2

  • SHA1

    bbb374f2d93cd8b264cedde75f2425e5477b3583

  • SHA256

    acce699c8488a2a13142852a6080c1512ba55f0ee56f9fdac2fc7a45b806d3c5

  • SHA512

    a4d5c1f1f2a5a33929e65a06d8b4b238698c2e3c2ad572c3cc480e93bc59d337453b33770cd511217fddfdf57e427e017fcf1d01d10dac3494a465a431b7663b

  • SSDEEP

    98304:K43JpL4dXD943JpL4rAe3UfRG+8Wlma1lQY9oQc51cQUTvjsXB4T:ZhSkhGT3adhlf1KY9ojIDjsR4T

Malware Config

Targets

    • Target

      BloodHub Full And Simple Menu/BloodHub v1.1 Full Hacks/Crossfire Rocks.exe

    • Size

      1.4MB

    • MD5

      8d04696c81cb68646436d40f6aadd187

    • SHA1

      21605c970170d7b8a4cb7ffd50f24c46bae13556

    • SHA256

      fa9c9a7346635ba2c5d5d71c334d0fd864a9e9addf054dc7ca5888001bcd755b

    • SHA512

      de71593371b47f826e4cddf4406515d0c332ea56d516692d2f05110272bcc71101cc88903cf7c64ce96ee0cb047a7bab48bd631e735319512160b9ae2c2f3b0a

    • SSDEEP

      12288:0wXBGFxsoqX6brqiWFx7lfja6IMAqttc/cbmIsl3qkfEpr6Sx/fCnLF:02axe6XdgVm+AOtc//vl3qkfM+vF

    Score
    3/10
    • Target

      BloodHub Full And Simple Menu/BloodHub v1.1 Full Hacks/JIM.vbs

    • Size

      2KB

    • MD5

      e2866ac2e042a322743b662b91f4993a

    • SHA1

      885213deb93f3461f441a9e206ca06f2aaed6e81

    • SHA256

      7c17f6693c2c6216c005a0dae7edd04d8baee64dee44d7ad6dd6f273435ba19d

    • SHA512

      e1ac4446d3a65f221efa94ad0ac69d8ba186a86799f0dd646a9eedd847d74a8a8991e70a4e28dcd8e9802b3c5cc074b34f2f616bf70513fbf0c0a7e6b947e51a

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      BloodHub Full And Simple Menu/BloodHub v1.1 Full Hacks/d3dx9.dll

    • Size

      598KB

    • MD5

      a3d6220e2fcd64f2e0896c5ffb12db1e

    • SHA1

      d5a4c338b8fc6174ef457669e1e96e4609977f7b

    • SHA256

      ea898a4d624e64b9b995f47614d2ae159a0e1c8dce45cf7dfd8416000d1a8f51

    • SHA512

      704a1b0cedf5567623fb00cce3e2aac31c6ca05424549dbe2eb7d915640d700ec095a337e4cbd3c8524ce8171a417e143edb357f7f039f66aebae27b21f68f5a

    • SSDEEP

      12288:QgbHM0uV5vg59oOyKbvoGYg4/7W4V/xN7FIJU3DMZc:wLlg59oKbQW4L/xN7FIJU3Dic

    Score
    3/10
    • Target

      BloodHub Full And Simple Menu/BloodHub v1.1 Simple Hacks/Crossfire Rocks.exe

    • Size

      1.4MB

    • MD5

      8d04696c81cb68646436d40f6aadd187

    • SHA1

      21605c970170d7b8a4cb7ffd50f24c46bae13556

    • SHA256

      fa9c9a7346635ba2c5d5d71c334d0fd864a9e9addf054dc7ca5888001bcd755b

    • SHA512

      de71593371b47f826e4cddf4406515d0c332ea56d516692d2f05110272bcc71101cc88903cf7c64ce96ee0cb047a7bab48bd631e735319512160b9ae2c2f3b0a

    • SSDEEP

      12288:0wXBGFxsoqX6brqiWFx7lfja6IMAqttc/cbmIsl3qkfEpr6Sx/fCnLF:02axe6XdgVm+AOtc//vl3qkfM+vF

    Score
    3/10
    • Target

      BloodHub Full And Simple Menu/BloodHub v1.1 Simple Hacks/JIM.vbs

    • Size

      2KB

    • MD5

      e2866ac2e042a322743b662b91f4993a

    • SHA1

      885213deb93f3461f441a9e206ca06f2aaed6e81

    • SHA256

      7c17f6693c2c6216c005a0dae7edd04d8baee64dee44d7ad6dd6f273435ba19d

    • SHA512

      e1ac4446d3a65f221efa94ad0ac69d8ba186a86799f0dd646a9eedd847d74a8a8991e70a4e28dcd8e9802b3c5cc074b34f2f616bf70513fbf0c0a7e6b947e51a

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      BloodHub Full And Simple Menu/BloodHub v1.1 Simple Hacks/d3dx9.dll

    • Size

      650KB

    • MD5

      6a63f137f7be27cdd5d3600914636884

    • SHA1

      9ea53705619163b3ebe928e38adc228d98b5b869

    • SHA256

      1b7d46e48365a7dd4b51565a7a334bfb3b5ca668a807fbc620f0a9b92c3edf35

    • SHA512

      2601dd56b47aacc88930ff7c26ba4ab619663d7b320ccc272eb91a98b783ea68950513ee616148549f1d1e17a46492b94adbccc22f1d658ca895f68d39d924f0

    • SSDEEP

      12288:f8XcOmGWy7Z4ijBNR110h6s+3qbOJSKUhvGydtXAuExRCKi3ks:fK2GvVlq6FaCQKURQxRCKi3k

    Score
    3/10
    • Target

      BloodHub Loader.exe

    • Size

      3.8MB

    • MD5

      36d1f3f1177206cf8926561278939ea3

    • SHA1

      063694ebefe31baf30ab4db461ba7fcb099756cd

    • SHA256

      ae952b1ea4ddafc30a97f9a57852e88993f374085660fe6656333db8020f2bea

    • SHA512

      4be9d30953122ee0edcb615c40d2ce0716cbcf45c54da323931a973ae0e2cb808e7f971184deb43702f80d2d441b34adebc1ade97fe5afc051c5cfe94c08b89e

    • SSDEEP

      98304:nodc//+diKwqGOlhYVFsqg8vtefmXtYoxMm:odI+cnOlZgYmSo+m

    • Ardamax

      A keylogger first seen in 2013.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

MITRE ATT&CK Enterprise v15

Tasks