20a45fa6c17c9e8461522886352a440c2c00a6a16075004f3d731876631c3696

Sharing

Copy URL

Twitter E-mail

General

Target

8bd9a3095ebb74383c3103bfc41765b0_JaffaCakes118
Size

4.8MB
Sample

240811-y85qva1blh
MD5

8bd9a3095ebb74383c3103bfc41765b0
SHA1

a7b38182caa24927955d49740496dbb432c6363b
SHA256

20a45fa6c17c9e8461522886352a440c2c00a6a16075004f3d731876631c3696
SHA512

a4aca9d5b1ab785822b9913c6d4d10aa7244873445982806f4ada9fa47c01a2f28ccbb4b5d1234e5af9a164997924ff342e44e7ad47b6014831e40ac3a51f577
SSDEEP

98304:KrgJubL1bcRIRDF7nO9X3ll3MZXsKdaoTgkuKL21WKtxa9/nj:KZ9wohLI3fcZXRcVKL21K9/nj

Score

8^/10

Malware Config

Targets

- Target
  
  8bd9a3095ebb74383c3103bfc41765b0_JaffaCakes118
- Size
  
  4.8MB
- MD5
  
  8bd9a3095ebb74383c3103bfc41765b0
- SHA1
  
  a7b38182caa24927955d49740496dbb432c6363b
- SHA256
  
  20a45fa6c17c9e8461522886352a440c2c00a6a16075004f3d731876631c3696
- SHA512
  
  a4aca9d5b1ab785822b9913c6d4d10aa7244873445982806f4ada9fa47c01a2f28ccbb4b5d1234e5af9a164997924ff342e44e7ad47b6014831e40ac3a51f577
- SSDEEP
  
  98304:KrgJubL1bcRIRDF7nO9X3ll3MZXsKdaoTgkuKL21WKtxa9/nj:KZ9wohLI3fcZXRcVKL21K9/nj
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  1d5c649dde35003a618b9679d5d71b92
- SHA1
  
  0409bbab3ab34f8c01289cdd847b4d1a32d05b18
- SHA256
  
  0f4d3cee24e3f310fa804983c931d3628613988a24f0be7854f63a9309b8e45f
- SHA512
  
  b432ebcc52905662d61a3f17e08e209a3f9d836a9071b3b5e80070af7ebcf34cf66c44426dda041c2a258fda4787e5692e2b35acbcd73288fb84fe3c977bbfd9
- SSDEEP
  
  384:pKlm7i+c3QW6ckPhyDEaLnA2bbBBIXwZ:8qi8BcyhEhLBbbTI
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/KillProcDLL.dll
- Size
  
  32KB
- MD5
  
  83142eac84475f4ca889c73f10d9c179
- SHA1
  
  dbe43c0de8ef881466bd74861b2e5b17598b5ce8
- SHA256
  
  ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729
- SHA512
  
  1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1
- SSDEEP
  
  384:3rYz6grZodORNWATt4TBmlk5ooyzFh7BukAUdJoUtSOSR:3QggDWATWNCFh7BNddJoxO+
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/LhNsis.dll
- Size
  
  136KB
- MD5
  
  c7e90bf806485f29fd6a12d55cc9345b
- SHA1
  
  4c67092cc34e82c8a12d2992ed31393bc1af6ea9
- SHA256
  
  c91224d0a6beebc46fef20ce716852ccccc1cbb6f12f117ed2e45f83417b0f92
- SHA512
  
  b19fe4017475a22e83d26822bce9eb7406bbffebc3fe3b7faff4ecda1fd84f975405ad814c0f09c63b55174b4a940b818f534540334bcecf7e424d84eee7b646
- SSDEEP
  
  1536:wzH0M6rtzXdJmrITjO9SVIr8JpfNi9kRCgTfgelqmCemoHF6yLl7O4m+Yam4d:LfSrtUrpFi9kRrfg4qmVHllq5+YD4d
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  4eff5fafd746f5decb93a44e3a3d570c
- SHA1
  
  a11aa7681b7e2df1c7f7492a127d332d1495ea8a
- SHA256
  
  cf61ddd15d63c25a12caee70f51ea736cfc02195c42e56ee01b33f689d3754c5
- SHA512
  
  cde82d2a1f28506e4c2264f6b82017a00af32f138ebcdbaf4cc58463870fa626f708aa57465294c5a6f096c886841e7b9112b85bf3ea2f1d8f2da816b51b2d72
- SSDEEP
  
  192:0OycJo/rJVCmIDNLU0dq5RD00lspbub76yL:6/QQ0d0RD0USq/6y
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/ebanner.dll
- Size
  
  9KB
- MD5
  
  d4eb94400c76da205cbf83cb42cf1e6c
- SHA1
  
  fdbb4723dd8c2d2c3a2ae0616419bb27db7c4de7
- SHA256
  
  d5a2884190caf25783c0abd32875f8c700abbec9f245bbee7e2584358ea864dc
- SHA512
  
  2fb517dd94e0c57cc9875229735ee5bedffe5a60d90c741299328ff625b7f25894c7a0308fda9c29d5daf667230e5f923591632c612d607774da303e2dba5050
- SSDEEP
  
  192:N+2EZfDofOtmDL55ggLujvrUvc/Ab/6HItWV:N+hEfOKgggYhbfw
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/messagebox.dll
- Size
  
  6KB
- MD5
  
  b1a548fcf6c6fc8857f21b336261fe30
- SHA1
  
  093cbcf35cc31b3a6373ef3c801647e552c73dde
- SHA256
  
  42430e825f649f669d99775e95343e0f3a39c6517b9e300c28f2e4add9d67693
- SHA512
  
  0b45d4c97104190aa850674fea0ab7b5d4cf00040c64b399178dffe1f9d7b9db25f87d2e81d38399796f2661ade3ecfc1deabca2ec07db5a8be1746297285918
- SSDEEP
  
  96:7H4EngqCn0E+deRMa3DQUhXLkYNqbo4decXRvvap7vB:pngZo2MaTJVkYNqboB61i1v
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $SMSTARTUP/7k7kϷ.exe
- Size
  
  50KB
- MD5
  
  c0f7a53f4854d976b5ea5a6f4ae0ca99
- SHA1
  
  c580dd0c77bbe1370301cac58cedab63c8fe3453
- SHA256
  
  74b87136b79424857dfd4dd6b01a9df44b4045c5ce0f706189a7e3b36614b326
- SHA512
  
  9160d328a02fc9bd2e462ddd4738ff63af5d7ef0bdacb9e6a48550fb83a57fd688873b762731bc5e9aac4ba0e376fa9e6de956d6918283c1474770b8efce1d45
- SSDEEP
  
  1536:EZFwlrRfoowfoMTIxpIplqu4VGPJB6/O+7syaNC0:EZGlFw7fonu4sPJBo7sbt
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  7zr.exe
- Size
  
  330KB
- MD5
  
  194d21e1f5c57ef311e906c8d9ed0c83
- SHA1
  
  8633e0e0deb8f0792848843f57cd15c8d2cead5d
- SHA256
  
  131eff27cc9e5764502e8fb578316c4633e6c790d93d25c922306c772c2e08af
- SHA512
  
  12a411bdbd9b79540fb16389e633c810c54d97bbb8c561866b37354a153a969bf00533985dfefebfd3424a8c227cdb668e9fddb8ade16f4ab419482f74cc8b0b
- SSDEEP
  
  6144:+GofMv/uDYSX77VyPgDk4qgeB+hS5VurnC+PI+rE7hnTaY5Mo16x7/By9w:+GoPDYSFpDNU23rn7PIkE7hnTaAMoc0w
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Encode.exe
- Size
  
  73KB
- MD5
  
  06732c612f96f55ecbb80d3e37dba151
- SHA1
  
  146a5e6f86e2708cbf1af768c5f26d16ac9f9c3f
- SHA256
  
  d8e40dbe264ff751fc0bc4d7d4d04aa5a8169141e5c82ef4f22e31d315e8fd11
- SHA512
  
  faec8e24d5eb68844640db5a22b29da41c0a758293806d19f52b42110f345526da93e4e3f0b95e98aea1387afbed5f024091225e4c85c881175d81e6dd2042c9
- SSDEEP
  
  1536:b1tpgtcQHPKM0pLQEG/SPfFdj8rF5XmiRNltUaNC1:b1fIhEES/qDzPlt1k
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  FZip.dll
- Size
  
  81KB
- MD5
  
  eda2b16a38efaa2c9ade4476570e5e03
- SHA1
  
  86cdb1811b0274bb38f00b65cc3d9a7222cb5fe2
- SHA256
  
  6644abf97208da52cdcff6298e115785e87cf16316cab85de8f1a9a19dfda6af
- SHA512
  
  5904787d1196b278ef0ff50f5f4f0d0af8f7418e3cc1d1b465c3effd2be47dca9bd54505696e4c6f8f965e8072128eceedd68e7408aecdfd3aaa5d0be0bab62c
- SSDEEP
  
  1536:IIbaFt5rgIv3Oik8UgtbSNFC9xKFrTKu6n+5eRLcakhquZX5v6lwaNCS:RaFt5rgS3OiktgtbSrC9xmX5eRcaIqum
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  HTTP.dll
- Size
  
  69KB
- MD5
  
  b1fcfa851b0aab1bbe9d7857ea219d3d
- SHA1
  
  4813da8c8ab0ae98eb89efe415427637e5ba26b4
- SHA256
  
  44bb18d9e92583d19dcddc31cdfb2c58d2af9d6e392065e0424b58f268026d8f
- SHA512
  
  7f12de242eef2b31df34454ed32bfef0981ef05cd44dbf37399a4c0fc1ec1474c2c83f4a242d21734156d5c10b80e338810bd5c34d3e7c978da5f005487eda56
- SSDEEP
  
  1536:7wc4q/5TA1yl8UOpJsHsQyxwBilY3n10sNVzAklMrAvcA6wSEaNCKf:+uVl8UXHyxwBio1lN7lMrwcAhq1f
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  LHInstall.dll
- Size
  
  37KB
- MD5
  
  baaba3043095985cd25a2ed145bec930
- SHA1
  
  e5db0602c0ce554a4312227be9040bac6a7695bc
- SHA256
  
  56c28ece9745b056b505348ee56f6a2340d40039741f60860d23ae86cc8c1fbb
- SHA512
  
  13c4b7cca681ba65d057eb3bf8a4ea6261f9acd414f0ff07c6dbdfca44d5b1198307ed5d8806114bd4b4a41017c232e563798b52e7ddc800f2f03ef0711dbbbb
- SSDEEP
  
  768:28QmYnYSpHxgWIQxhYTpnS67wgqriaFDY9flWJeJ3LWFbCgq:vCH91IlnS67wgrSDY9flWJe5aNCH
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  LangHua.exe
- Size
  
  2.1MB
- MD5
  
  4d1770fca9559746469e30933b4d83fd
- SHA1
  
  f0b0a86cb17f06aaa808e073e5e4c25a55057e1b
- SHA256
  
  d50be917d4aa3352b4adbed554517f1a473bda771c6e70cdc0431ebb08fa3ca5
- SHA512
  
  f5ec293042bbd838f283f89772375c33236cb0777490722fd1eb394d60677523c80eeb9f7ba742c919806d42cbb2922824130e821b65bb203e13e95257d8bf02
- SSDEEP
  
  49152:/E/tUmAN3BPMm19duFeUFmodToFbzeGVuv7dnMmM15UuLWy/zc:/E/toBPdEToFveGVKdni15UuLvA
Score

8^/10

bootkit discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral27 behavioral28
- Target
  
  LhLogSvr.dll
- Size
  
  81KB
- MD5
  
  1fe6a9bc475c6fe35b3bf563e36fd6bc
- SHA1
  
  81adfc071bfb2dbdbc57ba8bfedabba9e6137b97
- SHA256
  
  2893921427d24518d09fb377e21389dcceb2d9ae545d6cd44cb1ed33ba62a643
- SHA512
  
  851072c70ed14424800a131c4bb10c80c0e61732cbcc29ff8115347ccef2fb5451a5844f38d58f7d3cabb8d0fb9035ae868ec490449e207e2ea405173e2d2379
- SSDEEP
  
  1536:BKJ4aC0fkExx3LSOTcXbD/DKPhbwCcj22NulPaNCC:BK7SOqDOhbwFC2Nulif
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  LhTips.exe
- Size
  
  145KB
- MD5
  
  86a34ca266b2d2d5a179938279af00bf
- SHA1
  
  f5bf3349256f42c62e52c8cd56097046296afd4d
- SHA256
  
  48aa57174169859874546f0c8ad2228728c33261efefb8fcfce95e080563247a
- SHA512
  
  b9d1a793f37cfce843eb5d0e5efa88bfe9d278e25c273770010f40acc914badc3a4b19d7ed72a7b1d511ee7858ed75e06ecc65a52a10d1ef64c46281c9053522
- SSDEEP
  
  3072:fKX3opXwxxFMdSy353FjQsuahzkwMlGwwWfwWfq:yXYqxFMdr3533/kwDww0wSq
Score

3^/10

discovery
behavioral31 behavioral32