Overview

overview

3

Static

static

1

api/poll.js

windows7-x64

3

api/poll.js

windows10-2004-x64

3

api/uc.js

windows7-x64

3

api/uc.js

windows10-2004-x64

3

api/新云软件.url

windows7-x64

1

api/新云软件.url

windows10-2004-x64

1

config/con...lt.ps1

windows7-x64

3

config/con...lt.ps1

windows10-2004-x64

3

data/ipdata/index.htm

windows7-x64

3

data/ipdata/index.htm

windows10-2004-x64

1

install/in...on.ps1

windows7-x64

3

install/in...on.ps1

windows10-2004-x64

3

install/in...sql.js

windows7-x64

3

install/in...sql.js

windows10-2004-x64

3

install/index.js

windows7-x64

3

install/index.js

windows10-2004-x64

3

install/update.ps1

windows7-x64

3

install/update.ps1

windows10-2004-x64

3

source/adm...der.js

windows7-x64

3

source/adm...der.js

windows10-2004-x64

3

source/adm...ain.js

windows7-x64

3

source/adm...ain.js

windows10-2004-x64

3

source/adm...ile.js

windows7-x64

3

source/adm...ile.js

windows10-2004-x64

3

source/adm...ll.ps1

windows7-x64

3

source/adm...ll.ps1

windows10-2004-x64

3

source/adm...ex.htm

windows7-x64

3

source/adm...ex.htm

windows10-2004-x64

3

source/cla...ncp.js

windows7-x64

3

source/cla...ncp.js

windows10-2004-x64

3

source/cla...ode.js

windows7-x64

3

source/cla...ode.js

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    916cb24a2c3a3d3062787350ceb4a0cf_JaffaCakes118

  • Size

    1.9MB

  • Sample

    240813-dy5b4ssanb

  • MD5

    916cb24a2c3a3d3062787350ceb4a0cf

  • SHA1

    d7c3743c16dac76f442f234d10d3b67bd5d3c57e

  • SHA256

    e20bbd3e44d366c63c6351458dd12c5da56b26e188f911728aca23727f517d6b

  • SHA512

    8b12ee03dd0e5af897563bccd3f13c46ebc4875e05c7d3b0166b26ca99be98dbd86f22bbbcd9fdb4b38d869142e214ac195061d296cf09bf5247d92a47c783f6

  • SSDEEP

    49152:GUNKVt4BcTv4mfvzis7i8VEZiPqNm/KHVQN/:zNut46Ff+oi8VvXKM

Score
3/10
discoveryexecution

Malware Config

Targets

    • Target

      api/poll.php

    • Size

      4KB

    • MD5

      82b007c0ce32fe5865dfaf42242a9d7e

    • SHA1

      6e4cf5e6a74df01bce67cdc0e421ed2492639a47

    • SHA256

      9e1bba952b17df79bba070286d9a9af151fdf50776d2dcaefcc5d64c1440f658

    • SHA512

      eef69facac7d4e7d88089e15fd1ab4e6c50fe4b1149e9ad32241a520f86e5a3dd60e42a0b139b895de1405a43edda8452fdb5ed8d46da068d65c142e051b8cd3

    • SSDEEP

      96:IOjfOPW9OxJSHQiSfQt4bwqBuV4WK/KEKiasKgKvKnK1IKg7wPKdDKJ3kUURhp1:IwfOPW9OxXbJBuH+BfasB0mfGidDKJ3O

    Score
    3/10
    execution
    behavioral1behavioral2

    • Target

      api/uc.php

    • Size

      10KB

    • MD5

      5fc246429cea94c6974315bb591e9ab1

    • SHA1

      418e3b0a32f6b88adf7eae08f8a12f10558397b3

    • SHA256

      5d96d5e526a1ec892200ad3e67b7a2b1e48e81761af5ff342fb7ab18afb3feec

    • SHA512

      96eb8592f2c62f4b09dece4f66a4e7530e41e6466e78fd5d0b46b9b813745fe4a6e0854aac2fb7a2d27ae80efde3278c9b2b385c210ddaf32c3c8ff0e241521e

    • SSDEEP

      192:Iwar0rxcSJ4fBd9JR/YAhjMeDc6EHFPQ/n3T+R6:ur0rxHkr/YAhjzNEHFPQ/n3T+R6

    Score
    3/10
    execution
    behavioral3behavioral4

    • Target

      api/新云软件.url

    • Size

      133B

    • MD5

      4f0017b3b346bd0626f0c3b915e6e734

    • SHA1

      823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92

    • SHA256

      df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678

    • SHA512

      0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6

    Score
    1/10
    behavioral5behavioral6

    • Target

      config/config_global_default.php

    • Size

      3KB

    • MD5

      f49e7d1798298a082e0369c95a291776

    • SHA1

      e32156d72435ae89c0a5e4514af137941684473b

    • SHA256

      4977ce5f255a3463e97f60cc8782ef6a9ae39ba84b79c764ae9b02621f6bd43a

    • SHA512

      d938f76db04e245b037b33fd9e2eebe9426fb9e023061729cc2132efb65eecba1c1e526f599e57b0bf672e07213ea785d77a409cd2cee6304cae02af1009e67f

    Score
    3/10
    execution
    behavioral7behavioral8

    • Target

      data/ipdata/index.htm

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      install/include/install_function.php

    • Size

      51KB

    • MD5

      9c83c1823a4bb46dbb91bb94386da2bb

    • SHA1

      d3e48351ed72346919343f8eea294743cf89ee43

    • SHA256

      ab8888be9feed77ad1a16896b7abf5e7db444ae92ab8eb9d30703ecf472e706c

    • SHA512

      a4e33157385fabb75fd2667af855df12fd6fea36e8aaf6ccb63ec4dd577c7574bff9c30ee5e461af45020657ef0a96a0a94cf29d36aed27a2877411b7dd5011c

    • SSDEEP

      768:e27bml08ypfhqi0JoRU27N42VCSMOgU70YnmiYKJYBZtTfhqBQjJObvOI+:OBGUCTVCSMd2nFY/CQjJIOI+

    Score
    3/10
    execution
    behavioral11behavioral12

    • Target

      install/include/install_mysql.php

    • Size

      3KB

    • MD5

      b3d90d3cab6c7df5717cb9bc89734e2f

    • SHA1

      76c98834e0420df39d26416769be1f4b7b671a79

    • SHA256

      f0a4d73068dae1eead3f2113724b9bea78e874fd99ed08dd18b148fdb85fd8dc

    • SHA512

      18bbafb0ec869ba8e64766a0709d508e3c8052aceb81024f70b1173050cac649ced814aadeb45146d93a8ea9618cc03be9b5da13e7bfac31c689e0a81d4773ca

    Score
    3/10
    execution
    behavioral13behavioral14

    • Target

      install/index.php

    • Size

      14KB

    • MD5

      633f010a58b8ab0af889ed3b3605a216

    • SHA1

      389ceac38dbda1e98ad12212559c29d74e2155e1

    • SHA256

      ead77c025c17e12afc513025166d5415dc3942b7298f32fa58a5d86693068108

    • SHA512

      cb40b9a9b4a2bf3156758ba1baa7cf0c9ae36692995d54d640d525863a95da36581a52e1baf25e7bb7d3c515ee556b5f9a0fad6aed7b1d5a7a25c0dd021c3480

    • SSDEEP

      192:IwPVqt4USyyzz78mK/mqucMUvcVgkgkCdVhyKpkajCcsGuROFG1OTNm/NLgi1SsA:65lMUEKGCayhoWGQTsWX

    Score
    3/10
    execution
    behavioral15behavioral16

    • Target

      install/update.php

    • Size

      14KB

    • MD5

      7146563a5f9883d04112ae73a22d398b

    • SHA1

      9140ba0fe0ef51c8607d1ee6c79a81316d6afc2f

    • SHA256

      1a36a9cd22fcfc50f51ee261b6c6d495de9bdd4722a55b50d48a7056b2f7bbc6

    • SHA512

      50cd0daa9590cf8b422273cef0fce2ede03f1cae734f5326e6579730bec84157353f4d773d944325d12234848e50aee2da3fb08bd32100ad5784c2ecb2751ce6

    • SSDEEP

      192:IwUOPxW9Ox/tLN02Fhy2qDw3tHM09hrsA9hWfJwGeGeZmXbWU+fGx3QU:IOPxW9A/tLSIsw3h8A94j3X6U6U

    Score
    3/10
    execution
    behavioral17behavioral18

    • Target

      source/admincp/admincp_founder.php

    • Size

      18KB

    • MD5

      4c70a371101fd4794c442b0e2b2587b9

    • SHA1

      06198defcc4b1334c33911a78eadaa6d6f581837

    • SHA256

      3e48e95785e230aaef24e854f60bd394bcf919b423e6bcd26fdb9e30e25bb8c2

    • SHA512

      ddc1df836c4919f8a1c1c20254928b988002c93c8118d9ccac47133c5fb0c537d0fd5befec819927741eb3bd59b9d7684efae2bf729e3de5d06abeb7aa97134f

    • SSDEEP

      384:rTYCEdTsUNTI/0gaBvLyqN6sGeiDMqEFUeQskdW1:nYCETNTc0gaBvLyqN6scMqEFUeGdE

    Score
    3/10
    execution
    behavioral19behavioral20

    • Target

      source/admincp/admincp_main.php

    • Size

      11KB

    • MD5

      abefbbf23499bdc8fa0f41fa9e1d0252

    • SHA1

      cde5503cbaec06eb44819ada1db14c8bf0dff744

    • SHA256

      15225e225e7510b6296e9b22031cf26dd18af9fbc49b74eeda6f3b1861b85983

    • SHA512

      4ba3fca65b2abf704cd3fbf920409e64e68a33288d91019e9e0b939277bb4bd283f6eee724b850a8292ea502a25a062fe52939d1f113e072016d870daf480fd2

    • SSDEEP

      192:Iwde4I0/JReqFDO39sAu+czXsNWtM1uXN0PUo7u6I4ounalWgA//m6mLxyh:gf0/JR/W9sAEzXWWtM1yCPUo7GBGalWP

    Score
    3/10
    execution
    behavioral21behavioral22

    • Target

      source/admincp/admincp_memberprofile.php

    • Size

      10KB

    • MD5

      2c19277bcbf91b361b83544833f5611a

    • SHA1

      8d4b779c91abd7b7d9e7ea4232c5d7c92b6aff0c

    • SHA256

      5be9240bd680f38eb0ed249f31112e9e71c396c3b79f1e9be1f65d89dd9d653b

    • SHA512

      1248eaf6e6f0e0a350107487a0764ac9381caee129da65a5af4188bedbd444d2758594a3728f5645fdf4ee18935b9122655e463e956788b925ad73fbcacd30d8

    • SSDEEP

      192:IVdXtftD0uiLbHuXvy5dv/Xo7Kw3cQrVwQN/9iMAgpiQDDk:ytfwbHuXvydIl3nrVZHAgu

    Score
    3/10
    execution
    behavioral23behavioral24

    • Target

      source/admincp/admincp_poll.php

    • Size

      35KB

    • MD5

      6eac4e52eb3c46f4c3fc3641dac10360

    • SHA1

      8c99afc3f9c5f407ddb1c0b7beb5fe11f6ee29dc

    • SHA256

      ca92670422acfa574c33bf6a68936f5d42912a6093d52e184e2e10bd0dbf4b8f

    • SHA512

      f9dfc18b83a641256cc134e9a2097a3afa9e80894cf47bb86c5a90fb67a040da419afbc8e9ad7cf95790773c2074c26d2bdee4fe0c27053741ea5823622ff390

    • SSDEEP

      384:G5JzVQJ9kn2DA2eWrQO6lLWXrT4g1wkyoUQ5+Kc:UJCJ9Q5WWqrT4g1wkyoUyM

    Score
    3/10
    execution
    behavioral25behavioral26

    • Target

      source/admincp/index.htm

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    3/10
    discovery
    behavioral27behavioral28

    • Target

      source/class/class_admincp.php

    • Size

      8KB

    • MD5

      782b47067be1060de515ff2c115947f7

    • SHA1

      2397137c154b6c2e8cef790b21e048ffd39a0045

    • SHA256

      8e3a2afeefd9e447985d960c1f526d9f6a2398ffecd71228024a45facf32853d

    • SHA512

      e8c4c0a90d94ac1f2a5109a084131172ed2931e9df86bc6c9f13c412cffc61fd201edc84f13289b1a61097e16725536ce2cee7b1887423d656cb65af08a7144b

    • SSDEEP

      96:Itj0VcYfeJATumnYLqrGAH5WZIltnH8L98klRVT35TNX7pdvBdvjvdotTyI94W4W:IVKZpumnYL61nH8R8WR5/bj9hZurhAq

    Score
    3/10
    execution
    behavioral29behavioral30

    • Target

      source/class/class_bbcode.php

    • Size

      3KB

    • MD5

      e941d750b126dedbdaa64366b2e612c3

    • SHA1

      f14983e7b8d65530d2cce5b0814855da34737fe1

    • SHA256

      92555089401ae1cb0de00bfc1510353868438e5375a311f13a810a21024a460d

    • SHA512

      1b7e85951e2fd58414612350f92fc86face268610ca56cfda89076d0632214fc25e27d1f0280b4eb05ac67cdf8f49a2d46e0ec62448d8730fcac66e2c8028435

    Score
    3/10
    execution
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

13
T1059

PowerShell

4
T1059.001

JavaScript

9
T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Location Discovery

2
T1614

System Language Discovery

2
T1614.001

Browser Information Discovery

1
T1217

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

Score
1/10

behavioral1

execution
Score
3/10

behavioral2

execution
Score
3/10

behavioral3

execution
Score
3/10

behavioral4

execution
Score
3/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

execution
Score
3/10

behavioral8

execution
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

Score
1/10

behavioral11

execution
Score
3/10

behavioral12

execution
Score
3/10

behavioral13

execution
Score
3/10

behavioral14

execution
Score
3/10

behavioral15

execution
Score
3/10

behavioral16

execution
Score
3/10

behavioral17

execution
Score
3/10

behavioral18

execution
Score
3/10

behavioral19

execution
Score
3/10

behavioral20

execution
Score
3/10

behavioral21

execution
Score
3/10

behavioral22

execution
Score
3/10

behavioral23

execution
Score
3/10

behavioral24

execution
Score
3/10

behavioral25

execution
Score
3/10

behavioral26

execution
Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

execution
Score
3/10

behavioral30

execution
Score
3/10

behavioral31

execution
Score
3/10

behavioral32

execution
Score
3/10