Overview

overview

7

Static

static

7

a4747e7f29...18.exe

windows7-x64

7

a4747e7f29...18.exe

windows10-2004-x64

7

$PLUGINSDI...el.dll

windows7-x64

7

$PLUGINSDI...el.dll

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...Ex.dll

windows7-x64

3

$PLUGINSDI...Ex.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    a4747e7f29a54182f9eb25ffbbe3fa3a_JaffaCakes118

  • Size

    575KB

  • Sample

    240817-2rvq4avamk

  • MD5

    a4747e7f29a54182f9eb25ffbbe3fa3a

  • SHA1

    9845e99bb9836ad35b3df3155bb336e7af79f747

  • SHA256

    a5df26ac15a8125cd3c4b5035e05a8e7ec4b6123cf9e87065f26aa25d005d71a

  • SHA512

    ae15ab6029456fc816083441823ddc431d156269e428e1159856a9f97acb6512fc98ac936b071dcb19daa1e84917550e65286959a4a619bdb34103557a766f44

  • SSDEEP

    12288:ZaEr+K1+F94srm2mQGZXhvXVCpbscjhzrP5e1+F9Esrm2tQGdBcKTOh:ZaLL9ZyPZxvXVC/jhzbR9NxPdBc9

Score
7/10
adwarediscoverystealerupx

Malware Config

Targets

    • Target

      a4747e7f29a54182f9eb25ffbbe3fa3a_JaffaCakes118

    • Size

      575KB

    • MD5

      a4747e7f29a54182f9eb25ffbbe3fa3a

    • SHA1

      9845e99bb9836ad35b3df3155bb336e7af79f747

    • SHA256

      a5df26ac15a8125cd3c4b5035e05a8e7ec4b6123cf9e87065f26aa25d005d71a

    • SHA512

      ae15ab6029456fc816083441823ddc431d156269e428e1159856a9f97acb6512fc98ac936b071dcb19daa1e84917550e65286959a4a619bdb34103557a766f44

    • SSDEEP

      12288:ZaEr+K1+F94srm2mQGZXhvXVCpbscjhzrP5e1+F9Esrm2tQGdBcKTOh:ZaLL9ZyPZxvXVC/jhzbR9NxPdBc9

    Score
    7/10
    adwarediscoverystealerupx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/SelfDel.dll

    • Size

      4KB

    • MD5

      7cff7fe2caea5184d98c147e7e263132

    • SHA1

      21f39d3d0dd5f7198d67ef30e95d10ae3460093e

    • SHA256

      281c39b733579e031c62bdd247b41543ece1fe3bd6eda26fc8ad474b10f33101

    • SHA512

      fb1161b8571d1d0c67e2df0d571b08f5e7a73f81409aed847344154d02406910629181bcce4e18e998ec472f51a6a1b40d956a010abdd10e850413aafa87808a

    • SSDEEP

      48:CzHDh3jgWMynQfXKsJ3eAn67wN4VDm0pmoZSeJY8JTaCILFoyTFS7lWsaEaSueq:S18WMynkXKOOATEVUPnS7s9TShqTM

    Score
    7/10
    discoveryupx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/nsProcEx.dll

    • Size

      24KB

    • MD5

      0216cab025a4ea223141f66cbe14ccaf

    • SHA1

      b08b563d5fd794e17208912e8237c961bca5516f

    • SHA256

      c5c30c304347226e4ae6b758ba6ba0589cf1c0aee55886c4354859088bf88cf7

    • SHA512

      e870aa7381e459e4114529efbfe0a354216b8e846c7c60e550749c6c625b98f8633da5e30192737a5f65de387f9497eebaf6502615cbb6fa16da5b8c5574207a

    • SSDEEP

      96:HsZxclQljYIyBzL0sK13V0JMFwjmpsbIk+pszeqQRr1quCo2of1:Hcxf9pyBzL0P13CMYskVzeqQ2jo

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/nsProcess.dll

    • Size

      4KB

    • MD5

      8f4ac52cb2f7143f29f114add12452ad

    • SHA1

      29dc25f5d69bf129d608b83821c8ec8ab8c8edb3

    • SHA256

      b214d73aea95191f7363ad93cdc12b6fbd50a3a54b0aa891b3d45bc4b7b2aa04

    • SHA512

      2f9e2c7450557c2b88a12d3a3b4ab999c9f2a4df0d39dcd795b307b89855387bc96fc6d4fb51de8f33de0780e08a3b15fdad43daeaf7373cca71b01d7afdaf0c

    • SSDEEP

      48:6sG7qYBUYBFxhRwYCI0owYlOdkPm4LYZ5sRXEv26vqAa4GEVu:HhYBUYBL0Toa7+Q5sKG4GEV

    Score
    3/10
    discovery
    behavioral10behavioral9

MITRE ATT&CK Enterprise v15

Tasks