4e60e1b96d82e9d18d8c65595ecb6c839f534ca6d7ce65315552b6e239ab862a

Sharing

Copy URL Twitter E-mail

General

Target

a0cd831fa000ba0a177bf0e46dd55402_JaffaCakes118
Size

452KB
Sample

240817-cgdmdsvakk
MD5

a0cd831fa000ba0a177bf0e46dd55402
SHA1

17a98e2373e22f86a6bf60c32a68c11bd0bb6ad4
SHA256

4e60e1b96d82e9d18d8c65595ecb6c839f534ca6d7ce65315552b6e239ab862a
SHA512

4389bd1a6f202ac832a2771cd468f50c38e540d04c859e3e0b44f0bde6c0f174baa0747c4e3b1a789198e5c727ab10ee788621853dfb69cd3da39568cf9765af
SSDEEP

12288:4uMtulvMJfnAweF70GjENCvDXsKYBThRlSjVM:UQv4o0i5cvLoq

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  a0cd831fa000ba0a177bf0e46dd55402_JaffaCakes118
- Size
  
  452KB
- MD5
  
  a0cd831fa000ba0a177bf0e46dd55402
- SHA1
  
  17a98e2373e22f86a6bf60c32a68c11bd0bb6ad4
- SHA256
  
  4e60e1b96d82e9d18d8c65595ecb6c839f534ca6d7ce65315552b6e239ab862a
- SHA512
  
  4389bd1a6f202ac832a2771cd468f50c38e540d04c859e3e0b44f0bde6c0f174baa0747c4e3b1a789198e5c727ab10ee788621853dfb69cd3da39568cf9765af
- SSDEEP
  
  12288:4uMtulvMJfnAweF70GjENCvDXsKYBThRlSjVM:UQv4o0i5cvLoq
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  $1
- Size
  
  697KB
- MD5
  
  2e30c329a59d3bc3a14b61889642c6ef
- SHA1
  
  d0db21609c4a67f62649e4b72c8d83c481a7f7ae
- SHA256
  
  0515d9773ee665bf9b67b6e8ebefabc0ad4aeff365d6ece7399cb867ccc93233
- SHA512
  
  f9dc1bf8b109354a98670ef39aea27b4c36daa0f14ac26aa1f1c0325c95fdfad4ff803ee0e8eba5aa12beb1bac2ed7bf713bae762e0565829cef35b7949918cb
- SSDEEP
  
  6144:5rcihvKU0a5mcYdoo5Yf6NdEdfy0WEUWwvkL8L3ME4uamALNaACoV9AVYBX+0dyo:5YiAUBx6/EdKWaDajMYuDeK8ci6aW8
Score

7^/10

discovery persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  32aa6334fc543e70ef0f792bb9a0c45a
- SHA1
  
  54be1f5004f7e5afe7c9ba160495076ea2a4d60c
- SHA256
  
  610e54bcfc2831d4f9d7030ceb16d35ee33006403d842f01b6e75bebea0083e2
- SHA512
  
  ac92116821a032de8df64bf9aea9c6ba4040467eebaa4e028c2bf031f1c81bb69531288b9d89d951b952fe0b4ecccade874a5ae76d04db8b4dee2d13c486f9ae
- SSDEEP
  
  192:V6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTwK72dwF7dBdcQOz:V6JaVh4I5rpPbTw+BdhO
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/Internet.dll
- Size
  
  4KB
- MD5
  
  78d026611a970fe14e983a6b9490ea34
- SHA1
  
  cbf63f3aade515f3fc3fbbcc4e12913f1a472d49
- SHA256
  
  96100f4ba9563ced97add567f4461541cbe9a085ab5276754bee38dc060a6867
- SHA512
  
  efbb6bcca88dae073babac2dcf1ad8444c209792cd82820a00483fa365cb899f4979ca29d6ca22de4b975eae2dab8e736a83bc574265925cafcdcfae9cb7915f
- SSDEEP
  
  48:qw8gNw0WamqZ3XDo5CKNzt9ymk4q4HSIbYvjDkCLL5HqKI:PPWamqRzqN3vH+fJLL5D
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  952ce5aeeab2b77728a9fd9cb38d2d74
- SHA1
  
  0cb1b936dddab231f789813789027965cc46fcfc
- SHA256
  
  f1c245f152db080cce5a0c8c4ab1c9727721d2f69e22a56955647db9332a3cdc
- SHA512
  
  598a243ad7148f08501da05c5e3e4b9ead817c613bd539c350f84042e2b7a37fa5b24697ca27d474c68b4715a3274f208369f182b70b844f59b3b5f16f5ed36c
- SSDEEP
  
  96:Z+yBC0x22epxPEvC4FkWE+in1/FMvsCGRfRFqCB5tkGhEl5VN:Z+6epxPE1r8/FtmCDtbg5v
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  7d85b1f619a3023cc693a88f040826d2
- SHA1
  
  09f5d32f8143e7e0d9270430708db1b9fc8871a8
- SHA256
  
  dc198967b0fb2bc7aaab0886a700c7f4d8cb346c4f9d48b9b220487b0dfe8a18
- SHA512
  
  5465804c56d6251bf369609e1b44207b717228a8ac36c7992470b9daf4a231256c0ce95e0b027c4164e62d9656742a56e2b51e9347c8b17ab51ff40f32928c85
- SSDEEP
  
  192:IDO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1afgMO:TKAFERdlxhGRYUzqZaf
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  d32369577fe83536aecc590f75709db5
- SHA1
  
  67940c12e2d1fc2ce9c8f83169484207319198a4
- SHA256
  
  f706e181d8fc334e4e4147e5c1a1761b049d32247a9eda721d9ac7b3caf51f02
- SHA512
  
  dac023697b22335c35685c4176c57c16ffa12d72356cd5cdada9f1ef78373d9a29434405c8427060570fa36819721f521964ad6680eb3b920b124f1be92ec71c
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $TEMP/repair.exe
- Size
  
  697KB
- MD5
  
  2e30c329a59d3bc3a14b61889642c6ef
- SHA1
  
  d0db21609c4a67f62649e4b72c8d83c481a7f7ae
- SHA256
  
  0515d9773ee665bf9b67b6e8ebefabc0ad4aeff365d6ece7399cb867ccc93233
- SHA512
  
  f9dc1bf8b109354a98670ef39aea27b4c36daa0f14ac26aa1f1c0325c95fdfad4ff803ee0e8eba5aa12beb1bac2ed7bf713bae762e0565829cef35b7949918cb
- SSDEEP
  
  6144:5rcihvKU0a5mcYdoo5Yf6NdEdfy0WEUWwvkL8L3ME4uamALNaACoV9AVYBX+0dyo:5YiAUBx6/EdKWaDajMYuDeK8ci6aW8
Score

7^/10

discovery persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral15 behavioral16
- Target
  
  mfc42u.dll
- Size
  
  128KB
- MD5
  
  ef786e3704f45fea25a4547cb827398b
- SHA1
  
  2a91d9ab881ba9408219241c3e6037130817f4d7
- SHA256
  
  1f1d6e37b596cd43dbda86b743aea866411548a2c392e7c8b5de3ed6c0745aa9
- SHA512
  
  3980c79cdc18928db3c63f070d33c90cde430fa40d3eb34068dff6496a72d67ccce2d47b70ae1820a6f1340970eeead40d80d27a2490a3b8e03278344a452276
- SSDEEP
  
  3072:08KI2o1Q9/G1Usw6UuDDuGlcm+GwH0OfReQ7HCl:3T7jmdODsm+GwHl5eYCl
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  repair.exe
- Size
  
  697KB
- MD5
  
  2e30c329a59d3bc3a14b61889642c6ef
- SHA1
  
  d0db21609c4a67f62649e4b72c8d83c481a7f7ae
- SHA256
  
  0515d9773ee665bf9b67b6e8ebefabc0ad4aeff365d6ece7399cb867ccc93233
- SHA512
  
  f9dc1bf8b109354a98670ef39aea27b4c36daa0f14ac26aa1f1c0325c95fdfad4ff803ee0e8eba5aa12beb1bac2ed7bf713bae762e0565829cef35b7949918cb
- SSDEEP
  
  6144:5rcihvKU0a5mcYdoo5Yf6NdEdfy0WEUWwvkL8L3ME4uamALNaACoV9AVYBX+0dyo:5YiAUBx6/EdKWaDajMYuDeK8ci6aW8
Score

7^/10

discovery persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Adds Run key to start application

Loads dropped DLL

Adds Run key to start application

Loads dropped DLL

Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20