General

  • Target

    a26fe5b5b736cc1081a5c5eefd1838c6_JaffaCakes118

  • Size

    866KB

  • Sample

    240817-n48xlaxcmq

  • MD5

    a26fe5b5b736cc1081a5c5eefd1838c6

  • SHA1

    b5df487c4098322a7badeceb1f97654c82f79e6d

  • SHA256

    7b2b2bf953b870564bff1f308381d9e20e84c2577bd8c854710e4f71438b2981

  • SHA512

    12258b3055c3b85521524e8900026cc99a153960dbea2c41bc3524f988352b7b3878c7dc32cadad2c402412ccff96ad0ff938e80e65b628ba6341e53d19be3f8

  • SSDEEP

    24576:dSBkDPgPuoIPuL5uhYYA+rKa3Xgk8wEge/d:oBMPgJIPcuhYMW8wwG/d

Malware Config

Targets

    • Target

      a26fe5b5b736cc1081a5c5eefd1838c6_JaffaCakes118

    • Size

      866KB

    • MD5

      a26fe5b5b736cc1081a5c5eefd1838c6

    • SHA1

      b5df487c4098322a7badeceb1f97654c82f79e6d

    • SHA256

      7b2b2bf953b870564bff1f308381d9e20e84c2577bd8c854710e4f71438b2981

    • SHA512

      12258b3055c3b85521524e8900026cc99a153960dbea2c41bc3524f988352b7b3878c7dc32cadad2c402412ccff96ad0ff938e80e65b628ba6341e53d19be3f8

    • SSDEEP

      24576:dSBkDPgPuoIPuL5uhYYA+rKa3Xgk8wEge/d:oBMPgJIPcuhYMW8wwG/d

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Target

      $PLUGINSDIR/Processes.dll

    • Size

      35KB

    • MD5

      2cfba79d485cf441c646dd40d82490fc

    • SHA1

      83e51ac1115a50986ed456bd18729653018b9619

    • SHA256

      86b302fa9c85dfa0c1c03ba000864a928365dab571f3355347dba02da22949b7

    • SHA512

      cca186a7f9c5cff3f4eca410fbe8cc13dad2514a7e36aec9b1addfbcb239ace9b9b2d8427771858e3fd11783abce7e24d43c286f98da9f8b17562ca095a4c043

    • SSDEEP

      768:uxEiycFoaj/+WSiJfmjvab7L/cUf7IIlMLRF:uxEm7sgfmjy//cgdlM/

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $TEMPYtbn/ytb_c.exe

    • Size

      354KB

    • MD5

      7d18bc75c1819350283c71c6fd3c4f58

    • SHA1

      aa06961eb254365bf95ea1185932c3f71dfbbfa0

    • SHA256

      9626df7ff25c020099504c1527025b056ef27b74e1d92d195996687344b1922b

    • SHA512

      bd3d02f7e71aadb51f82b463826de1b0bcb4de18389c792783ae048e51fa11278f49118339a8b76f82b5d86af533e0b675a82e912196f4cadad5e199118cc941

    • SSDEEP

      6144:IBC1M8Aw62d5DMQ4MRf2GcHGTPZoed2tLDCDL9M+e7mAnFU4IMBuRoBk4:IQD5DMSaGloediLDCDpM+e7mS1Bnk4

    Score
    3/10
    • Target

      $TEMPYtbn/ytb_oc.exe

    • Size

      354KB

    • MD5

      ed3e6f0637ea310cff9028c2ff310ee3

    • SHA1

      1fd3563f0783b03e7ed2f9b5ee34b1cd5befbf90

    • SHA256

      c08508d7deeb8f25e7d4a2c12030b4d9a4071152f6a2762351de02f7bca7d4a1

    • SHA512

      9658d63b45e788740cefd7c107719379340d561697c5098bf22ba2217ed5936e40e17641d2eeab613aed58c186baeaf4b927d86326c348d4180e217ab9b18f73

    • SSDEEP

      6144:pBmPVHQAqtdKT65rSWgIIr2oFzg93pDCDLbMr+L6ALxE3/hMs7Ok4:pEKKT6kDrFzg95DCDnMr+L6xpgk4

    Score
    3/10
    • Target

      $TEMPYtbn/ytbsys.exe

    • Size

      456KB

    • MD5

      3f9428f9780fdf2e8940715906195ce2

    • SHA1

      c821e03160dccf764b999255162e28a8835e1bc4

    • SHA256

      5ff66c9607acab6bcf96f17d22ed896f753155df95b63f9115545bf1913ab587

    • SHA512

      1461de4234045d0ab948f5ce4bdf923a0f911f096b38069183535a3869bbd13365577a4c7ce5ffd03edb3dc8d7c8eb9bc578da00e7ce41b4ffff24db9455b83f

    • SSDEEP

      6144:XQqDFnqGSjfxJL05DhW3yMTOht7U08XWEEsEpGq1TxhtllOTR+jZlKGyKB6JKfM5:hfSjZKV3qS6fXWnZntuVeIPu0Ueaez

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $PLUGINSDIR/Processes.dll

    • Size

      35KB

    • MD5

      2cfba79d485cf441c646dd40d82490fc

    • SHA1

      83e51ac1115a50986ed456bd18729653018b9619

    • SHA256

      86b302fa9c85dfa0c1c03ba000864a928365dab571f3355347dba02da22949b7

    • SHA512

      cca186a7f9c5cff3f4eca410fbe8cc13dad2514a7e36aec9b1addfbcb239ace9b9b2d8427771858e3fd11783abce7e24d43c286f98da9f8b17562ca095a4c043

    • SSDEEP

      768:uxEiycFoaj/+WSiJfmjvab7L/cUf7IIlMLRF:uxEm7sgfmjy//cgdlM/

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $TEMPYtbn/ytb_c.exe

    • Size

      354KB

    • MD5

      7d18bc75c1819350283c71c6fd3c4f58

    • SHA1

      aa06961eb254365bf95ea1185932c3f71dfbbfa0

    • SHA256

      9626df7ff25c020099504c1527025b056ef27b74e1d92d195996687344b1922b

    • SHA512

      bd3d02f7e71aadb51f82b463826de1b0bcb4de18389c792783ae048e51fa11278f49118339a8b76f82b5d86af533e0b675a82e912196f4cadad5e199118cc941

    • SSDEEP

      6144:IBC1M8Aw62d5DMQ4MRf2GcHGTPZoed2tLDCDL9M+e7mAnFU4IMBuRoBk4:IQD5DMSaGloediLDCDpM+e7mS1Bnk4

    Score
    3/10
    • Target

      $TEMPYtbn/ytb_oc.exe

    • Size

      354KB

    • MD5

      ed3e6f0637ea310cff9028c2ff310ee3

    • SHA1

      1fd3563f0783b03e7ed2f9b5ee34b1cd5befbf90

    • SHA256

      c08508d7deeb8f25e7d4a2c12030b4d9a4071152f6a2762351de02f7bca7d4a1

    • SHA512

      9658d63b45e788740cefd7c107719379340d561697c5098bf22ba2217ed5936e40e17641d2eeab613aed58c186baeaf4b927d86326c348d4180e217ab9b18f73

    • SSDEEP

      6144:pBmPVHQAqtdKT65rSWgIIr2oFzg93pDCDLbMr+L6ALxE3/hMs7Ok4:pEKKT6kDrFzg95DCDnMr+L6xpgk4

    Score
    3/10
    • Target

      Uninst.exe

    • Size

      83KB

    • MD5

      bacd58ec67ab834cd1425045173935fe

    • SHA1

      496961b4619595b0d5df6ba300ff3aee5314cb0c

    • SHA256

      b4a74906780ddfb753bd7bd2fa5cb01fa19aba4510d5865c43f794bdda3ecf2c

    • SHA512

      04f723b122bee8f8540bd4a7433bef511c7dde36f6068c340e1db6641e6cb28cbd43e32035885b11e037590aa725a6770a45877d1d3578f0cb44c9884cad7408

    • SSDEEP

      1536:XLXB65939tY6HBg4sXJqcjFrzqGCCYJ9ZUVUx0AYE/1s2SXiMl5Dovxj+hi:XLk395hYXJpFnqGMJ9vaE9s2giM0vxjB

    Score
    7/10
    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $PLUGINSDIR/Processes.dll

    • Size

      35KB

    • MD5

      2cfba79d485cf441c646dd40d82490fc

    • SHA1

      83e51ac1115a50986ed456bd18729653018b9619

    • SHA256

      86b302fa9c85dfa0c1c03ba000864a928365dab571f3355347dba02da22949b7

    • SHA512

      cca186a7f9c5cff3f4eca410fbe8cc13dad2514a7e36aec9b1addfbcb239ace9b9b2d8427771858e3fd11783abce7e24d43c286f98da9f8b17562ca095a4c043

    • SSDEEP

      768:uxEiycFoaj/+WSiJfmjvab7L/cUf7IIlMLRF:uxEm7sgfmjy//cgdlM/

    Score
    3/10
    • Target

      Uninst.exe

    • Size

      83KB

    • MD5

      bacd58ec67ab834cd1425045173935fe

    • SHA1

      496961b4619595b0d5df6ba300ff3aee5314cb0c

    • SHA256

      b4a74906780ddfb753bd7bd2fa5cb01fa19aba4510d5865c43f794bdda3ecf2c

    • SHA512

      04f723b122bee8f8540bd4a7433bef511c7dde36f6068c340e1db6641e6cb28cbd43e32035885b11e037590aa725a6770a45877d1d3578f0cb44c9884cad7408

    • SSDEEP

      1536:XLXB65939tY6HBg4sXJqcjFrzqGCCYJ9ZUVUx0AYE/1s2SXiMl5Dovxj+hi:XLk395hYXJpFnqGMJ9vaE9s2giM0vxjB

    Score
    7/10
    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $PLUGINSDIR/Processes.dll

    • Size

      35KB

    • MD5

      2cfba79d485cf441c646dd40d82490fc

    • SHA1

      83e51ac1115a50986ed456bd18729653018b9619

    • SHA256

      86b302fa9c85dfa0c1c03ba000864a928365dab571f3355347dba02da22949b7

    • SHA512

      cca186a7f9c5cff3f4eca410fbe8cc13dad2514a7e36aec9b1addfbcb239ace9b9b2d8427771858e3fd11783abce7e24d43c286f98da9f8b17562ca095a4c043

    • SSDEEP

      768:uxEiycFoaj/+WSiJfmjvab7L/cUf7IIlMLRF:uxEm7sgfmjy//cgdlM/

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discoverypersistence
Score
7/10

behavioral2

discoverypersistence
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
7/10

behavioral12

discovery
Score
7/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
7/10

behavioral22

discovery
Score
7/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
7/10

behavioral26

discovery
Score
7/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10