7b2b2bf953b870564bff1f308381d9e20e84c2577bd8c854710e4f71438b2981

Sharing

Copy URL

Twitter E-mail

General

Target

a26fe5b5b736cc1081a5c5eefd1838c6_JaffaCakes118
Size

866KB
Sample

240817-n48xlaxcmq
MD5

a26fe5b5b736cc1081a5c5eefd1838c6
SHA1

b5df487c4098322a7badeceb1f97654c82f79e6d
SHA256

7b2b2bf953b870564bff1f308381d9e20e84c2577bd8c854710e4f71438b2981
SHA512

12258b3055c3b85521524e8900026cc99a153960dbea2c41bc3524f988352b7b3878c7dc32cadad2c402412ccff96ad0ff938e80e65b628ba6341e53d19be3f8
SSDEEP

24576:dSBkDPgPuoIPuL5uhYYA+rKa3Xgk8wEge/d:oBMPgJIPcuhYMW8wwG/d

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  a26fe5b5b736cc1081a5c5eefd1838c6_JaffaCakes118
- Size
  
  866KB
- MD5
  
  a26fe5b5b736cc1081a5c5eefd1838c6
- SHA1
  
  b5df487c4098322a7badeceb1f97654c82f79e6d
- SHA256
  
  7b2b2bf953b870564bff1f308381d9e20e84c2577bd8c854710e4f71438b2981
- SHA512
  
  12258b3055c3b85521524e8900026cc99a153960dbea2c41bc3524f988352b7b3878c7dc32cadad2c402412ccff96ad0ff938e80e65b628ba6341e53d19be3f8
- SSDEEP
  
  24576:dSBkDPgPuoIPuL5uhYYA+rKa3Xgk8wEge/d:oBMPgJIPcuhYMW8wwG/d
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/Processes.dll
- Size
  
  35KB
- MD5
  
  2cfba79d485cf441c646dd40d82490fc
- SHA1
  
  83e51ac1115a50986ed456bd18729653018b9619
- SHA256
  
  86b302fa9c85dfa0c1c03ba000864a928365dab571f3355347dba02da22949b7
- SHA512
  
  cca186a7f9c5cff3f4eca410fbe8cc13dad2514a7e36aec9b1addfbcb239ace9b9b2d8427771858e3fd11783abce7e24d43c286f98da9f8b17562ca095a4c043
- SSDEEP
  
  768:uxEiycFoaj/+WSiJfmjvab7L/cUf7IIlMLRF:uxEm7sgfmjy//cgdlM/
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $TEMPYtbn/ytb_c.exe
- Size
  
  354KB
- MD5
  
  7d18bc75c1819350283c71c6fd3c4f58
- SHA1
  
  aa06961eb254365bf95ea1185932c3f71dfbbfa0
- SHA256
  
  9626df7ff25c020099504c1527025b056ef27b74e1d92d195996687344b1922b
- SHA512
  
  bd3d02f7e71aadb51f82b463826de1b0bcb4de18389c792783ae048e51fa11278f49118339a8b76f82b5d86af533e0b675a82e912196f4cadad5e199118cc941
- SSDEEP
  
  6144:IBC1M8Aw62d5DMQ4MRf2GcHGTPZoed2tLDCDL9M+e7mAnFU4IMBuRoBk4:IQD5DMSaGloediLDCDpM+e7mS1Bnk4
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $TEMPYtbn/ytb_oc.exe
- Size
  
  354KB
- MD5
  
  ed3e6f0637ea310cff9028c2ff310ee3
- SHA1
  
  1fd3563f0783b03e7ed2f9b5ee34b1cd5befbf90
- SHA256
  
  c08508d7deeb8f25e7d4a2c12030b4d9a4071152f6a2762351de02f7bca7d4a1
- SHA512
  
  9658d63b45e788740cefd7c107719379340d561697c5098bf22ba2217ed5936e40e17641d2eeab613aed58c186baeaf4b927d86326c348d4180e217ab9b18f73
- SSDEEP
  
  6144:pBmPVHQAqtdKT65rSWgIIr2oFzg93pDCDLbMr+L6ALxE3/hMs7Ok4:pEKKT6kDrFzg95DCDnMr+L6xpgk4
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $TEMPYtbn/ytbsys.exe
- Size
  
  456KB
- MD5
  
  3f9428f9780fdf2e8940715906195ce2
- SHA1
  
  c821e03160dccf764b999255162e28a8835e1bc4
- SHA256
  
  5ff66c9607acab6bcf96f17d22ed896f753155df95b63f9115545bf1913ab587
- SHA512
  
  1461de4234045d0ab948f5ce4bdf923a0f911f096b38069183535a3869bbd13365577a4c7ce5ffd03edb3dc8d7c8eb9bc578da00e7ce41b4ffff24db9455b83f
- SSDEEP
  
  6144:XQqDFnqGSjfxJL05DhW3yMTOht7U08XWEEsEpGq1TxhtllOTR+jZlKGyKB6JKfM5:hfSjZKV3qS6fXWnZntuVeIPu0Ueaez
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/Processes.dll
- Size
  
  35KB
- MD5
  
  2cfba79d485cf441c646dd40d82490fc
- SHA1
  
  83e51ac1115a50986ed456bd18729653018b9619
- SHA256
  
  86b302fa9c85dfa0c1c03ba000864a928365dab571f3355347dba02da22949b7
- SHA512
  
  cca186a7f9c5cff3f4eca410fbe8cc13dad2514a7e36aec9b1addfbcb239ace9b9b2d8427771858e3fd11783abce7e24d43c286f98da9f8b17562ca095a4c043
- SSDEEP
  
  768:uxEiycFoaj/+WSiJfmjvab7L/cUf7IIlMLRF:uxEm7sgfmjy//cgdlM/
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $TEMPYtbn/ytb_c.exe
- Size
  
  354KB
- MD5
  
  7d18bc75c1819350283c71c6fd3c4f58
- SHA1
  
  aa06961eb254365bf95ea1185932c3f71dfbbfa0
- SHA256
  
  9626df7ff25c020099504c1527025b056ef27b74e1d92d195996687344b1922b
- SHA512
  
  bd3d02f7e71aadb51f82b463826de1b0bcb4de18389c792783ae048e51fa11278f49118339a8b76f82b5d86af533e0b675a82e912196f4cadad5e199118cc941
- SSDEEP
  
  6144:IBC1M8Aw62d5DMQ4MRf2GcHGTPZoed2tLDCDL9M+e7mAnFU4IMBuRoBk4:IQD5DMSaGloediLDCDpM+e7mS1Bnk4
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  $TEMPYtbn/ytb_oc.exe
- Size
  
  354KB
- MD5
  
  ed3e6f0637ea310cff9028c2ff310ee3
- SHA1
  
  1fd3563f0783b03e7ed2f9b5ee34b1cd5befbf90
- SHA256
  
  c08508d7deeb8f25e7d4a2c12030b4d9a4071152f6a2762351de02f7bca7d4a1
- SHA512
  
  9658d63b45e788740cefd7c107719379340d561697c5098bf22ba2217ed5936e40e17641d2eeab613aed58c186baeaf4b927d86326c348d4180e217ab9b18f73
- SSDEEP
  
  6144:pBmPVHQAqtdKT65rSWgIIr2oFzg93pDCDLbMr+L6ALxE3/hMs7Ok4:pEKKT6kDrFzg95DCDnMr+L6xpgk4
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  Uninst.exe
- Size
  
  83KB
- MD5
  
  bacd58ec67ab834cd1425045173935fe
- SHA1
  
  496961b4619595b0d5df6ba300ff3aee5314cb0c
- SHA256
  
  b4a74906780ddfb753bd7bd2fa5cb01fa19aba4510d5865c43f794bdda3ecf2c
- SHA512
  
  04f723b122bee8f8540bd4a7433bef511c7dde36f6068c340e1db6641e6cb28cbd43e32035885b11e037590aa725a6770a45877d1d3578f0cb44c9884cad7408
- SSDEEP
  
  1536:XLXB65939tY6HBg4sXJqcjFrzqGCCYJ9ZUVUx0AYE/1s2SXiMl5Dovxj+hi:XLk395hYXJpFnqGMJ9vaE9s2giM0vxjB
Score

7^/10

discovery
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/Processes.dll
- Size
  
  35KB
- MD5
  
  2cfba79d485cf441c646dd40d82490fc
- SHA1
  
  83e51ac1115a50986ed456bd18729653018b9619
- SHA256
  
  86b302fa9c85dfa0c1c03ba000864a928365dab571f3355347dba02da22949b7
- SHA512
  
  cca186a7f9c5cff3f4eca410fbe8cc13dad2514a7e36aec9b1addfbcb239ace9b9b2d8427771858e3fd11783abce7e24d43c286f98da9f8b17562ca095a4c043
- SSDEEP
  
  768:uxEiycFoaj/+WSiJfmjvab7L/cUf7IIlMLRF:uxEm7sgfmjy//cgdlM/
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  Uninst.exe
- Size
  
  83KB
- MD5
  
  bacd58ec67ab834cd1425045173935fe
- SHA1
  
  496961b4619595b0d5df6ba300ff3aee5314cb0c
- SHA256
  
  b4a74906780ddfb753bd7bd2fa5cb01fa19aba4510d5865c43f794bdda3ecf2c
- SHA512
  
  04f723b122bee8f8540bd4a7433bef511c7dde36f6068c340e1db6641e6cb28cbd43e32035885b11e037590aa725a6770a45877d1d3578f0cb44c9884cad7408
- SSDEEP
  
  1536:XLXB65939tY6HBg4sXJqcjFrzqGCCYJ9ZUVUx0AYE/1s2SXiMl5Dovxj+hi:XLk395hYXJpFnqGMJ9vaE9s2giM0vxjB
Score

7^/10

discovery
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral25 behavioral26
- Target
  
  $PLUGINSDIR/Processes.dll
- Size
  
  35KB
- MD5
  
  2cfba79d485cf441c646dd40d82490fc
- SHA1
  
  83e51ac1115a50986ed456bd18729653018b9619
- SHA256
  
  86b302fa9c85dfa0c1c03ba000864a928365dab571f3355347dba02da22949b7
- SHA512
  
  cca186a7f9c5cff3f4eca410fbe8cc13dad2514a7e36aec9b1addfbcb239ace9b9b2d8427771858e3fd11783abce7e24d43c286f98da9f8b17562ca095a4c043
- SSDEEP
  
  768:uxEiycFoaj/+WSiJfmjvab7L/cUf7IIlMLRF:uxEm7sgfmjy//cgdlM/
Score

3^/10

discovery
behavioral27 behavioral28

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Executes dropped EXE

Loads dropped DLL

Deletes itself

Executes dropped EXE

Loads dropped DLL

Deletes itself

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28