General

  • Target

    a4bcc3d83db92af30efb92b91c173fde_JaffaCakes118

  • Size

    4.1MB

  • Sample

    240818-a2nxrawcqa

  • MD5

    a4bcc3d83db92af30efb92b91c173fde

  • SHA1

    d3a18f9612dbc77563af00d4320b434f13b1384c

  • SHA256

    ed20ff85f5df587140e0780e16a5eb28df94e1b6330c8256de39d94b5a772e83

  • SHA512

    99e9f24ffe81c093b7278b130d76377efd4c37a6bd8882729b25f87821433ee45247e3e441627786bf37b4331a366c41df66092f0653d6a4597fde3abdf14547

  • SSDEEP

    98304:6WE8PHm2xRsBxIhM3wuu1NzJxUMkQDmBziWl:6WLPG2DOJwb1xJ+Z37

Score
10/10

Malware Config

Targets

    • Target

      a4bcc3d83db92af30efb92b91c173fde_JaffaCakes118

    • Size

      4.1MB

    • MD5

      a4bcc3d83db92af30efb92b91c173fde

    • SHA1

      d3a18f9612dbc77563af00d4320b434f13b1384c

    • SHA256

      ed20ff85f5df587140e0780e16a5eb28df94e1b6330c8256de39d94b5a772e83

    • SHA512

      99e9f24ffe81c093b7278b130d76377efd4c37a6bd8882729b25f87821433ee45247e3e441627786bf37b4331a366c41df66092f0653d6a4597fde3abdf14547

    • SSDEEP

      98304:6WE8PHm2xRsBxIhM3wuu1NzJxUMkQDmBziWl:6WLPG2DOJwb1xJ+Z37

    Score
    10/10
    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $PLUGINSDIR/NSISList.dll

    • Size

      105KB

    • MD5

      4b0617493f32b2b5fe5e838eeb885819

    • SHA1

      336e84380420a9caaa9c12af7c8e530135e63c57

    • SHA256

      df3621f83e9d11be45e0e617b899c4ab0241f60ed56494e892dc449482058402

    • SHA512

      5c50cf97cd9a6c699ec7928a08f77f4eaa68105e87a974432e39b637f926f0df8a95ec19bd63465fc438a4ef6349398938bc8d7651de125d13ccab89d1d49143

    • SSDEEP

      3072:NIgAGTHvtyzvUnB26s2oZtX0Uzi/t6zhy9:ygAuvtRno30V/t6z

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      8cf2ac271d7679b1d68eefc1ae0c5618

    • SHA1

      7cc1caaa747ee16dc894a600a4256f64fa65a9b8

    • SHA256

      6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba

    • SHA512

      ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3

    • SSDEEP

      192:BenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XB9IwL:B8+Qlt70Fj/lQRY/9VjjlL

    Score
    3/10
    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      7KB

    • MD5

      f27689c513e7d12c7c974d5f8ef710d6

    • SHA1

      e305f2a2898d765a64c82c449dfb528665b4a892

    • SHA256

      1f18f4126124b0551f3dbcd0fec7f34026f930ca509f04435657cedc32ae8c47

    • SHA512

      734e9f3989ee47a86bee16838df7a09353c7fe085a09d77e70d281b21c5477b0b061616e72e8ac8fcb3dda1df0d5152f54dcc4c5a77f90fbf0f857557bf02fbc

    • SSDEEP

      96:JpmkmwmHDPVhklfSoRPB+YSvWvZckH69MSz00vQFHhAVvSGYuHnUNy2DCP:J+PVhYfSokvW2CsQFBAVaGdHnUNR

    Score
    3/10
    • Target

      $PLUGINSDIR/nsProcess.dll

    • Size

      4KB

    • MD5

      f0438a894f3a7e01a4aae8d1b5dd0289

    • SHA1

      b058e3fcfb7b550041da16bf10d8837024c38bf6

    • SHA256

      30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

    • SHA512

      f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

    • SSDEEP

      48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj

    Score
    3/10
    • Target

      $PLUGINSDIR/registry.dll

    • Size

      24KB

    • MD5

      2b7007ed0262ca02ef69d8990815cbeb

    • SHA1

      2eabe4f755213666dbbbde024a5235ddde02b47f

    • SHA256

      0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d

    • SHA512

      aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca

    • SSDEEP

      384:W2mvyNjH3rPnAZ4wu2QbnC7qB7PnrvScaeYA4CIDEge/QqL2AQ:/75w/OfrzB4CUxuQfA

    Score
    3/10
    • Target

      $_1_/Beasley.exe

    • Size

      11.2MB

    • MD5

      080243eb6fff40cfd90a7e17cdb74ba8

    • SHA1

      78ee23e1b8e74d814d22a4288fe31f3c1a5a5495

    • SHA256

      a3b12707957c0875e23c202cea0268981623760072b5f7780ff62fd435311c6f

    • SHA512

      ff765462a48f19aa0b984522f0507ef28c606117f44064a39c7e528906b94e88e23155a9af028d7d766cf9410481434af4afa40fe68b7e4ee73426b9275240d1

    • SSDEEP

      98304:56OwlI2RKvm132+y6gl70DNGyTuv+62VkYePy45nZGXzC+3ZYOx5nwtP:X6fRKvm13TyJ0DNwDnZGG+Jvx5nYP

    Score
    10/10
    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      $_1_/libeay32.dll

    • Size

      1.3MB

    • MD5

      4cb2e1b9294ddae1bf7dcaaf42b365d1

    • SHA1

      a225f53a8403d9b73d77bcbb075194520cce5a14

    • SHA256

      a8124500cae0aba3411428c2c6df2762ea11cc11c312abed415d3f3667eb6884

    • SHA512

      46cf4abf9121c865c725ca159df71066e0662595915d653914e4ec047f94e2ab3823f85c9e0e0c1311304c460c90224bd3141da62091c733dcaa5dccf64c04bb

    • SSDEEP

      24576:VD8B+KpPexB6mqwktXUcAVEaFQXhL0porIqo+Frzba:WKkmlktXUcAVEDhQporIqo+Frzba

    Score
    3/10
    • Target

      $_1_/ssleay32.dll

    • Size

      337KB

    • MD5

      5c268ca919854fc22d85f916d102ee7f

    • SHA1

      0957cf86e0334673eb45945985b5c033b412be0e

    • SHA256

      1f4b3efc919af1106f348662ee9ad95ab019058ff502e3d68e1b5f7abff91b56

    • SHA512

      76d0abad1d7d0856ec1b8e598b05a2a6eece220ea39d74e7f6278a4219e22c75b7f618160ce41810daa57d5d4d534afd78f5cc1bd6de927dbb6a551aca2f8310

    • SSDEEP

      6144:8EXfWSXFKIsrpivdM+kPsmWak8dfthPDP0wrE90k7DUT/NaDB7JlwScihgbX5/GU:8EXfWSVKIsrpivdM+msmWak8dfnPDPPz

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks