b37a186099300eeae01933b1c3a5093cd2771031f9fc87c24031a5aaf72aa6d8

Sharing

Copy URL

Twitter E-mail

General

Target

a7925bc5a02dddb5afa4b59a1753a6b3_JaffaCakes118
Size

7.9MB
Sample

240818-v3rp9aydmk
MD5

a7925bc5a02dddb5afa4b59a1753a6b3
SHA1

8117a836c85f741f89e18285a43fccc2fec72fe2
SHA256

b37a186099300eeae01933b1c3a5093cd2771031f9fc87c24031a5aaf72aa6d8
SHA512

7071f817b9cba07e36c40fa924973e519d85f0e316c63991de56821cc05f5a9e4e24923b750d7b4ae6d787a18700e236d7749b7c7e29713e7174a58b47ead9cb
SSDEEP

196608:sEQObOuKO/8/UR30NJV169FKMYPOnez8xHVf8b3s24N:3QybKOk8R3iVQ9FKMYPOe81ms24N

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  a7925bc5a02dddb5afa4b59a1753a6b3_JaffaCakes118
- Size
  
  7.9MB
- MD5
  
  a7925bc5a02dddb5afa4b59a1753a6b3
- SHA1
  
  8117a836c85f741f89e18285a43fccc2fec72fe2
- SHA256
  
  b37a186099300eeae01933b1c3a5093cd2771031f9fc87c24031a5aaf72aa6d8
- SHA512
  
  7071f817b9cba07e36c40fa924973e519d85f0e316c63991de56821cc05f5a9e4e24923b750d7b4ae6d787a18700e236d7749b7c7e29713e7174a58b47ead9cb
- SSDEEP
  
  196608:sEQObOuKO/8/UR30NJV169FKMYPOnez8xHVf8b3s24N:3QybKOk8R3iVQ9FKMYPOe81ms24N
Score

8^/10

discovery persistence
- Sets service image path in registry
  persistence
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/AccessControl.dll
- Size
  
  10KB
- MD5
  
  055f4f9260e07fc83f71877cbb7f4fad
- SHA1
  
  a245131af1a182de99bd74af9ff1fab17977a72f
- SHA256
  
  4209588362785b690d08d15cd982b8d1c62c348767ca19114234b21d5df74ddc
- SHA512
  
  a8e82dc4435ed938f090f43df953ddad9b0075f16218c09890c996299420162d64b1dbfbf613af37769ae796717eec78204dc786b757e8b1d13d423d4ee82e26
- SSDEEP
  
  192:8SEWBGgiJM4LN+xq56XdNcNz/NWdlJmlyOcROQ:8SEPgii9KTzyt
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  c10e04dd4ad4277d5adc951bb331c777
- SHA1
  
  b1e30808198a3ae6d6d1cca62df8893dc2a7ad43
- SHA256
  
  e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a
- SHA512
  
  853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e
- SSDEEP
  
  96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/registry.dll
- Size
  
  16KB
- MD5
  
  24a7a119e289f1b5b69f3d6cf258db7c
- SHA1
  
  fec84298f9819adf155fcf4e9e57dd402636c177
- SHA256
  
  ae53f8e00574a87dd243fdf344141417cfe2af318c6c5e363a030d727a6c75d1
- SHA512
  
  fdbbedcc877bf020a5965f6ba8586ade48cfbe03ac0af8190a8acf077fb294ffd6b5a7ae49870bff8cacd9e33d591be63b5b3d5c2e432c640212bdcd0c602861
- SSDEEP
  
  384:Bl1fUuJHxreh2OatbswPCr64oLchV0oLQYYfVB:BlBzHxrehKbswK2TchDLQZfVB
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $R0
- Size
  
  145KB
- MD5
  
  c6ea9a44aa4bfca7d502975933d910d2
- SHA1
  
  44438cef9174c15c3ebd7ca984681dc9ba2ac0c0
- SHA256
  
  0b2ea5cd4012df61bd386b78490c85e7cf104ecfd71c94fc33dc29ea8b8167aa
- SHA512
  
  93f877bc6e5e1d231f762a7f9e07b481523921105cc7e4138529b6dd33cc7194bc900d2ec658a63fb5ed39571196c8dafb0f9bd3a6d315bf77e14aeb73cb897d
- SSDEEP
  
  3072:qnHQKir2URBZu3AHW0hi2nhQZ87zlP6I6oPwvrzo42zxb/9q:8QKBOu3ARVhakovfGzx
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $R2/NSIS.Library.RegTool.v3.$_49_.exe
- Size
  
  5KB
- MD5
  
  1f694e53532eb452ce7ae7f4523fde76
- SHA1
  
  59609431a30f3a01aa07003dd09e9600961fbc2f
- SHA256
  
  13e8d49e4729e2e6f71956770582c1ec2b632068a3cc9eb8fdc7a3428bab151c
- SHA512
  
  046334e0ea75227938c706c2fa7a7ca64cc10433eeeb1835a045f5a079beceb1a059e44f348d2f1d6e2797de966c3004f3a9c37b78a1b18c90fb851edeac38f9
- SSDEEP
  
  96:GFw199Edyn/3sxi2sS8HVrqbdC9Xh+MClQGZ56:D19CgfsbsS8HVWbd9XlQGZ5
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $_20_/WebServer/index.html
- Size
  
  4KB
- MD5
  
  ca683c04ae9c615ba40bfb51061de848
- SHA1
  
  c5651f3bbc1e003899188a3f4eea4e3d177529d4
- SHA256
  
  28ad2f9dffe4b6e14ec6936e01a9777801abba9a99a9a4aae7d0acf80b889e57
- SHA512
  
  357464b75c66aac10a26632eaa2465140aef12c33c5222155a4cd7ec2dbb0906b46040334e6c83d5548c791c16d1255dba2153f7b466cc9de0e9ff642b1f6dc8
- SSDEEP
  
  96:pIcURAfmqjte7w//i1YqtR4lNlRlVxqkrL+Y5bi:pIcU0z/i7tKlNlRl+/r
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  DefaultSettings.exe
- Size
  
  17KB
- MD5
  
  7b3cb2fc1fe9e417310151c195a097ad
- SHA1
  
  c71390aa5c29c3880e92e8c8fa38b0c1903b6789
- SHA256
  
  0d6a0e8063353663c2f1a626a0adae557e3a1f031b9c6882195638d0043780e8
- SHA512
  
  ea416fae48c779326c4a83e64690775af7d82580578536e7f9e6c65f42455fccaf96038ff70a91d88b37e3b60ec4d703ad9a671f29307c882f391d9a63189295
- SSDEEP
  
  384:tARdCy/MqlWAmQGgNJDNyCwG8X5TJ8W2zFj9AzUtJB2Jv5:uCy0qlZmQPN2p98WgB6UtJB2J
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Zoom Player Install Center.exe
- Size
  
  1005KB
- MD5
  
  c14467b3751ed93ba93ee33317e77bfa
- SHA1
  
  87a7557bfd78e988db30dcaebf3943cca42a40a9
- SHA256
  
  46476349575456a05fd07c7d1ae17028978d208b6d91036e9bf55b2cfb6262d1
- SHA512
  
  a984ab325f1820278e9e463772cb7fa63e6b88b747fc7312b1656174e283752ffc5f3ec3ef7a8b11709e5946c1112798102b27807a53b9d7843b4c00fcaf45fc
- SSDEEP
  
  12288:BsYmWJ/bBhlm2EpWTHC+c1WgnXuC/cKln4U/ySgqIGhZCsZUA28Ag+beVJGx8/C:B2ahlzEpWZc1L5blHKsIGXzZUIGi/C
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  zpiconlib.icl
- Size
  
  1.4MB
- MD5
  
  a4ae0584377e937aee71c967fdae702f
- SHA1
  
  83897f4087e4a89ebd75bd9348dd25cd3a6a3b77
- SHA256
  
  7a47e2b2c5a53f6b71dac8c86bbed9cfc814deafb773de792160e829653932ba
- SHA512
  
  44f7ba33f757868289e029897800267815a94d6bed6cde42d5d6024b3d44d5fa62fa6f22442fc99748d08ebe0840a724dfcf890af1f42b70d37947dd56991ff2
- SSDEEP
  
  6144:PG0OVb9hjFKAk2Qwpg75vpYSYpAioLJoGqVk+5nU7KbVFnRdmP1Xc0ssjrZ71maB:u0yTjFKAkT0drx6b
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  zplayer.chm
- Size
  
  714KB
- MD5
  
  9cca8b55ff303ff7d7560b5288ae3f3e
- SHA1
  
  547865eb1a0987f7ab9c24951103a62f7c4e7bc3
- SHA256
  
  21672718f0b9ca646869da1bc56844d269e4632f57fe19674395f756cd802ce9
- SHA512
  
  1cd8f0fdd6f9b0754ef176c493b2c1321aa80a1cbf716aead749864836bda4c803229e9325c44cff6f9605fae7f924f5491513d4588e4cb5534ff9d7840a3636
- SSDEEP
  
  12288:aoyvW0/95zyZc0VixVntcCCWE7XmsG7D8bAoGG6fN5Ad43bnU87x3XC0a8QWd:aVWA5zyCFxXbCD6sGZLfN5CqbnUmx3SA
Score

1^/10
behavioral23 behavioral24
- Target
  
  zplayer.exe
- Size
  
  5.8MB
- MD5
  
  085b0f0fd92e666d1e851ecb6dbe3229
- SHA1
  
  537622db3f11a2d47224ba467cb128302483dfcc
- SHA256
  
  c02a5821239248849eb96e87081b785ef7e4deeda1d3e6400b4887cd67fc6e4e
- SHA512
  
  f56734a817628f6204edd81f971f7a98f507f6c513941175f932136baf6236a78960a24b62d61c50cdacb749b6ebe99a09a9f7d9f5f90bb1b12dc3746afa9707
- SSDEEP
  
  49152:cEJpXl+vwoi5o9tdedtUezmwrDi5lebAbfbFyHAvflaOT9RQCF9Od/UU0RHMCPZO:cIXl+vdsPmbfpyHAvzCCFU70Rs4Z7a
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral25 behavioral26
- Target
  
  zpresampler.dll
- Size
  
  19KB
- MD5
  
  9451bc212d134d849686c1637ac9d13c
- SHA1
  
  e3576ac78f7c8d6d24a4f1611acfea403ba1ff20
- SHA256
  
  29bc71ec38d424a4ceca33b37dcba3da505468a1adf9178b6dfd97ed34c43d98
- SHA512
  
  765209196eefd50895701d9a4fce0be246d3907f454bd4e085a9e6e6043ad1474d4e797a9d942a29784acaa36d2803987427feb648127b3da3c73a2b7720fa9b
- SSDEEP
  
  384:PTueO36c51CHcoDy6P1UluLLwc5V1S2Y3uyIv4wUe7ixTT3evn/q:PTFG2bDy6NUlBc/1S2oZ7e7iRT3e/
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  zpupdate.exe
- Size
  
  45KB
- MD5
  
  dbece86d115510c10d5a7d6b99da0b79
- SHA1
  
  22bcad511be6008268f91fb785be6be90049a2ff
- SHA256
  
  8c1cd86ebba336d3f520ea9f7140f45c17af656eeadad5b08123e804ef242de8
- SHA512
  
  bd110b35e5ece0857a29e4d60cdefd9151a253383914fcb8e5f9003193e36024c90544a1c07bd68610b2d20ea56d12fc468ac34ad2774311e8308c6cd73be3fd
- SSDEEP
  
  768:XnyxqjcQjwyX8xgGAQLyXM9OmLqM0WwSLgIAGbiMVKUw4Gtt5Bhssh28x:CxqjcQrFBQ0XM81SV+ljhHx
Score

3^/10

discovery
behavioral29 behavioral30

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Sets service image path in registry

Loads dropped DLL

Checks computer location settings

Enumerates connected drives

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30