b53cf6fc4557b36bcab41cdb5aa3eeb060100a7bc606ef3c286892d71f8cb6f3

Sharing

Copy URL

Twitter E-mail

General

Target

a77eb00b271981d2a4564abdbb638dff_JaffaCakes118
Size

1.3MB
Sample

240818-vk4xvstgqf
MD5

a77eb00b271981d2a4564abdbb638dff
SHA1

f5a640e797d45ae34db10f76e4a6ef00705f8996
SHA256

b53cf6fc4557b36bcab41cdb5aa3eeb060100a7bc606ef3c286892d71f8cb6f3
SHA512

b49de25f564140fc20c4abc1e4e19d8f4ab76bfcb80ce68669396d8c3b00061fb6e4d6a38bbd57fa313c7c042aa3d65f2a2beff4e2d13a2c82c3aa363a2f9dec
SSDEEP

24576:9lytuvZRYnSzGfpg/BSAQiYMbc2eSygi1kHr8oGrwUGJ5HO:TphryOZS1NMbulkHvIwVHu

Score

10^/10

Malware Config

Targets

- Target
  
  HA_AimOneSR-1310_CZ.EXE
- Size
  
  1.5MB
- MD5
  
  3fca039a35130ed582b0352407640439
- SHA1
  
  60ca6624c519c2a05e063d86d43ab004706d660a
- SHA256
  
  27447cea0b88544d7343aa5040e344687f952f218fd054aae184677b9ed83ea0
- SHA512
  
  8dc8430b5d6a47915e0e11a70427d62946810b8b3feeab32f9dc582105bfe179379a175109cddcc8276feba422dcc959ab1798ce2feb0058916f8a30bab6bfa0
- SSDEEP
  
  49152:HPVrAI0y7cm3pa5RKvoVsgwTj3GLnm3paB:vyhcfpa5R8NTj3LpaB
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/delay.dll
- Size
  
  20KB
- MD5
  
  215c1893e3256fb90e60b7544034964f
- SHA1
  
  4095c6963194d5e0d738d0c7c2da2bd943c260f7
- SHA256
  
  020431d04975ec2742921e0ebc6d6c25d7d33147e23979945546e77ada25c27e
- SHA512
  
  7eecc83c8752b3531f7a1784aef055f7462f6bc186442012f7b75b4ce143160c1e4f317cb8927e8ad69bd9ef70ffecef5d4195025e5b058727567ad2c856dfb4
- SSDEEP
  
  96:PQ0iukkmFO9+R/ckkCN3jPp6OAVGsJ3s6E3qLlz:Pbifb105C5wOAVrE3qLlz
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/installoptions.dll
- Size
  
  12KB
- MD5
  
  1d5c649dde35003a618b9679d5d71b92
- SHA1
  
  0409bbab3ab34f8c01289cdd847b4d1a32d05b18
- SHA256
  
  0f4d3cee24e3f310fa804983c931d3628613988a24f0be7854f63a9309b8e45f
- SHA512
  
  b432ebcc52905662d61a3f17e08e209a3f9d836a9071b3b5e80070af7ebcf34cf66c44426dda041c2a258fda4787e5692e2b35acbcd73288fb84fe3c977bbfd9
- SSDEEP
  
  384:pKlm7i+c3QW6ckPhyDEaLnA2bbBBIXwZ:8qi8BcyhEhLBbbTI
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/killprocdll.dll
- Size
  
  32KB
- MD5
  
  83142eac84475f4ca889c73f10d9c179
- SHA1
  
  dbe43c0de8ef881466bd74861b2e5b17598b5ce8
- SHA256
  
  ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729
- SHA512
  
  1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1
- SSDEEP
  
  384:3rYz6grZodORNWATt4TBmlk5ooyzFh7BukAUdJoUtSOSR:3QggDWATWNCFh7BNddJoxO+
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsWeb.dll
- Size
  
  8KB
- MD5
  
  84bcf3c71e70d5a6e9dc07d70466bdc3
- SHA1
  
  31603a1afc2d767a3392d363ff61533beaa25359
- SHA256
  
  7d4da7469d00e98f863b78caece3f2b753e26d7ce0ca9916c0802c35d7d22bcf
- SHA512
  
  61aefa3c22d2f66053f568a4cc3a5fc1cf9deb514213b550e5182edcecd88fadf0cb78e7a593e6d4b7261ed1238e7693f1d38170c84a68baf4943c3b9584d48e
- SSDEEP
  
  96:9E1ZgHfHizBkiz1zCuNrwXTP8Jx/N6SCMeNV37bnwXwPML/bUdut5tCsPb2N6nOc:9E1ZkGdbiSCMeNN7LwAY/gd+Oc
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsweb.dll
- Size
  
  8KB
- MD5
  
  84bcf3c71e70d5a6e9dc07d70466bdc3
- SHA1
  
  31603a1afc2d767a3392d363ff61533beaa25359
- SHA256
  
  7d4da7469d00e98f863b78caece3f2b753e26d7ce0ca9916c0802c35d7d22bcf
- SHA512
  
  61aefa3c22d2f66053f568a4cc3a5fc1cf9deb514213b550e5182edcecd88fadf0cb78e7a593e6d4b7261ed1238e7693f1d38170c84a68baf4943c3b9584d48e
- SSDEEP
  
  96:9E1ZgHfHizBkiz1zCuNrwXTP8Jx/N6SCMeNV37bnwXwPML/bUdut5tCsPb2N6nOc:9E1ZkGdbiSCMeNN7LwAY/gd+Oc
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/startmenu.dll
- Size
  
  6KB
- MD5
  
  5aae8598d8b53bcec81d8e8c8a6732f9
- SHA1
  
  d071fcc74a107c7d7bc5a493d305b00976b07464
- SHA256
  
  be3f03c07be54354b8a9a30a8c0ac384f43c245c9b95ed1025549c76642f3fb4
- SHA512
  
  d20af152b9d1903cd9cd0ff584f14f95ee69cd7149c9ef9369257d08659d1a7ab5860055b39ebd0ead67cfc31da2571175623a5676116ce999acea2b7a643c1d
- SSDEEP
  
  96:VLJdRZk8OkmE+WHw0FMXF6CWhFxKpKsBQhEfP0:VLjPk8OT30FFAmCP0
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/system.dll
- Size
  
  10KB
- MD5
  
  4eff5fafd746f5decb93a44e3a3d570c
- SHA1
  
  a11aa7681b7e2df1c7f7492a127d332d1495ea8a
- SHA256
  
  cf61ddd15d63c25a12caee70f51ea736cfc02195c42e56ee01b33f689d3754c5
- SHA512
  
  cde82d2a1f28506e4c2264f6b82017a00af32f138ebcdbaf4cc58463870fa626f708aa57465294c5a6f096c886841e7b9112b85bf3ea2f1d8f2da816b51b2d72
- SSDEEP
  
  192:0OycJo/rJVCmIDNLU0dq5RD00lspbub76yL:6/QQ0d0RD0USq/6y
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/textreplace.dll
- Size
  
  6KB
- MD5
  
  2c50b9443f7964fcf3a3cb8e9d05aaae
- SHA1
  
  16221ad7e65e696531408875cfc9a1e1cdf2c33d
- SHA256
  
  023334022250071efc6bfe5fa67704ea971eb0007fda9c4b9fb92df16cfde29e
- SHA512
  
  4d6ea4141a68140f93736703428cd44962234c314e40dbfb11390bf3aa191fcea057c22e5a34422fefafa19d499cf50381160212986cd4e5a7fdf027f7f4a0a3
- SSDEEP
  
  96:VyGX30PlRxQfRCPnaaF4hWJYd4DgxiBRVlYv:cBlRufRCPaaF4pd4DAiBR
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/time.dll
- Size
  
  11KB
- MD5
  
  4b1d347d9274af9ce986fc94510e8bfb
- SHA1
  
  fa433988760655a97ed44dbfb705ddb72d241569
- SHA256
  
  1c95542372399593b4140b4c86385a441a095546954cf237cda3d09d14354d70
- SHA512
  
  577f1142cc8085a52347fea505c8d1eab8b2c429238899ff63ed94d2e6fb1662ab3ca9f7b68f7454ffac43c525ae4de58c9bbd9a8b2ce7d6c481d96b72859dc9
- SSDEEP
  
  192:oNLwTnfu/972naHpZnasamcn/baTa5YbveFumiBRWpA/E:oNLwzuZ2afa7mcn/+W5YzMcMp
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  $PROGRAM_FILES/Baidu/bar/TempData.KGB
- Size
  
  584KB
- MD5
  
  0c8ed82bce60e5e2860d9daa28289267
- SHA1
  
  5ea9dcfadc426463c51e0abfc736a42dfc31f3e9
- SHA256
  
  89bc3949eb1ab805b49f2699f0623796997ba7bf0f5acf9402f90ae5cd630d13
- SHA512
  
  2a6b90d1ee12d88a9866b774de5b52b329beebbb9ce0c1655455020aeaddd0824cd3c38804e76f777b81fa5b149744b392ea8f904ba2eb71c6db779a0ef85830
- SSDEEP
  
  12288:iIS8w5m7/8D9eaX2E4M+j252A2dITSfHe:iIAwwx4M+i52+
Score

7^/10

discovery
- Loads dropped DLL
behavioral21 behavioral22
- Target
  
  $PROGRAM_FILES/Baidu/bar/baidubar.dll
- Size
  
  584KB
- MD5
  
  0c8ed82bce60e5e2860d9daa28289267
- SHA1
  
  5ea9dcfadc426463c51e0abfc736a42dfc31f3e9
- SHA256
  
  89bc3949eb1ab805b49f2699f0623796997ba7bf0f5acf9402f90ae5cd630d13
- SHA512
  
  2a6b90d1ee12d88a9866b774de5b52b329beebbb9ce0c1655455020aeaddd0824cd3c38804e76f777b81fa5b149744b392ea8f904ba2eb71c6db779a0ef85830
- SSDEEP
  
  12288:iIS8w5m7/8D9eaX2E4M+j252A2dITSfHe:iIAwwx4M+i52+
Score

7^/10

discovery
- Loads dropped DLL
behavioral23 behavioral24
- Target
  
  $PROGRAM_FILES_COMMON/NSISLog/Lang2052.DAT
- Size
  
  392KB
- MD5
  
  6f7c5b0aa8efb062cc3bd02a322111c3
- SHA1
  
  204fc1afe73a9571ea833787b2259cc84bb59781
- SHA256
  
  ebc13d0a0e033ba82d6dbfacc1152fb3d9b7d3ee4836f1da5833a0c13ce04c5c
- SHA512
  
  1acf42eb0dd3daaeb0cffb589c15844790109bbfcc29cd353a1cfed11f846c4b817342b62913589707c9e1888d22f613b4a341ff403f46393ff39717c2a09106
- SSDEEP
  
  6144:WpSRTGEOMVBT5IpP1JKTHyjaymgiOtwNSF6Diukeg0kJ8XvaG1ynqmcI6:W6OvgMmPjc6DivTJ8/aG1EqmA
Score

8^/10

adware discovery persistence stealer
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral25 behavioral26
- Target
  
  File,Diz.ThX
- Size
  
  59KB
- MD5
  
  e61a7d645be1ecf477768a5692dab291
- SHA1
  
  6d16b732f64c1ece53b977879abf4475e92df54d
- SHA256
  
  1416265d1190c73ef32f7ab8fee94f4db3d65b889eb1e47d20e349b5dc004040
- SHA512
  
  4916d34e432509f3455c3dcac37697bbccad164e892f4b6aaf3f20773100aa78ae1c39a43b0d11aa6d966e888c0aba4a3fb4b06e847c7719a377904439e6f95c
- SSDEEP
  
  768:HhZIoeO3J/tU/zs9ZFgfAKRxMZxfha5JZespJ4cg7uhmHjhGY2ICoYQPWEiuTUCz:zcOZ/tU/zfIgE3Hu0jXbWuwC5t
Score

10^/10

discovery evasion
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Loads dropped DLL
behavioral27 behavioral28
- Target
  
  Lang2052.DAT
- Size
  
  392KB
- MD5
  
  6f7c5b0aa8efb062cc3bd02a322111c3
- SHA1
  
  204fc1afe73a9571ea833787b2259cc84bb59781
- SHA256
  
  ebc13d0a0e033ba82d6dbfacc1152fb3d9b7d3ee4836f1da5833a0c13ce04c5c
- SHA512
  
  1acf42eb0dd3daaeb0cffb589c15844790109bbfcc29cd353a1cfed11f846c4b817342b62913589707c9e1888d22f613b4a341ff403f46393ff39717c2a09106
- SSDEEP
  
  6144:WpSRTGEOMVBT5IpP1JKTHyjaymgiOtwNSF6Diukeg0kJ8XvaG1ynqmcI6:W6OvgMmPjc6DivTJ8/aG1EqmA
Score

8^/10

adware discovery persistence stealer
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral29 behavioral30
- Target
  
  asfcore.dll
- Size
  
  68KB
- MD5
  
  69f8c3472bfa2a80da883c94670cdb03
- SHA1
  
  2f7745650b0bc1126847b4e056b0e92a6649964f
- SHA256
  
  434048fa63c455a1082e269aa1386c4828980fed6bda82d730a877d6c2240da5
- SHA512
  
  cd50664414a148efa47360e89b80181b76d7da2018ad93d1becf4db73d0e994c0bbc6c157bd3a6680be06c037bd6a800840eca07b4438740d2271090c2013528
- SSDEEP
  
  768:W3qHxFoPGyt4ZRW4cAwg/jTuPSsxQxP7r4/0ZxUoNGgQjn7abKHZUl5in+:W3qRFstEc4jTubaP7r80goNSnralU
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Loads dropped DLL

Loads dropped DLL

Drops file in Drivers directory

Sets service image path in registry

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Installs/modifies Browser Helper Object

Drops file in System32 directory

Modifies firewall policy service

Executes dropped EXE

Loads dropped DLL

Drops file in Drivers directory

Sets service image path in registry

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Installs/modifies Browser Helper Object

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32