174bfeae6fd9727394db8589004b3697300f31c0901f1405489e002e1b24db03

Sharing

Copy URL Twitter E-mail

General

Target

afe4b586a33de273005809d401822359_JaffaCakes118
Size

655KB
Sample

240820-tjee5svekk
MD5

afe4b586a33de273005809d401822359
SHA1

3fdd9692f0732ad49e33782129b957a3354c78eb
SHA256

174bfeae6fd9727394db8589004b3697300f31c0901f1405489e002e1b24db03
SHA512

16a350599722381de330a191f3f91dd3d0ba3c73fae7892df858f04e762f4342c730b1851d3b6026c9fba7e710356f8924057aef5b543cd19462dd08438c9fef
SSDEEP

12288:Xck0M41v5UJzb/ef6nyai9hbogwa7ht7z1sjACmAw18sarRgK:XctMeAz7utogh7hpz1scB1aV

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  afe4b586a33de273005809d401822359_JaffaCakes118
- Size
  
  655KB
- MD5
  
  afe4b586a33de273005809d401822359
- SHA1
  
  3fdd9692f0732ad49e33782129b957a3354c78eb
- SHA256
  
  174bfeae6fd9727394db8589004b3697300f31c0901f1405489e002e1b24db03
- SHA512
  
  16a350599722381de330a191f3f91dd3d0ba3c73fae7892df858f04e762f4342c730b1851d3b6026c9fba7e710356f8924057aef5b543cd19462dd08438c9fef
- SSDEEP
  
  12288:Xck0M41v5UJzb/ef6nyai9hbogwa7ht7z1sjACmAw18sarRgK:XctMeAz7utogh7hpz1scB1aV
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  9KB
- MD5
  
  ae182dc797cd9ad2c025066692fc041b
- SHA1
  
  7ee5f057be9febfa77f698a1b12213a5bbdd4742
- SHA256
  
  b214f6d6c4d27f749105f7e8846a7c2d475dbcc966876370b5a7dab6e4b8a471
- SHA512
  
  2a9a200d067df47638a86f4f058c6d78fb59bd064c65650cae5022a62a3714e33f93f6af1dd599fda180d5af18f432835a1f909807f4fb459aa9d6c24e3fbab7
- SSDEEP
  
  192:SVS+6oMnQ5TWgWsMI4R5Or5nQU39FmeknC:S56oMQ5TWlbI4RS/F8C
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  a379ffb9785b333e5da4dee69dfd8f27
- SHA1
  
  7f1eeda2db94481e134ac09f0f8c7531b84e9890
- SHA256
  
  e09e0cea3d7624a438fe4e02df230e995dcddcd9909080d883b107a7137b471e
- SHA512
  
  c868a9b6038bfdb40aff1c067fbfdddad58fdae798c282a0bfb59133329be1744544041a71dd1ae222ed5d6e4e4c1801a11e7caeef7a4dfda416520ef2b10f38
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $SYSDIR/NetSign20.dll
- Size
  
  265KB
- MD5
  
  f221226df4c526b87749ce4a74c4e3d0
- SHA1
  
  e9fceedb9832840fe3dda88646ece0da2099a329
- SHA256
  
  a62cb15a4925525afe10ddb49bc45de191641d66b8250366f2cbc5911a34c91f
- SHA512
  
  318b6add6570ac1c5788b2bf3e4756bd3ba16e1a0dd3528623bf302018c66f367a55fccf0eaf575097a8543f4462e345ab7917bf56d0307e6d19935d3a25969e
- SSDEEP
  
  6144:nuNAq4/bRzbv4/5HL0oR7o9ifTBducyxYuQ:nvpjRzbv4BHLLR7HfTTxu
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $SYSDIR/NetSignRes_C.dll
- Size
  
  17KB
- MD5
  
  7d91a10edcec6bdaa154f99cc52a753b
- SHA1
  
  0399cc55f00b8a437dfb254a3084f9133e4514dd
- SHA256
  
  63f8612f0a4a3bf90c580d0ce8bf79f7a3b7ad2e25ac59b6a72c78da27d07b3a
- SHA512
  
  edbf8fb4a32e00f75d599383b4dd9205720c529453a633f3b9374083bfa45eb6e46c079fe7024fe5e69a1eea7f0d3c9d641de778d92f8ec94cb6c0f6b0adfdbd
- SSDEEP
  
  192:SunzayyowJL/aMjGwP78MZoDv+ebMIW8M5:dnzayYJLWYoDBbZW
Score

1^/10
behavioral10 behavioral9
- Target
  
  $SYSDIR/NetSignRes_E.dll
- Size
  
  21KB
- MD5
  
  8465e976980151d15f3ee517b28c66e0
- SHA1
  
  bd8dce04083e1883caa8bec5d8ec11c6cfc20e0f
- SHA256
  
  e68c3e8d595ebf35a481174e7e21da36c3cc05aa66ddec7fb800fd0b53dd2551
- SHA512
  
  53c71cab01ae90bc2e7874e5d01ada56517493d95c194c24afede8d7595e873b65450e80d8c28069b51414cab5b38e5164ddd64002e96deb88c1489bc7b89bde
- SSDEEP
  
  192:AR1QituqgXVylOj1lVzf4yowJL/aMjGwP78MZoDv+ebMIW8Mj0X5:AR19gqgX4lOj1lVsYJLWYoDBbZWq5
Score

1^/10
behavioral11 behavioral12
- Target
  
  $SYSDIR/OnKeyCSP_hkbeas.dll
- Size
  
  6KB
- MD5
  
  d5d3d646e993958e5bd239083cd16c29
- SHA1
  
  876c29691351506ce9fa0a98d25c4861faec1ae4
- SHA256
  
  c13d03ca44f28a61d30557e29c5b4fac0b79a13319668ac25576589e12361a9e
- SHA512
  
  f75c6eeb4254ee671e1dfddac70cd68f9129d5ec76c83833052e03006a032948a9102e49961cb70a7aa1ad3111c87ce883547ed40d1b7a82cb6b8461410cadf0
- SSDEEP
  
  96:qR7ClSUFFUkYvk/iiN4YxWUkiykZZzb6nWzZVEbg:qlClJX6iNJuaD6MZV
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $SYSDIR/OnKeyCloseSvr.vbs
- Size
  
  244B
- MD5
  
  f9a87ad487d200353f1f2cba71fe24aa
- SHA1
  
  cefb50656b358d69a739ec86a327bf8050850aa2
- SHA256
  
  ed70d3fda8470a26438b354797bc95034ea60ebb32897c1540dd1ff2aebe7cb9
- SHA512
  
  a05a4216d101b37a9c13fafcb179ed048a67370e17814ea7f9b632644924c49eaeb8877f07c73e3a13318312d7a8b2e0dd156bab5d4ddb844741b23f2a77df93
Score

1^/10
behavioral15 behavioral16
- Target
  
  $SYSDIR/OnKeyCsp_hkbea.dll
- Size
  
  76KB
- MD5
  
  acf48e954545272a2da906596e3810b9
- SHA1
  
  ba1138bdfbff28e29bdaa5fa9d1fc7872cbe44d3
- SHA256
  
  738cc797c48f1c7112e9be886ce81e337f5737f82fce5da9aa1f3d690eca8be1
- SHA512
  
  5efefc73fb3450b468cde0e25496e43f1773aaad7e4654d393122e5ebd57e983b6b216c73e7f87b838e1a88b0d9d8c619461e641aec60dc4eb24a291c6862a40
- SSDEEP
  
  1536:AyhFfDSe7C0zLHQqScoLWeKb/1lFixW8uqCLfBqiGly9Q:AkFskHPScPe+FnDAHlyC
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  $SYSDIR/OnKeyDev01_hkbea.dll
- Size
  
  84KB
- MD5
  
  5252f4e53bb0acad2f33b73d2034e38a
- SHA1
  
  7e7c9e723203545703ad57a4f9b982fd125cb289
- SHA256
  
  11b88811419b63a0fba67bdf86b02e1710a2848f8043bf880c861860db5594fd
- SHA512
  
  5a3e0b235306ca4d1863eb7e6248520e825d60bd707cfd98b4c71c4765a2074686a49f1582fe552080d9f7b3be12758683f4860486f56550c6385d6d452a2aaf
- SSDEEP
  
  1536:Il1U7Njvpv4lSWdIeUTkGrY2xjCCsZE4RC641l/dlY:Il1U7xvpwlBz2kCMzE6Ml/dl
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  $SYSDIR/OnKeyP11_hkbea.dll
- Size
  
  68KB
- MD5
  
  38a95e1dfc3626eb0f9269dd1d31cc44
- SHA1
  
  9e7d30803ac966df6fade1dc2216ff1de5983473
- SHA256
  
  4f5a88bb302ce5b6d49695cd81550a1a9bd898cfbab3f2f1336b5c15bf666b0f
- SHA512
  
  e9148e7474dc691334a1bb92c7b99247cd3f8fe43f5701c089a67dfbe407a1ce1fb0a562b653be1d76f84b6022610fbd8e2dc421396d6c14398784935605fecd
- SSDEEP
  
  1536:j8m+TXfnjJT9kwxPbKhCEL1kkTLdF1OLCeudwDc:j8xTXfnj7ksKhCONTLdGydwDc
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  $SYSDIR/OnKeyPinpad_hkbea.dll
- Size
  
  256KB
- MD5
  
  f48f22901cb45e61f48eb204cdcb09f8
- SHA1
  
  5272425d0a2d4b8f80dc816a7952ff94801f3fbb
- SHA256
  
  91f0c6b57d1bc2ef4dfb31d22fb96443dd8ce6629612bf0eb47f48b2a4c3747e
- SHA512
  
  fec934dfd18e4f95ee7b69bdaafc38873c2fe86a5cabad60b5b1473f20ef7cd1b10adc1e874c432baf175f415375b1e7d8a9aa56fd560c8b34494d642e1dd86f
- SSDEEP
  
  3072:iIHRfxBDe8a/dmvNjRBbj7U36H44dLN6y9QbBiCZ/1QlBownInmnh2:1nReZ+jRN36cdLNvEsCZ1wIM
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  $SYSDIR/OnKeySvr_hkbea.exe
- Size
  
  44KB
- MD5
  
  20f5d1f7ba08533c92401165be344d18
- SHA1
  
  c3d6076a230a0d80615f7a02dd6b60e978b0957a
- SHA256
  
  2c6e443d77b5f58a88f08d358c315f6f69dbded467036ed8304cb6f3a30172e9
- SHA512
  
  7c366f66f473ed614b08fcbf3089b7f5dd01f660b61d2fb81caf59ef0e5f0158d7c736b06e7df77b18d3195792cabe4b356c3267a8ed7ed40f4fbb06eccf8c04
- SSDEEP
  
  768:rwWKqMp2URMIs+tBNwv7aVfxCO/hlUa7ilwb:rwDxuIZNwv2VJmxlk
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  $SYSDIR/OnKeyToken_hkbea.dll
- Size
  
  444KB
- MD5
  
  12f311ee75e4f0979cfff4196ccbe744
- SHA1
  
  d0ee376512685e1a3485400a2f25558795bd2a6e
- SHA256
  
  101e5ceb65dcfb72dc523f0c6033ba92b4f5b830e851385545ac6c45788800b2
- SHA512
  
  0c80163c09b5f8e559eb568cd9dfd5e65548c207116cfc5417ca2d130288d1770709f7b5bdebf521a1b1272ecaa378ab71e286ae58e9f0f68013b1d0c9e6df00
- SSDEEP
  
  6144:wHGPXgn2lsxwRolKHuoIjPqFGL08zxUvfWLIKx9uT6z2:wHC8Ei8IjPlUvf+Iy9z2
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  $SYSDIR/OnKeyTools_hkbea.exe
- Size
  
  380KB
- MD5
  
  67cf4d210be05a6cd27b701862f45073
- SHA1
  
  784ea84b460e1f3e7b499be6cb2f4c89fd7ead56
- SHA256
  
  88e71939be71ffe61240183af69742dbbcababb14867ecd06bb4b9097f201ee3
- SHA512
  
  cd05b48cfaf367c33048b1d641b49b81b7ab1252551775ec0889c738cb32238cd9e2d48c63bbbc73237d888af314c04ab519ba2d84731ed8726fc3b6dfd4e6e5
- SSDEEP
  
  6144:qyhXP21LWsJAR78kTFxyzQWPCDD7FpJpCoWA63nOVQBqCGw2Be55aH:bP0JJAR7dTFQzQ8u7FJDWF7wpE5
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  $SYSDIR/TdrCOM_User.dll
- Size
  
  101KB
- MD5
  
  4fc98298e7df827e95375d118a89f042
- SHA1
  
  0433546a4533d7dde8060019acde2c6e8c6a913c
- SHA256
  
  aff37309467e62efed2c830d83800c4ce7e46151d9d85618f131de5032ab89bf
- SHA512
  
  0143641dc2dd3e49cdb32f2fac11c22c426729afb123ad6657ad7ee4ec5e9fedde36928b7ab5bf7ab7f858ca9aebb238cce6a59ad3705d09c453b40bb9559055
- SSDEEP
  
  3072:4Xfk9fmvnCHY56+dzu5InXqldDh+n0e5Wc:255H/y4X5t
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32