c49f0320eeab8dd644ba344a2039b4de48a26ef77c05eb069721477f0cd182ba | Triage

Sharing

General

Target

b33e75eee001379c213f4b9a80863791_JaffaCakes118
Size

1.8MB
Sample

240821-nb2yksvfnh
MD5

b33e75eee001379c213f4b9a80863791
SHA1

b8e7e5be463293023b141ee13fd2a73c3c224731
SHA256

c49f0320eeab8dd644ba344a2039b4de48a26ef77c05eb069721477f0cd182ba
SHA512

dc6c532fbf796704c4e53d4db775b2e7b33a6189ce157878fbef558a19346ec0d95beb927a8232485f74847c05b80f58aca25658d9548e5ddc18b0d01cff64ee
SSDEEP

49152:y0GAdYjF3hm9Y74R+rVuFhi9xj+wj2z4ThqYe:hdophmlR8LxjPRThDe

Score

8^/10

discovery persistence upx

Malware Config

Targets

- Target
  
  b33e75eee001379c213f4b9a80863791_JaffaCakes118
- Size
  
  1.8MB
- MD5
  
  b33e75eee001379c213f4b9a80863791
- SHA1
  
  b8e7e5be463293023b141ee13fd2a73c3c224731
- SHA256
  
  c49f0320eeab8dd644ba344a2039b4de48a26ef77c05eb069721477f0cd182ba
- SHA512
  
  dc6c532fbf796704c4e53d4db775b2e7b33a6189ce157878fbef558a19346ec0d95beb927a8232485f74847c05b80f58aca25658d9548e5ddc18b0d01cff64ee
- SSDEEP
  
  49152:y0GAdYjF3hm9Y74R+rVuFhi9xj+wj2z4ThqYe:hdophmlR8LxjPRThDe
Score

8^/10

discovery persistence upx
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/AdvSplash.dll
- Size
  
  6KB
- MD5
  
  c152aaed8394cc372b720190af65f73a
- SHA1
  
  ac6c786c054193187d1fa63712538b5cd8219cb4
- SHA256
  
  db15e55dee9f7798e72a6947f3d6abe09fb6fbfc122b11ac7d425dc159cab50c
- SHA512
  
  0e3cf9be421ba729a0597f274b1fbdc4880a45af84d85ba215700e415ed195752a12f2ee68d510d2dca449e131c449e4783ab2c4ff870e0d33859c919bb9175e
- SSDEEP
  
  96:vQNyX2PtUZsMGe3SlFaqqhN51xWa5kkEkk/StCSwookyc:vFXYtxWSf61vk/kkStCSRt
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  4fbb4a2cd711fc1fe84f3dc30c491dc9
- SHA1
  
  888e01ae6e64e7326f88df9a30587f699eab154a
- SHA256
  
  c3b05f4faf5e8903d5b4cb4a8ce4bbf2e8144725b98d8787d51c117b6efa9bc2
- SHA512
  
  92dcf99672a5935065df6492e27abb653679f1db6dcddfde87cd14260c94a870327826b23cc2f338381b3eb53d07c1a3867806f6ff94533db5195b895a856847
- SSDEEP
  
  192:CO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1argMO:XKAFERdlxhGRYUzqZar
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $TEMP/install_flash_player_active_x.exe
- Size
  
  1.5MB
- MD5
  
  4c223aa3e559e2e88da3bb43f3604d20
- SHA1
  
  a6d0f099262e9e7b9289b8a7bdcfa550821584ef
- SHA256
  
  3896ac00208eebea9f62aacf09ccd7324fe86048bfbb20740b72c3874615878b
- SHA512
  
  5f0c9721ad857990ae6d9420080cee0d39df70a15e07520f59682cf1a137409923e3ab4e8c0f2c27b280cdb0ce936223adda167236131981aff35830beda69bc
- SSDEEP
  
  24576:3hgT1P7mw7Tc+cwff55v1zHX6mVQq1Ci5dlRR+sj9xDGr4KOaJi494+jU/9SIrxC:xgTzZXf5f36mVZ73R+99FWMIrxj+jYu
Score

8^/10

discovery persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/NSISArray.dll
- Size
  
  17KB
- MD5
  
  2b8574f6a8f5de9042baa43c069d20ba
- SHA1
  
  07959da0c6b7715b51f70f1b0aea1f56ba7a4559
- SHA256
  
  38654eef0ee3715f4b1268f4b4176a6b487a0a9e53a27a4ec0b84550ea173564
- SHA512
  
  f034f71b6a18ee8024d40acd3c097d95c8fd8e128d75075cc452e71898c1c0322f21b54bd39ca72d053d7261ffbab0c5c1f820602d52fc85806513a6fe317e88
- SSDEEP
  
  192:YAFuV2Ow8mbPNnDSnYJly4RX+VGeSDlsGUlyGaWNn3B3/WXZWsQs5PaqJ7En/5U3:YA4V2Jb1nDSnc+Zos1lP6Suhe/q9l
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  16ae54e23736352739d7ab156b1965ba
- SHA1
  
  14f8f04bed2d6adc07565d5c064f6931b128568f
- SHA256
  
  c11ffa087c6848f3870e6336d151f0ba6298c0e1e30ccddf2da25a06d36a61fc
- SHA512
  
  15dbfcdc5dc34cb20066120045e3250f8df9e50b91de043f2ada33ac0235907d98668e248828a7ed9c75e25dfb5103b7248867530ce73ee36f6a35c30b4afa9f
- SSDEEP
  
  192:HO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1a8gMO:GKAFERdlxhGRYUzqZa8
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  68d73a95c628836b67ea5a717d74b38c
- SHA1
  
  935372db4a66f9dfd6c938724197787688e141b0
- SHA256
  
  21a373c52aaecce52b41aebe6d0224f53760fc3e5c575e821175eee3a1f7f226
- SHA512
  
  0e804deab4e647213132add4173c1d2c554c628816f56e21e274a40e185d90254e29c8bfc6fbfdfea2a492d43d23c0bfa4b276252a3f5e1993ab80ff832c4914
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/fpinstall.dll
- Size
  
  8KB
- MD5
  
  071b6233c92f69ffa1c24243328c3b94
- SHA1
  
  bb583c00e87cdc65e6254c7148d37afc1bbb3095
- SHA256
  
  5f6c63cb0ba539d692c5461730f057d0ec6c60639d772fbdc3753c3c6e746c43
- SHA512
  
  7fc2db406350488ee86ccffe1e99a91e0f509ef0429063336bf6f96aab07127df352db77fe9d00ddc3aa2db7886dfbac08b6acf6a5c647859956111ca47c24f1
- SSDEEP
  
  96:hluI9zRsuDjadgtA/L0XN4thAQ3y5k+29JdGn4GXONgYi0cXGburui:i0+uyRi4thMk79TGn4mdrXGbJi
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  e5f9d339d035e054e01648b4a00f8502
- SHA1
  
  cce01d02210f0480393d9fc5289fa692ce7f34af
- SHA256
  
  181d9ea85a56693e005d9991115e0d4179cf6bd0c18be71b19c69a330df70507
- SHA512
  
  4af944a5a5dd7cea6a375e5d12dbf8be8bb6e8c60ac174d688f295aa6b2bed09fe686ee4c213fedb6013b58252a53acc7553a8e05e12deebebc6e466a4839f1b
- SSDEEP
  
  96:GjX1XJX70rn3jud5ClMdOfHFI2NaeI0u1qND1qN3riUTEVX/cL1+:GDx1Arn3qd5ClyOtIs1uUhUZriUTEVXa
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Flash9e.ocx
- Size
  
  2.8MB
- MD5
  
  d3c50535c26190fead7785a03499c0ac
- SHA1
  
  6a72eea0f62b60d71cfb9da60cab6d178b1fb78f
- SHA256
  
  01ff419547aefb8e32715d3873540c058533ac6b0d301b1f98868aa6a17616a5
- SHA512
  
  55b299bcad2c7c7506f8eef0aceaf8764aa0e19e9907ff79b7e3f108d81a5d6566211dc6e9cbd29d7f1bef8f5daad9bb888ec345aa21899ab28b45394dbc21f3
- SSDEEP
  
  49152:bl6UTfZW48ixJH+ap+WqFvsyw2dHi1HyeYu/wP0cQvDYeKfih5T09Lv3TlRTM:J6UjZW48+J/pRovCJY6xO91RTM
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  FlashUtil9e.exe
- Size
  
  213KB
- MD5
  
  55dae09cbe5fe5e8eb2698107c18fd0d
- SHA1
  
  56935aa4cdd8d1f72c3a99fff3f1763d84e0310f
- SHA256
  
  5dd0e697c9fc82ec0ac35f5cba293fb3ea431828ac46b0ffa16923dff51a3cc1
- SHA512
  
  5cfc31658757b6118a3df9bb2ce966005add790027ad6d67a21e2381ea0e99a1e007f56b1efa4edf237b9bc99f5d288d417cf60187ca91fa757227e5b852e87b
- SSDEEP
  
  3072:vLWFf7IzTbrFXLqWrRu4TBfVOuJuISrG98Mka3XCvHEH:FJLJrRTBtOESrV+d
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  BlinkxBroadbandTV.exe
- Size
  
  350KB
- MD5
  
  bd2f6416721df0b07d02350359f9f669
- SHA1
  
  2292c9d37e8b2a8c4a4c6249363c22dcc739a573
- SHA256
  
  b41362bcbb5aed2fa09709964994075b9c59ac7d3dd926b1ee94c96dc61759e4
- SHA512
  
  2a044cfeaa79fb4f3fb624052bed3cd78033c59f044e38c80779ec138a2229ec0a260d021761df7121a00a266829aca6f5974da6d60cb6dfa77076de7647d6d2
- SSDEEP
  
  6144:zcG5HEI6K7F4vZhG6d1onsrjNP4/VJwarZYCPcRgzuxk4BrhdBsNpd/YWXokChKa:ziIzpsZhD549JwaVjN6CU3mND/Y2ChKa
Score

7^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral23 behavioral24
- Target
  
  uninstall.exe
- Size
  
  55KB
- MD5
  
  314e390f6ec6b3f0b0dfd38f8828f878
- SHA1
  
  edc9beb21d5bdf7f8d04b4988c946c72b38bb337
- SHA256
  
  8be9f2cd6e894f14c4f031207afa16fd0be4b5fd1ddb7587fc52dbc90ce3b941
- SHA512
  
  5a0b0ee1d0eceaf4bcdb9012c891e2545b9b51a4ff59aa4e91a511086cd6cbc949745f6c1c2f57bb13881ba7e04180985744002e709373ee70df76945804a7ec
- SSDEEP
  
  1536:ZXwjCzX139sZDM4y0DhmJFhkFUe1BgUyY:VYU94fDhmJFh0Ue1BP
Score

7^/10

discovery
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral25 behavioral26

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceupx

behavioral2

discoverypersistenceupx

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

discoverypersistence

behavioral8

discoverypersistence

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26