General
-
Target
b603bed71761fb52b5447157b8b24f05_JaffaCakes118
-
Size
1.0MB
-
Sample
240822-cz2ryaxgpr
-
MD5
b603bed71761fb52b5447157b8b24f05
-
SHA1
0ba551feebeaa0ce6566db9d1b1570bd021f9983
-
SHA256
945b847b0c8128007b684ce683687cbdbbcaf22de571b07b461e7ba6a82ea21b
-
SHA512
844819c81fcdc33bf38d7affa4785782d679050a582207fea4725f42310b79e6c8f89f6784c3f116b1cfd8c918aa93674511d089b33ea8965d1a962f15dddcf2
-
SSDEEP
24576:SkTeyMoImDQ1RVfKLfpIDwJX0l45Fas9Kb/xvAHnKLglShk:Sk1MoImk1RVfQpy6S4fwFvAqLiS+
Malware Config
Targets
-
-
Target
b603bed71761fb52b5447157b8b24f05_JaffaCakes118
-
Size
1.0MB
-
MD5
b603bed71761fb52b5447157b8b24f05
-
SHA1
0ba551feebeaa0ce6566db9d1b1570bd021f9983
-
SHA256
945b847b0c8128007b684ce683687cbdbbcaf22de571b07b461e7ba6a82ea21b
-
SHA512
844819c81fcdc33bf38d7affa4785782d679050a582207fea4725f42310b79e6c8f89f6784c3f116b1cfd8c918aa93674511d089b33ea8965d1a962f15dddcf2
-
SSDEEP
24576:SkTeyMoImDQ1RVfKLfpIDwJX0l45Fas9Kb/xvAHnKLglShk:Sk1MoImk1RVfQpy6S4fwFvAqLiS+
Score7/10-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/MakeDll.dll
-
Size
392KB
-
MD5
eb907eaaf1d86c90112783c8a189882a
-
SHA1
04ca0180f47096b3ef711914cf93ca6ec2b6c390
-
SHA256
42e21a9f51079d8a8c211b20ffbb31e86ed1e68f306cf72442a5b46c49ffff1a
-
SHA512
0e5327d7447ce77ab2001d1bd2bdd634da5adf1160064d77747381e3912e0b9716134edf847fdb0fd32847a5ec8efa4edd6bddbb568b7e849c99e4cbde9817ac
-
SSDEEP
6144:LET26hNKPuz98w6DkrSbu0ia7TOscYT0DEw0isbDfg7dNpJ7yOSc3gvlb/wl:l+NKPs6oubumRqoisw7P7yOF3yb+
Score3/10 -
-
-
Target
$PLUGINSDIR/NSISdl.dll
-
Size
14KB
-
MD5
33d4a515252e42901fcd3230a749e92f
-
SHA1
168ccf18807f372d59c954425b23e3ba07b9e32f
-
SHA256
83817610e28c78c766a183e66d9fa47f1831b702846cae2ec51ba5848c9dbde1
-
SHA512
fcd40f466403d3243d8a8d2e98aae74f46d5b5e9e254d13485281e86022305a3e8d47c6411175a9f2f90ad8d10aa40614c71329969ef895a20d60688a649adba
-
SSDEEP
192:HPv+wTtD0MzoU7Fs0+/gcDmduwJQXzw+KtnvH0tKO/B75D/Vp6kn2HgsDw0:HPFT90MzRF4/Bj0v0tP9gk2ZDw
Score3/10 -
-
-
Target
$PLUGINSDIR/StartMenu.dll
-
Size
7KB
-
MD5
72f18eaa88886bd0d46de64a17d9720c
-
SHA1
e604c84de0ded023cf4c5e215c0534faf1d18227
-
SHA256
05f699d932f1fea8e6f1a711c3bc8ba51463b924b78a68bfd0683295de008da1
-
SHA512
5a80e303f1418dde67ffe0b9b60d574b85634de0d2b557a6691229812e9b376fb34ba7e276efd0e20f35baec91f1030b738e2138d7b7ee146715fcab5cd7e018
-
SSDEEP
96:VgJbo7bG2VHk3C45rJixqE+6nSvMn0iGLG8wq/aAtJ1t2RhU1fU:qJk7ZHgRJRHvcwBwqP/t6wf
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
10KB
-
MD5
2b54369538b0fb45e1bb9f49f71ce2db
-
SHA1
c20df42fda5854329e23826ba8f2015f506f7b92
-
SHA256
761dcdf12f41d119f49dbdca9bcab3928bbdfd8edd67e314d54689811f9d3e2f
-
SHA512
25e4898e3c082632dfd493756c4cc017decbef43ffa0b68f36d037841a33f2a1721f30314a85597ac30c7ecc99b7257ea43f3a903744179578a9c65fcf57a8b7
-
SSDEEP
192:ibEOXfXZQ6i1AZ2q6grklcm/iaULQAos:ib/41AZN6uklckLUJo
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
c6284e23cd7e4d11db8298deb4541083
-
SHA1
e338686c7579620383ab8cc5a51bbb8d846f60cf
-
SHA256
79914940cbbf70a385f13a9970a9d577d7a7e07d240fe44563b45a472cd4bc3f
-
SHA512
72103e470d770fb402a18e975ff339526a3e4c9aeb8fac1b0977995a6eace0eca965b1915404df9b5a25b59628db1b199d2b9b10372841309c137054356a5cd7
-
SSDEEP
96:q0HzOxnC1hncrcpRciM8wcxMkDOW6LbUXv8X2PXv5bcndYosRn:qJxw3pmiMRxNE/8c5bcdo
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
40909a97db3a51fc83aaeff503128b3f
-
SHA1
9693d68a1fb11db70f61b8277e1195dd298abbab
-
SHA256
f2633b3604a80a7b1be67858fb43288fd7b686730bad158f347dfa38c6df59d9
-
SHA512
cd1425e28302dfeced644fa155a09549aae25b96f5f6a7688624135a69be7abee8e6eaac89194dc6ec89281c45e00451fae43db5953360ee9a47dc0d11d07c77
-
SSDEEP
96:+Vyk3+0P+gcVUzWKw1lq4xNmuUUOnyX3z9zJ5cVK23EHC:+40P+gcVUzWlyuUStJ5cVKXHC
Score3/10 -
-
-
Target
$PLUGINSDIR/nsRandom.dll
-
Size
21KB
-
MD5
ab467b8dfaa660a0f0e5b26e28af5735
-
SHA1
596abd2c31eaff3479edf2069db1c155b59ce74d
-
SHA256
db267d9920395b4badc48de04df99dfd21d579480d103cae0f48e6578197ff73
-
SHA512
7d002dc203997b8a4d8ec20c92cd82848e29d746414f4a61265c76d4afb12c05bce826fc63f4d2bd3d527f38506c391855767d864c37584df11b5db9ca008301
-
SSDEEP
384:LCHDPMs4GdtyO5roguusMxUXiO3wOw95euooP2UgKbd9BvNtf:LCHD6Gh87MKXil/5r2U3z
Score7/10-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
$PLUGINSDIR/registry.dll
-
Size
16KB
-
MD5
351f89337642c165a48dd763aa210023
-
SHA1
a5b204cbc51a0ad84248aa680b85be7824f3354e
-
SHA256
b610ab13da00e05b000026c73081cfdf0d2ebd3f2fad05e1d0f277060fc3c07f
-
SHA512
10326b95ea81b377f74cb9e42135e891930a354b65ce50a4562246da33ca6816f5397089bb60cd1eb647bd28829d70f6425c3113440e11f9a9a4f7fecaac7f4c
-
SSDEEP
384:tTVUUuJHxgeh2OTU+X9pCtlohiTV0pWY7:tTqzHxgeh5X9oaiTgW
Score3/10 -
-
-
Target
$TEMP/xcmd.exe
-
Size
32KB
-
MD5
378e0103156f2e6844c83087d80a7156
-
SHA1
c3e577e294ee81cd763625b4f6657795c4a8a6c4
-
SHA256
82fbc8842aceeb471967d2e78b7336c972e3d1379fcd23662df022af958f40c1
-
SHA512
0d9e162042f0894aeefb4d43a2c98161686b4451605cbaddcf12f367b17ed1a3796370e770dfbbe6b2ce7ddfba7dc42747ce564b8f80c292b331a600910103bb
-
SSDEEP
768:vGw9ERxPw5DAKshWRjzrjBav9+IZ5deSbA:vGQc4TsYznBA9LISbA
Score9/10-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
$_48_/$APPDATA/xcmd.exe
-
Size
32KB
-
MD5
378e0103156f2e6844c83087d80a7156
-
SHA1
c3e577e294ee81cd763625b4f6657795c4a8a6c4
-
SHA256
82fbc8842aceeb471967d2e78b7336c972e3d1379fcd23662df022af958f40c1
-
SHA512
0d9e162042f0894aeefb4d43a2c98161686b4451605cbaddcf12f367b17ed1a3796370e770dfbbe6b2ce7ddfba7dc42747ce564b8f80c292b331a600910103bb
-
SSDEEP
768:vGw9ERxPw5DAKshWRjzrjBav9+IZ5deSbA:vGQc4TsYznBA9LISbA
Score9/10-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
$_48_/1.html
-
Size
315B
-
MD5
49e885c1bd66fc43e856a00e59d71188
-
SHA1
628236a9f86f70b752ae1faf6ca46b04274ba36e
-
SHA256
03144142bc87d5c83b12dec5ba95011cbe48dfccb82b7eb9b06d1e6527a03b6a
-
SHA512
4a927b5a3db44561ec75d7f37d66a3f2d4203b731cdd05a12e63688c4dcdba8b8af8c8ed8ec6f1a55a88e11d6f82ce22cd553ca08f27298030d18b7cc9f56533
Score3/10 -
-
-
Target
$_48_/3.bat
-
Size
2KB
-
MD5
b21fbd3de561b86c0528c4c6210bf117
-
SHA1
b9013c67a00ae4f3a2ae5e9dc21c76a9166da481
-
SHA256
564b006373ca49bca8fd030fdf188d005440c2e970531e84038faf36c124247c
-
SHA512
4631e2e95edfc2a24169aa1c146f7b393b61808cc3a6b310705ec5447aada8cdd032ae48e6b258d194278027ba476e28dcb24e726d5f82820c0dc59ebdb19dd2
Score1/10 -
-
-
Target
$_48_/3.vbs
-
Size
3KB
-
MD5
a2b360537f752ebdb4701a160ebb9e42
-
SHA1
88aef2d37f97c598221a2fa267d318f8c899b01e
-
SHA256
ff61f3a87b9944d67e053a3c595c810ad1b65ff6c4fdddac0a165ad839d42111
-
SHA512
9b2c07b0cc2d0b8c82230a5df114c68c7cdc87b0d5a5fcfa2846764b58f381c531b2bef3a62779fc4d79bb48fe3ed35a39d24a1fd4e354ca6cd6aec78bfaa6f0
Score1/10 -
-
-
Target
Uninstall.exe
-
Size
48KB
-
MD5
9cc4b0b295dde88e04e82fcfe1a6e0aa
-
SHA1
9bc1029b26593e870d2112073b9c9e043fa8665e
-
SHA256
01b3137f0e9caf1f7781a2505a7e08e4b19311402bb9419be66c44a5b2b529e9
-
SHA512
4277640f5f21403d8b0998c2a0d49a11ed228463dd15b11bf3bbf8d9c4cd4872fd6d837c13329792bbd7f5d3297524a71ed838a79753967ab2da595080f9a41b
-
SSDEEP
768:SoOjbhlc7sUoQnAz3ppOo0QJSHijv5js/wJJQPgd2iZQAm6kRRS+NoJRnOIx:XOPhlosUoAarDX1JJQgdLeAyNZk
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
֮.exe
-
Size
1.4MB
-
MD5
5b09029117dedb91f4b06ef3c0e8b94f
-
SHA1
6cef43f5147d5fe01b66748157782626cce44c28
-
SHA256
4dbc3ae45a04dea291f318cfefdd091af2d6a2a747f4970a1c369752ca093558
-
SHA512
fdd0385a7f094774fb77bec9830c7eb62fa081936c55c91539394421d2b0b8dde8ea7bb84a48001814a1e0b496e741cc5ee5c2ebd905c9ef945e7dbb22e38c32
-
SSDEEP
24576:SRFS7Iid6Nx7izcFsaWrtLTOITQA6kOStpbspT63cGnD:vDd6ziVTOITQAOpT63cGnD
Score6/10-
Checks whether UAC is enabled
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
2Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1Install Root Certificate
1