Overview

overview

7

Static

static

7

bb62760293...18.exe

windows7-x64

7

bb62760293...18.exe

windows10-2004-x64

$PLUGINSDI...ol.dll

windows7-x64

3

$PLUGINSDI...ol.dll

windows10-2004-x64

3

$PLUGINSDI...FC.dll

windows7-x64

3

$PLUGINSDI...FC.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

7

$PLUGINSDI...ll.dll

windows10-2004-x64

7

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

EasyDL.exe

windows7-x64

7

EasyDL.exe

windows10-2004-x64

7

EasyDownloads.exe

windows7-x64

7

EasyDownloads.exe

windows10-2004-x64

7

current-cloud.html

windows7-x64

3

current-cloud.html

windows10-2004-x64

3

htmlayout.dll

windows7-x64

7

htmlayout.dll

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bb627602934a526d02345485f85de3aa_JaffaCakes118

  • Size

    3.2MB

  • Sample

    240823-mnyagsygpb

  • MD5

    bb627602934a526d02345485f85de3aa

  • SHA1

    cf66d71b1c53531d976e523c380878c81ddd3e01

  • SHA256

    f86c4a81d24784168933c35559aca3954ba2b52573b666fdaf1e626b2f343545

  • SHA512

    896fd702d53cec995f1b726902d78716eddd6d722e0abb285a2128114276f03a6de5472236c02792f5b53a4c175960b74de4d77d1fa4cf9078d7b0e5d822c00c

  • SSDEEP

    98304:XPbZmYSmQ9WdfOJhYhzjlz0c0GS7SH/rnV/IlZ:/tmxwq2pKGK4/rV/2

Score
7/10
discoveryupxvmprotect

Malware Config

Targets

    • Target

      bb627602934a526d02345485f85de3aa_JaffaCakes118

    • Size

      3.2MB

    • MD5

      bb627602934a526d02345485f85de3aa

    • SHA1

      cf66d71b1c53531d976e523c380878c81ddd3e01

    • SHA256

      f86c4a81d24784168933c35559aca3954ba2b52573b666fdaf1e626b2f343545

    • SHA512

      896fd702d53cec995f1b726902d78716eddd6d722e0abb285a2128114276f03a6de5472236c02792f5b53a4c175960b74de4d77d1fa4cf9078d7b0e5d822c00c

    • SSDEEP

      98304:XPbZmYSmQ9WdfOJhYhzjlz0c0GS7SH/rnV/IlZ:/tmxwq2pKGK4/rV/2

    Score
    7/10
    discoveryupx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/AccessControl.dll

    • Size

      10KB

    • MD5

      055f4f9260e07fc83f71877cbb7f4fad

    • SHA1

      a245131af1a182de99bd74af9ff1fab17977a72f

    • SHA256

      4209588362785b690d08d15cd982b8d1c62c348767ca19114234b21d5df74ddc

    • SHA512

      a8e82dc4435ed938f090f43df953ddad9b0075f16218c09890c996299420162d64b1dbfbf613af37769ae796717eec78204dc786b757e8b1d13d423d4ee82e26

    • SSDEEP

      192:8SEWBGgiJM4LN+xq56XdNcNz/NWdlJmlyOcROQ:8SEPgii9KTzyt

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/SimpleFC.dll

    • Size

      175KB

    • MD5

      d38543fc9ae37d188a23e06ee11d3504

    • SHA1

      174fe778f66db4a527fddf21b1c23e1bc1ceceeb

    • SHA256

      72f33da081b8d579f437e7aa2ba8d9cb9602270b88093ff9411ac6316b52fc6e

    • SHA512

      43d1874e5821d8e5530eaa34d42b76aa867528368779fadcfd2691825297accf04e94bd34867442a76c25d4729edefba9469de6500acfe6f665949f11878c54b

    • SSDEEP

      3072:l2sd6EP05etg+rKTTmYjcnPMdsRrdU+/mbM/AuaNoNglzppVn5O4z6ULfLb6Cu:Us4zIg+rKTTmnhfAoSxZ5OVu/

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/md5dll.dll

    • Size

      6KB

    • MD5

      0745ff646f5af1f1cdd784c06f40fce9

    • SHA1

      bf7eba06020d7154ce4e35f696bec6e6c966287f

    • SHA256

      fbed2f1160469f42ce97c33ad558201b2b43e3020257f9b2259e3ce295317a70

    • SHA512

      8d31627c719e788b5d0f5f34d4cb175989eaa35aa3335c98f2ba7902c8ae01b23de3ccb9c6eb95945f0b08ef74d456f9f22ca7539df303e1df3f6a7e67b358da

    • SSDEEP

      96:GL2PcvGn5olZMTZxEp8agTsflVwn4GogZcko5N1ub:U2Pxn5UZMTZipyaw4ZkKP2

    Score
    7/10
    discoveryupx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      c10e04dd4ad4277d5adc951bb331c777

    • SHA1

      b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

    • SHA256

      e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

    • SHA512

      853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

    • SSDEEP

      96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      EasyDL.exe

    • Size

      1.4MB

    • MD5

      cab474650ccde81bdb109be6ffc680ea

    • SHA1

      d8eb6b58ad0e1495285fea183515868773d9cbb7

    • SHA256

      70aca20647c65107dffcee4e346f6cb049d9a9305b95db8f702adc5476499708

    • SHA512

      b24b1983b3ca5fbcdaa3a50b403f90c3d2490a815e72a215e3d28e3b6ba820a6f443c36e36fb8017314b4ffe5b549dccadd108c22c82cd68fa2babf3e22e3810

    • SSDEEP

      24576:4/dRywz9R14OxNOtqeb1pRcUN6ptAaqgPjN7QFeSY/8SUYDd5zFsOTtIkG:ulz99iRb1ABptIeN/8S1DzF9I

    Score
    7/10
    discoveryupxvmprotect

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral13behavioral14

    • Target

      EasyDownloads.exe

    • Size

      834KB

    • MD5

      098e4340b8aea4f70ec541c2b97eaff2

    • SHA1

      85964207bf205cc0c8c1ef27e7f2e3cd9c1e0a03

    • SHA256

      ddd0d2ac7e5936324e3114b7930717bbc8a372a94436203774b809d0340fe105

    • SHA512

      ab7520af09bc4051b3c8763b3c45d520a47d27da091cd990c7eb7c9a83cc74aae602b553dab2ee1517c462a6c0cab8e8071f2372cb3d7c6ff8c4243d3941cf38

    • SSDEEP

      24576:XPYgBb7zmAwoCoSWjgMwT9owVz6LX0pg2eZO:fYKOAhCoy9ow8UgpZO

    Score
    7/10
    discoveryupxvmprotect

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral15behavioral16

    • Target

      current-cloud.html

    • Size

      3KB

    • MD5

      bd5fc9f2a750d10e81bd04ef74bcf51e

    • SHA1

      3aeab1d8a142148e965dfd7dc8921d8e29dd5c70

    • SHA256

      31d991813aae94d90a7becbc29ee7f8c31f99194237aa0e10afac0317cbc782d

    • SHA512

      57aef839d88231993e762a8ebe49f1455aed5b2e6c7c93bea2d128345f61d04f55d62ee131bd8bb946f86459c2feea644a0aa5f42000e20718d5daa43dd0f67a

    Score
    3/10
    discovery
    behavioral17behavioral18

    • Target

      htmlayout.dll

    • Size

      921KB

    • MD5

      41759604a2974702faf51eb045a20f0c

    • SHA1

      b391049bde295b68298e0c9457ace97dcbca5b3c

    • SHA256

      d128b74c6df97c2081fd6144aeb335195f785132bb51f281d66bd0431e6577f3

    • SHA512

      e39fa7cc948a34e1061a6acdf8594500604616eb311daecfc75ae9263da2b904f770d8ebb5dc838724af0104ae562121490a52f1dc15895197a45f4366f4191c

    • SSDEEP

      24576:HGkarx/Npo6VLBJLGMZyUN0N5DcFTfWlAVZj3AzHdE7qF:U2yNJLGwF0bYpWl6tydc

    Score
    7/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral19behavioral20

MITRE ATT&CK Enterprise v15

Tasks