8d64b90b5331eadd4ef5adfb7bea163d7f8249a13f0853775a9dc7d9e74eafc8

Sharing

Copy URL Twitter E-mail

General

Target

c265e61a6eaea75fe9c92d0f7a21fc85_JaffaCakes118
Size

5.0MB
Sample

240826-gjf8hszcpk
MD5

c265e61a6eaea75fe9c92d0f7a21fc85
SHA1

3df04fefe006c621b0fbb3a2846d446249d7e365
SHA256

8d64b90b5331eadd4ef5adfb7bea163d7f8249a13f0853775a9dc7d9e74eafc8
SHA512

2825356bc835677c16809ebb778a005fd494f6cd80edb684f1818b44d6c56b4fe9a08a7f78976b55db55367020fa9d58be6f0b09b26955303fdf714912cb222e
SSDEEP

98304:9mRP0OQv9L63RrLrmH/5cOub8QdXkbsPSyl0+AQ1UVHOtkFD+yWV:9o0Zv9L8RPrmBctTdUubl+BO6m

Score

7^/10

Malware Config

Targets

- Target
  
  YoudaoDict_crsky.exe
- Size
  
  5.0MB
- MD5
  
  722107a7992c996f3cd6643ada68a5b2
- SHA1
  
  5efcb4d387160e15fe8580243eb55918ef2321af
- SHA256
  
  c03e16449f67eeb2f73ac2dcf61b1dcc0a6f7520f97844931244b1646b4784b2
- SHA512
  
  20e5397d6eb04f68e706ffc0253df4bf094ede2270e2c565fa6142a2707d672f676e714b656f80b0be67d8094ac73268c40f5c1e6de12e7a0b27030422d8f88d
- SSDEEP
  
  98304:1CnulpP58XxoZPhp4xzJE+wvvgUMfbEH6jZ1R0FmuCieOQLNbpUUGaA:1CnapOXxoZPhKxzJMngU6bEaZ18mbNbc
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  33KB
- MD5
  
  c6e1bd79c42fae30f95db66d168ca034
- SHA1
  
  7cdd4a01b55b5e99b3f007e67c0f403e996af456
- SHA256
  
  4f13328bf6a006897b0ea5481a27fc96bc1edcf7eeb9816023f583471af2d5bb
- SHA512
  
  3b3214907be4c54362d615cdbe1dd7993fe825c8ae8cca76c8e27549bb3155a9c4970c2cf2711a97bf280f1958cf1aa41864226e2a68d32e6343c3704a9856f1
- SSDEEP
  
  384:pbme/+uycTFC1zedCa2pbzDgp4CZkGTTh26rK+KtbQyhPE:piuycT01zedCa6bwp4nLZ
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  28KB
- MD5
  
  67377462619cd6b7ebdf4acd85e9dc7a
- SHA1
  
  9d9578c9d8581e1374395e3944f3ccbb166909ae
- SHA256
  
  6e4870c69662ef7832535668b9a44c093eb971711ca8695b4daa7f5af6c5c96f
- SHA512
  
  0f552487f38fa25937096fec0f6bb2f7de707d980db681f600f93596043533e8618b76cdfd7aa43aaebf45ee019682ac85b700e774c44d55c2a4c86a08afaa2f
- SSDEEP
  
  384:0vbX+g+YpnOkBTGyRXWqluRWspXEB67Tyg+:bg+YFTBxR96zW
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Acrobat2Dict.dll
- Size
  
  15KB
- MD5
  
  1a01dbdb8735aa82d0f2003ceff03571
- SHA1
  
  80d080e7a43f4336da7f9c015fb8cf7f0eb83a68
- SHA256
  
  5f1e14e50af5f7f155a6c0c24fac5b0da7427603cbdd2b5b4c910fe47b6f56a0
- SHA512
  
  8da45592ab3c9cd0b3d073edbd84c4adb7c814085c367abbd3f07c30c4f8b55bc547c03c514561b949b8d3be76674972c9fc04516bccc8d8651accbbefc7afd4
- SSDEEP
  
  192:bVeBkHaJi875QN05xGz4Oa3Xu6Akpb+8pFfseyowJL/8Qpkqs1IO8Lk5+ebCfOpL:xaQ875QAOWe6LhbBYJLu1qabCUai
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  CrashRpt.dll
- Size
  
  93KB
- MD5
  
  57403215fbdefbefbf3209d84241da24
- SHA1
  
  d4d655678b92e09b05f8713d502cb64ab6bd221c
- SHA256
  
  92943e39d9242f3157c8699f91cd17d6f8c24ad79ab41682f58b92ad08fb9904
- SHA512
  
  23b236acad5251af242ea4e5b3939366ebad84297b0bc4896f48f118a8cd7c8b2b411bd0b6c284af66d0790c04f8bcc018791bd89b6a596941daefce0dcbb539
- SSDEEP
  
  768:/MQ1nbS7tV/8R6UybKmdsImQHrditCVbKBYfiVFAQZOBUtkpvdD/PI+bGXMR5teT:H1YdPKmd6ztCdKBYf9V6m/RRte9aBCNP
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  InstallDaemon.exe
- Size
  
  113KB
- MD5
  
  8b642ebc7126c730668f63ae1bf38e2d
- SHA1
  
  70356b7dcc02b0c9c293e9ced9836f3e98b600fc
- SHA256
  
  a67106800c6203eb413f38193e29e272fa37b7143a324be169abccb6dd23a4fb
- SHA512
  
  cb5e0aeff70ef273c2794ea974ec040ab1fd935f2a1480afe2abb8f6a1d0091d2d8aea529f7dd67cabdb87a82ac2dc7e5f27f5dec4efb04597f73bef85198273
- SSDEEP
  
  1536:RDK33ss3ypzKacDzbzIEEbrajdMR7Or7tY/KpaBCe:Rps30xqzb9OR7Or7tY/K0n
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Monitor.exe
- Size
  
  97KB
- MD5
  
  2e333a35119bc62182886fe2c79d6066
- SHA1
  
  fb1ceb35bc9625b474fa38e0f56d34a57ec68f07
- SHA256
  
  7689901a8d02fdff870b737a441f7721368782a6114c3b324b2bf5808ae73652
- SHA512
  
  654b4326f6da5cdddd518b36cfe8d73a2af1ca588e9b35e69d191d9b4d9dcd7137af060bcf30e7b1d9515120f64b585baa21eb683851a212bbf2238e389d3d54
- SSDEEP
  
  1536:GVyP6yZDVbjfkL8aAui+exyZndbOKS651aXaRiJqYiuFWPpTE4aBCPr:GAP6oqdHexT651NYiG6TEpG
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  RunDict.exe
- Size
  
  389KB
- MD5
  
  46cf3f4e4154eba3a691de0850492c3d
- SHA1
  
  2f8ae36888f013d56765d5e09036b3734861f214
- SHA256
  
  801466b09c6cab683ee644b803e4078db52c5cd52f98f0e05a3fa736e83e800f
- SHA512
  
  ea30eda94f7c221742f3a4850e0abaf4ff127e4474f7acf31b4392e5025c6ca220d59a51841c403e4d73bf45b255000f9b20672aaee820761a7fcdc87c5ddbf8
- SSDEEP
  
  6144:SfaLwjN+iXdbYMYSTnz8wNW1NGv/HhQ1UCDICJlhXr7:Sx+it8m7NW3MHhQ1J5h77
Score

7^/10

discovery persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral15 behavioral16
- Target
  
  TextExtractorImpl32.dll
- Size
  
  137KB
- MD5
  
  a3f49212df77af574528614b1f589262
- SHA1
  
  e6c7f40b1a27c46ae668d3e64a9e6fccd76abc55
- SHA256
  
  427568ae52f3797fa0fc54b2bf717878b02024575f084807b5eff111accc1d9d
- SHA512
  
  872dc64187ed5754282e8cc6a3514098bbbf744f3c5aa032f75e7244e278e65804051432cb0e6d3351811d85f6b8304a1dfcd4d972e7d12426e9024ecdf0a3db
- SSDEEP
  
  1536:x6jalSLC44jlhrFOCWWn70klzhipJuJk4RMLZwIytyKSgaBCf:8jalBl/O+gKpRMLOtyKiq
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  TextExtractorImpl64.dll
- Size
  
  177KB
- MD5
  
  59c4961b75f6f1ad78e2f82cb8443a12
- SHA1
  
  25699d9d1f6c00e9561648037aabb3a25b1cbe79
- SHA256
  
  771599f59b9197b4493ee210e2c0d849d6238833ace50bb4cd4d1d17894066f1
- SHA512
  
  9e389619f04cc9d0fd1d89d2cad0ef65a3c577241c74be91daa7465e9fb1417adb97b783fed600eaaa3cf071e47441a0e0c853d6e262502af3119d1631379e5f
- SSDEEP
  
  3072:/69CEKw4yW9E9haLssdDa2QWZ6wB31RtnOhYNf8Q+1jdMaW6G+vgHhcl3Lb33IF:i8EKwO9EpsI2EAlrUYNfa5ko33IF
Score

1^/10
behavioral19 behavioral20
- Target
  
  WordBook.exe
- Size
  
  1.6MB
- MD5
  
  cea0d3a968f5d11d5bd3bf998ee298eb
- SHA1
  
  e5f78689189b9bba2d90fa1d04abffa147693e45
- SHA256
  
  d93a5d6cab108ea448143be03776269198f0dc0caf6851607d88f390b7bf5532
- SHA512
  
  fcfa776f0b6be311027fadb108331165d303fef378f3321c394efd92030a2fda9469039c24619b0748389048b93a59b516a9256713f2f620a001d7a2ac955476
- SSDEEP
  
  24576:AV8O+6mZZ10hNs/cORIN8OIxHlgyNaIuyRt/RfJ0beYSu/+MXTsgN+9mF3gBU:0N+OIvuMt/Rf1YtnXTsgN+9mF3gBU
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  WordStrokeHelper32.dll
- Size
  
  61KB
- MD5
  
  ebafe023691d9c4690996a888019b1c3
- SHA1
  
  d567b8614f252efc4dd129b825b73f9099e4f4d9
- SHA256
  
  a86bc7a01504991bb18a2410a4f21c0c4106f16a8d4a9652876d22e88f8543fc
- SHA512
  
  e745aef953e92b6ae3223880cd0fdccba5e186f6c98605f9850e0bacb276571bd8d15ffc92a4a3d0a029e1256dec5e68f86a36efcd304b1d43847666d00703b5
- SSDEEP
  
  768:2iDc9QH0zkuqVGg2WDW4N7Z507JtVt9FLWRbC2U:2zir2wWm507htvaBC2U
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  WordStrokeHelper64.dll
- Size
  
  53KB
- MD5
  
  b5911f5efb4d2c6217c89e3fbab5708e
- SHA1
  
  cb65fd5943e45ffc0836eb873890cc7653f6d0c6
- SHA256
  
  1cf8e06091e7389360ccf10e2bedeb5c0a8e4cb4554e91efc161e92d174eae3e
- SHA512
  
  e6b8f1995c0722c8746ebcdb5b0f012c11b184154ef78b866ecb42e180acc00bccab45aa9c57390391c9a059f04163840b012e798c9f9a5b5fd658e26616f51e
- SSDEEP
  
  768:US9xVfhn/RL2oMtl3llHfbsgg/i2P5ZBKuo1L6kLWRbCcH:j9n5nKDfbsg8i2BZmLDaBCQ
Score

1^/10
behavioral25 behavioral26
- Target
  
  XDLL.dll
- Size
  
  133KB
- MD5
  
  e2d715c56388b685a40374fc95b4ed7a
- SHA1
  
  d99f07340810cfad76c8a095c0926ed9cb3bbcfe
- SHA256
  
  b7557c50736f73bc3352c7834c5d818a21e095503f14c2a887368fde1bf63670
- SHA512
  
  4660a86e2ad80fd0f97c8c69d79d840559a0b4c078fca056d7cfae37f3b219457cf3f818138987f8a9fc1fca555fc9fc2681a9f7f19b017c839f023da6724bde
- SSDEEP
  
  3072:HQgj0bQLPfq7IRv0N6Ni+PQohA2CdCtXnrjwhNCK0R+:CQLK3NKLPVA2CdCtXnrjwhNCKy+
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  background.html
- Size
  
  1KB
- MD5
  
  b0c8c174d5fa67d9757932266a7448c7
- SHA1
  
  7de5ffce2756e976667901efbf7d5f4208759eae
- SHA256
  
  0c3dd8b7f5a8005f1daa8d52c8f4ccf4719a5de8ad92e52bb8a7d5fed39a6678
- SHA512
  
  9a1dc7b7647bcfaf57cc52c283ad5ac993e9481e7c851140179026210d5c33cd3c29682304f089c7424085ef9d0c7b5b54e99f48d6ec556e79a2ea86b9997578
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  lookup.js
- Size
  
  2KB
- MD5
  
  cde9715ee90d83a42b22aad9ba92bcae
- SHA1
  
  cf6727a8eef19132cb80122b71cec56f2c6292b7
- SHA256
  
  f151af7289d0f4b20adc3b9dba4a120881f929f9387a464f62a6f5b5d07cd045
- SHA512
  
  134d221f089b6e3396b9bb296325aad1c6bfd30e850ee0b4d385d5403b04a005f35285407dc50e35ed30e16f89baea37d7cc8965d80e20ce38fe266325e2e62c
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Checks computer location settings

Event Triggered Execution: Component Object Model Hijacking

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32