8ddadb92e141a716d58978c7cbfba33c506453cb9906e57102f6fc0e294f52eb

Sharing

Copy URL Twitter E-mail

General

Target

cdfc615911c66ffce2373f8987217a60_JaffaCakes118
Size

1.4MB
Sample

240905-z9h4xazbkn
MD5

cdfc615911c66ffce2373f8987217a60
SHA1

b1ec0020db6d55466774e074fbb3244a40671f0e
SHA256

8ddadb92e141a716d58978c7cbfba33c506453cb9906e57102f6fc0e294f52eb
SHA512

0a1eb99781f9b135f17862d553776d285b88b0401c40672dae0b283a23b2defe87d97627a1f391e047f69917002d3291d9842b507878abd34713d8fc76305dfe
SSDEEP

24576:C2oZIrlZPv3tBEJyfkEYEAM3g1QT+8euN1s+YmEDP/Fa25rkdWcVtqm5ZvnrO:ds0fzYzag1QC8eyGRmO3I25AzVt1nC

Score

10^/10

Malware Config

Targets

- Target
  
  cdfc615911c66ffce2373f8987217a60_JaffaCakes118
- Size
  
  1.4MB
- MD5
  
  cdfc615911c66ffce2373f8987217a60
- SHA1
  
  b1ec0020db6d55466774e074fbb3244a40671f0e
- SHA256
  
  8ddadb92e141a716d58978c7cbfba33c506453cb9906e57102f6fc0e294f52eb
- SHA512
  
  0a1eb99781f9b135f17862d553776d285b88b0401c40672dae0b283a23b2defe87d97627a1f391e047f69917002d3291d9842b507878abd34713d8fc76305dfe
- SSDEEP
  
  24576:C2oZIrlZPv3tBEJyfkEYEAM3g1QT+8euN1s+YmEDP/Fa25rkdWcVtqm5ZvnrO:ds0fzYzag1QC8eyGRmO3I25AzVt1nC
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/INSTALLOPTIONS.DLL
- Size
  
  12KB
- MD5
  
  43ba71f370a45aebcde86d76b83b208c
- SHA1
  
  1f14e3c253a5b7255b617084b45e51ef9d6717e4
- SHA256
  
  6d0a19614efb523f78477429df04b71459ee69b3d16231798dcfa539b3d2a64c
- SHA512
  
  36aaf1ccb7c1085ba9fbacbad6c1505c9e389be5e9bd52ee7046b48302b8239d6e34dfeeb32a2708c4fb7d5a85c1d202fbdabcdd6a2cced0099249640443b551
- SSDEEP
  
  384:0Klm7i+c3QW6ckPhyDEaLnz2bbBBIXwZ:hqi8BcyhEhL6bbTI
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/KILLPROCDLL.DLL
- Size
  
  32KB
- MD5
  
  83142eac84475f4ca889c73f10d9c179
- SHA1
  
  dbe43c0de8ef881466bd74861b2e5b17598b5ce8
- SHA256
  
  ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729
- SHA512
  
  1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1
- SSDEEP
  
  384:3rYz6grZodORNWATt4TBmlk5ooyzFh7BukAUdJoUtSOSR:3QggDWATWNCFh7BNddJoxO+
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/STARTMENU.DLL
- Size
  
  6KB
- MD5
  
  c0a60e2104eb0e4b0eac4eccdc048285
- SHA1
  
  7b14600bb1e3120b5cf9aa6d5fd41a6f20f62e42
- SHA256
  
  977c38bebc30b0b1de5338ab237ebfdfb7df87450f347d85fad28131f635c172
- SHA512
  
  d7bf507c90145373acda753b14eacc89190c61d760ea30aafc864498d09475dfd0336266eab4d95fd53ce03d1e57aa772e3ede29dc67b2f060ed12116e5c5130
- SSDEEP
  
  96:yLJdRZk8OkmE+WHw0FMXF6CWhFxKpKsaQhEfP0:yLjPk8OT30FFAHCP0
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/SYSTEM.DLL
- Size
  
  10KB
- MD5
  
  0c8ea8e6637bbf8408104e672d78ba45
- SHA1
  
  c231c7acaf9abb7da93f28e1b71bed164d57103e
- SHA256
  
  509a93177a7ae130bc3b6b5ec3236c7aa0811b8b86f8ab3442c65fdf8ff85b1f
- SHA512
  
  ee763a3cdbbba3b28e6a903ac942c7228bd8e54b19de21d6187e481f2916d833d9b9800e5ac2998f4aa26274cdfb20a8bfdd10f00f2a15d37bcc529b617e1f28
- SSDEEP
  
  192:+OSsJI/rqmIDNLU0dq51EgAiNbubv68LZ:QHQQ0d01Egbq768
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsWeb.dll
- Size
  
  8KB
- MD5
  
  84bcf3c71e70d5a6e9dc07d70466bdc3
- SHA1
  
  31603a1afc2d767a3392d363ff61533beaa25359
- SHA256
  
  7d4da7469d00e98f863b78caece3f2b753e26d7ce0ca9916c0802c35d7d22bcf
- SHA512
  
  61aefa3c22d2f66053f568a4cc3a5fc1cf9deb514213b550e5182edcecd88fadf0cb78e7a593e6d4b7261ed1238e7693f1d38170c84a68baf4943c3b9584d48e
- SSDEEP
  
  96:9E1ZgHfHizBkiz1zCuNrwXTP8Jx/N6SCMeNV37bnwXwPML/bUdut5tCsPb2N6nOc:9E1ZkGdbiSCMeNN7LwAY/gd+Oc
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $PROGRAM_FILES/Baidu/bar/BaiduBar.DLL
- Size
  
  468KB
- MD5
  
  ce09bbf273e67347f2264d66005cba07
- SHA1
  
  7751ab1dcf3bb52083ecc4d00621d743131726f5
- SHA256
  
  97176d434158d5c96afbfabdeaf2601702c25fa76787a767e24d71860e74985d
- SHA512
  
  09f147b08a57ed15eff997031babb462b914b522020fa2570b1f5d46d012d8d87e7f6fb9efa6b12f1bb72af5ac85d577e426787179249dfaaf6a5d48b3acf6b1
- SSDEEP
  
  6144:d7Xgbji5kc0pY4apz2aWwXoOF9l743a9EHVA2dIjCqUV8Ual9:dzgbWuc0Ikw/PR3mA2dIjF
Score

7^/10

discovery
- Loads dropped DLL
behavioral13 behavioral14
- Target
  
  $PROGRAM_FILES_COMMON/NSISLog/Lang2052.DAT
- Size
  
  392KB
- MD5
  
  6f7c5b0aa8efb062cc3bd02a322111c3
- SHA1
  
  204fc1afe73a9571ea833787b2259cc84bb59781
- SHA256
  
  ebc13d0a0e033ba82d6dbfacc1152fb3d9b7d3ee4836f1da5833a0c13ce04c5c
- SHA512
  
  1acf42eb0dd3daaeb0cffb589c15844790109bbfcc29cd353a1cfed11f846c4b817342b62913589707c9e1888d22f613b4a341ff403f46393ff39717c2a09106
- SSDEEP
  
  6144:WpSRTGEOMVBT5IpP1JKTHyjaymgiOtwNSF6Diukeg0kJ8XvaG1ynqmcI6:W6OvgMmPjc6DivTJ8/aG1EqmA
Score

8^/10

adware discovery persistence stealer
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral15 behavioral16
- Target
  
  DiskView.EXE
- Size
  
  1.1MB
- MD5
  
  47e7cf095f37901ae5921df139277612
- SHA1
  
  a349033ef7f569dd5f465f6bcc4edaa6d011d4a0
- SHA256
  
  4a3dac088c62f4f2668c4097b1408d8a310a032e29e6d6b0500b0f5f7639acae
- SHA512
  
  dd35157ead742518768b25fe26f0fbe989b33d95f852a3757cbe6a469f70f73c2edb460f7d02c3524d7daf287208f8769859fb5b87368d362236665691cf7676
- SSDEEP
  
  24576:GfqfwCNTKw9lLUWRdumPnsb7zJ6TQW+1ttr0:mqf9smDhPst6QW+1U
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  File,Diz.ThX
- Size
  
  65KB
- MD5
  
  cc28a1b886f4b737c382917973cdae4f
- SHA1
  
  f40482987bcf5aae9b5ca1bf42096c46422aca76
- SHA256
  
  bcbd1d3b34a41c75145f681d0b9bd359523b87e3088ee7a18a4812ce5fb1797d
- SHA512
  
  f032ccb4a49cdafb207ed85c16c6e15f42ecb6d240b7318df1fc253612229a67ae08d2e869041c1c204a7215d473e9c30fa4b418fee1ac617bf87a846979b971
- SSDEEP
  
  1536:nvheR/feSm4j2euX7BdHvW5U9fd4qi1dTwGhUxWf6l4Y:YR/fJaeuX7b+5U9F4T5hUwCv
Score

10^/10

discovery evasion
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Loads dropped DLL
behavioral19 behavioral20
- Target
  
  HDI.EXE
- Size
  
  264KB
- MD5
  
  041ff2da0eb59e09358df89dbdc38536
- SHA1
  
  e769a2d0f579327bd4a59f38cfa4b4b33eebf9a1
- SHA256
  
  b592f3ee9a9ff747f1029d773cfc34eab592a68eb845efc85fc1d1ce430f1936
- SHA512
  
  473b00674205c50c1096751f30c93c6314bd8dfce962be168b392f71da796ff6aeebcd3dff6576cc5c66835ea3bfc859fe4b2931be12b2cdc25a2854f1962606
- SSDEEP
  
  1536:ycAfppcvVrMTLWqjSEAPr3TMESiedBtE/WcgeeKEAr:ni7YJhEA3MESBtkcAr
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  Lang2052.DAT
- Size
  
  392KB
- MD5
  
  6f7c5b0aa8efb062cc3bd02a322111c3
- SHA1
  
  204fc1afe73a9571ea833787b2259cc84bb59781
- SHA256
  
  ebc13d0a0e033ba82d6dbfacc1152fb3d9b7d3ee4836f1da5833a0c13ce04c5c
- SHA512
  
  1acf42eb0dd3daaeb0cffb589c15844790109bbfcc29cd353a1cfed11f846c4b817342b62913589707c9e1888d22f613b4a341ff403f46393ff39717c2a09106
- SSDEEP
  
  6144:WpSRTGEOMVBT5IpP1JKTHyjaymgiOtwNSF6Diukeg0kJ8XvaG1ynqmcI6:W6OvgMmPjc6DivTJ8/aG1EqmA
Score

8^/10

adware discovery persistence stealer
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral23 behavioral24
- Target
  
  uninst.exe
- Size
  
  276KB
- MD5
  
  7c649a020a8dd6fed7f50789e1d00c9f
- SHA1
  
  dc1cdf21da541be1647d9c196ec92a59ed717315
- SHA256
  
  c1f62a737b77887c5076d1cf943a67b0bc6768c4fd9c28f7ecaa22828b53d521
- SHA512
  
  1f0021d209b5b11b4f237026eef2de8c5affe9f594e2f580de4b7372910cff8dd569d1ab20d60a11aea84a15c21fa31b25808e15c244c5761a9e57508de43f20
- SSDEEP
  
  6144:Chko84gwETpYHRZzHfOoQnXKxR+EDWDBPfz6MtWwfEdU:CKo8hnYxZrWXn/ED0Bj
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  $PLUGINSDIR/KILLPROCDLL.DLL
- Size
  
  32KB
- MD5
  
  83142eac84475f4ca889c73f10d9c179
- SHA1
  
  dbe43c0de8ef881466bd74861b2e5b17598b5ce8
- SHA256
  
  ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729
- SHA512
  
  1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1
- SSDEEP
  
  384:3rYz6grZodORNWATt4TBmlk5ooyzFh7BukAUdJoUtSOSR:3QggDWATWNCFh7BNddJoxO+
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  $PROGRAM_FILES/Baidu/bar/BaiduBar.DLL
- Size
  
  468KB
- MD5
  
  ce09bbf273e67347f2264d66005cba07
- SHA1
  
  7751ab1dcf3bb52083ecc4d00621d743131726f5
- SHA256
  
  97176d434158d5c96afbfabdeaf2601702c25fa76787a767e24d71860e74985d
- SHA512
  
  09f147b08a57ed15eff997031babb462b914b522020fa2570b1f5d46d012d8d87e7f6fb9efa6b12f1bb72af5ac85d577e426787179249dfaaf6a5d48b3acf6b1
- SSDEEP
  
  6144:d7Xgbji5kc0pY4apz2aWwXoOF9l743a9EHVA2dIjCqUV8Ual9:dzgbWuc0Ikw/PR3mA2dIjF
Score

7^/10

discovery
- Loads dropped DLL
behavioral29 behavioral30
- Target
  
  $PROGRAM_FILES_COMMON/NSISLog/File,Diz.ThX
- Size
  
  65KB
- MD5
  
  cc28a1b886f4b737c382917973cdae4f
- SHA1
  
  f40482987bcf5aae9b5ca1bf42096c46422aca76
- SHA256
  
  bcbd1d3b34a41c75145f681d0b9bd359523b87e3088ee7a18a4812ce5fb1797d
- SHA512
  
  f032ccb4a49cdafb207ed85c16c6e15f42ecb6d240b7318df1fc253612229a67ae08d2e869041c1c204a7215d473e9c30fa4b418fee1ac617bf87a846979b971
- SSDEEP
  
  1536:nvheR/feSm4j2euX7BdHvW5U9fd4qi1dTwGhUxWf6l4Y:YR/fJaeuX7b+5U9F4T5hUwCv
Score

10^/10

discovery evasion
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Loads dropped DLL
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Drops file in Drivers directory

Sets service image path in registry

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Installs/modifies Browser Helper Object

Drops file in System32 directory

Modifies firewall policy service

Executes dropped EXE

Loads dropped DLL

Drops file in Drivers directory

Sets service image path in registry

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Installs/modifies Browser Helper Object

Drops file in System32 directory

Loads dropped DLL

Modifies firewall policy service

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32