Overview

overview

10

Static

static

7

HA_TWinMD5-042_CZ.exe

windows7-x64

3

HA_TWinMD5-042_CZ.exe

windows10-2004-x64

3

$PLUGINSDI...NS.dll

windows7-x64

3

$PLUGINSDI...NS.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...NU.dll

windows7-x64

3

$PLUGINSDI...NU.dll

windows10-2004-x64

3

$PLUGINSDI...EM.dll

windows7-x64

3

$PLUGINSDI...EM.dll

windows10-2004-x64

3

$PLUGINSDIR/nsWeb.dll

windows7-x64

3

$PLUGINSDIR/nsWeb.dll

windows10-2004-x64

3

$PROGRAM_F...ar.dll

windows7-x64

7

$PROGRAM_F...ar.dll

windows10-2004-x64

7

$PROGRAM_F...52.exe

windows7-x64

8

$PROGRAM_F...52.exe

windows10-2004-x64

8

File,Diz.exe

windows7-x64

10

File,Diz.exe

windows10-2004-x64

10

Lang2052.exe

windows7-x64

8

Lang2052.exe

windows10-2004-x64

8

WinMD5.exe

windows7-x64

3

WinMD5.exe

windows10-2004-x64

3

uninst.exe

windows7-x64

3

uninst.exe

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PROGRAM_F...ar.dll

windows7-x64

7

$PROGRAM_F...ar.dll

windows10-2004-x64

7

$PROGRAM_F...iz.exe

windows7-x64

10

$PROGRAM_F...iz.exe

windows10-2004-x64

10

�...��.url

windows7-x64

1

�...��.url

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    d1d6b0aff63df7ff1745e72356bc8410_JaffaCakes118

  • Size

    980KB

  • Sample

    240907-nprprssejc

  • MD5

    d1d6b0aff63df7ff1745e72356bc8410

  • SHA1

    efcae91eea4ce3de9819a8ceef5de52f63886a86

  • SHA256

    d92cb7e568554000f7f3fec67a47d0f6ab2700782fb20640b2ca23e900e2f340

  • SHA512

    407216a9854a66fdfb49fe18f81b93d435ede26b05956accc634774e7d7112bdb4cbdf0f08cca9479cbae0f3a02f7a0680fba02941bb57b0a53664989ef8d73e

  • SSDEEP

    24576:3BQsGmJXNNGhsMMPThfqXhcQgfKcxa8PxX2g6X86:3BzJdNGhsxTpqGHfla8PxX2gx6

Score
10/10
adwarediscoveryevasionpersistencestealerupx

Malware Config

Targets

    • Target

      HA_TWinMD5-042_CZ.EXE

    • Size

      986KB

    • MD5

      d00b52c902074268eb32caa68230bcd3

    • SHA1

      5726030c575e190018df66e5e4a4a0fb131ecd72

    • SHA256

      ba5a3f24050636d2224d9b4b0d0f79f5eb025167b3c811a57ee705719d592cca

    • SHA512

      9b2a8e2dd8833a6a0d92a6dc77f7e02f07114852d7c3ae4374e63e82138bc855b7ac510860543bc03bf3694b3766f840660bf62d362db1d1ebd09f8fbde89bac

    • SSDEEP

      24576:CWmFFisdw2mfGvDmUNDLVGzM9jc7OsChAi0x8QEf:IafGZR9jcZCh70xU

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/INSTALLOPTIONS.DLL

    • Size

      12KB

    • MD5

      43ba71f370a45aebcde86d76b83b208c

    • SHA1

      1f14e3c253a5b7255b617084b45e51ef9d6717e4

    • SHA256

      6d0a19614efb523f78477429df04b71459ee69b3d16231798dcfa539b3d2a64c

    • SHA512

      36aaf1ccb7c1085ba9fbacbad6c1505c9e389be5e9bd52ee7046b48302b8239d6e34dfeeb32a2708c4fb7d5a85c1d202fbdabcdd6a2cced0099249640443b551

    • SSDEEP

      384:0Klm7i+c3QW6ckPhyDEaLnz2bbBBIXwZ:hqi8BcyhEhL6bbTI

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/KILLPROCDLL.DLL

    • Size

      32KB

    • MD5

      83142eac84475f4ca889c73f10d9c179

    • SHA1

      dbe43c0de8ef881466bd74861b2e5b17598b5ce8

    • SHA256

      ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729

    • SHA512

      1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1

    • SSDEEP

      384:3rYz6grZodORNWATt4TBmlk5ooyzFh7BukAUdJoUtSOSR:3QggDWATWNCFh7BNddJoxO+

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/STARTMENU.DLL

    • Size

      6KB

    • MD5

      c0a60e2104eb0e4b0eac4eccdc048285

    • SHA1

      7b14600bb1e3120b5cf9aa6d5fd41a6f20f62e42

    • SHA256

      977c38bebc30b0b1de5338ab237ebfdfb7df87450f347d85fad28131f635c172

    • SHA512

      d7bf507c90145373acda753b14eacc89190c61d760ea30aafc864498d09475dfd0336266eab4d95fd53ce03d1e57aa772e3ede29dc67b2f060ed12116e5c5130

    • SSDEEP

      96:yLJdRZk8OkmE+WHw0FMXF6CWhFxKpKsaQhEfP0:yLjPk8OT30FFAHCP0

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/SYSTEM.DLL

    • Size

      10KB

    • MD5

      0c8ea8e6637bbf8408104e672d78ba45

    • SHA1

      c231c7acaf9abb7da93f28e1b71bed164d57103e

    • SHA256

      509a93177a7ae130bc3b6b5ec3236c7aa0811b8b86f8ab3442c65fdf8ff85b1f

    • SHA512

      ee763a3cdbbba3b28e6a903ac942c7228bd8e54b19de21d6187e481f2916d833d9b9800e5ac2998f4aa26274cdfb20a8bfdd10f00f2a15d37bcc529b617e1f28

    • SSDEEP

      192:+OSsJI/rqmIDNLU0dq51EgAiNbubv68LZ:QHQQ0d01Egbq768

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/nsWeb.dll

    • Size

      8KB

    • MD5

      84bcf3c71e70d5a6e9dc07d70466bdc3

    • SHA1

      31603a1afc2d767a3392d363ff61533beaa25359

    • SHA256

      7d4da7469d00e98f863b78caece3f2b753e26d7ce0ca9916c0802c35d7d22bcf

    • SHA512

      61aefa3c22d2f66053f568a4cc3a5fc1cf9deb514213b550e5182edcecd88fadf0cb78e7a593e6d4b7261ed1238e7693f1d38170c84a68baf4943c3b9584d48e

    • SSDEEP

      96:9E1ZgHfHizBkiz1zCuNrwXTP8Jx/N6SCMeNV37bnwXwPML/bUdut5tCsPb2N6nOc:9E1ZkGdbiSCMeNN7LwAY/gd+Oc

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      $PROGRAM_FILES/Baidu/bar/BaiduBar.DLL

    • Size

      468KB

    • MD5

      ce09bbf273e67347f2264d66005cba07

    • SHA1

      7751ab1dcf3bb52083ecc4d00621d743131726f5

    • SHA256

      97176d434158d5c96afbfabdeaf2601702c25fa76787a767e24d71860e74985d

    • SHA512

      09f147b08a57ed15eff997031babb462b914b522020fa2570b1f5d46d012d8d87e7f6fb9efa6b12f1bb72af5ac85d577e426787179249dfaaf6a5d48b3acf6b1

    • SSDEEP

      6144:d7Xgbji5kc0pY4apz2aWwXoOF9l743a9EHVA2dIjCqUV8Ual9:dzgbWuc0Ikw/PR3mA2dIjF

    Score
    7/10
    discoverypersistence

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral13behavioral14

    • Target

      $PROGRAM_FILES_COMMON/NSISLog/Lang2052.DAT

    • Size

      392KB

    • MD5

      6f7c5b0aa8efb062cc3bd02a322111c3

    • SHA1

      204fc1afe73a9571ea833787b2259cc84bb59781

    • SHA256

      ebc13d0a0e033ba82d6dbfacc1152fb3d9b7d3ee4836f1da5833a0c13ce04c5c

    • SHA512

      1acf42eb0dd3daaeb0cffb589c15844790109bbfcc29cd353a1cfed11f846c4b817342b62913589707c9e1888d22f613b4a341ff403f46393ff39717c2a09106

    • SSDEEP

      6144:WpSRTGEOMVBT5IpP1JKTHyjaymgiOtwNSF6Diukeg0kJ8XvaG1ynqmcI6:W6OvgMmPjc6DivTJ8/aG1EqmA

    Score
    8/10
    adwarediscoverypersistencestealer

    • Drops file in Drivers directory

    • Sets service image path in registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral15behavioral16

    • Target

      File,Diz.ThX

    • Size

      65KB

    • MD5

      cc28a1b886f4b737c382917973cdae4f

    • SHA1

      f40482987bcf5aae9b5ca1bf42096c46422aca76

    • SHA256

      bcbd1d3b34a41c75145f681d0b9bd359523b87e3088ee7a18a4812ce5fb1797d

    • SHA512

      f032ccb4a49cdafb207ed85c16c6e15f42ecb6d240b7318df1fc253612229a67ae08d2e869041c1c204a7215d473e9c30fa4b418fee1ac617bf87a846979b971

    • SSDEEP

      1536:nvheR/feSm4j2euX7BdHvW5U9fd4qi1dTwGhUxWf6l4Y:YR/fJaeuX7b+5U9F4T5hUwCv

    Score
    10/10
    discoveryevasion

    • Modifies firewall policy service

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral17behavioral18

    • Target

      Lang2052.DAT

    • Size

      392KB

    • MD5

      6f7c5b0aa8efb062cc3bd02a322111c3

    • SHA1

      204fc1afe73a9571ea833787b2259cc84bb59781

    • SHA256

      ebc13d0a0e033ba82d6dbfacc1152fb3d9b7d3ee4836f1da5833a0c13ce04c5c

    • SHA512

      1acf42eb0dd3daaeb0cffb589c15844790109bbfcc29cd353a1cfed11f846c4b817342b62913589707c9e1888d22f613b4a341ff403f46393ff39717c2a09106

    • SSDEEP

      6144:WpSRTGEOMVBT5IpP1JKTHyjaymgiOtwNSF6Diukeg0kJ8XvaG1ynqmcI6:W6OvgMmPjc6DivTJ8/aG1EqmA

    Score
    8/10
    adwarediscoverypersistencestealer

    • Drops file in Drivers directory

    • Sets service image path in registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral19behavioral20

    • Target

      WinMD5.EXE

    • Size

      203KB

    • MD5

      d25960ed566d993606a370f2d8a47c07

    • SHA1

      21f01bb168845d4e57072377a949f6cfa2e0f7f6

    • SHA256

      40e618a6c115abe42645ba4c903931e0820ae7d4dfff1261fceeb960a9f1337d

    • SHA512

      1f1bc66954d4357256c31f1cb9761469cb729314f713429d56718c19b7a0fe81da5b85296cd9e2720dc7d30066ba7872ced9b7eb0385692ae496823307ea4256

    • SSDEEP

      3072:RIN8X0smQyHqMZTpGwvR9u7j2AD+q0sy5emidf4e:CN8E1HqYTtvLNSVn

    Score
    3/10
    discovery
    behavioral21behavioral22

    • Target

      uninst.exe

    • Size

      276KB

    • MD5

      19ee50cd585a3bcb094a38c2cdcd31eb

    • SHA1

      e203d7a64289c98c972cd6e8eb8ffff75c6580e4

    • SHA256

      a42f9f9205adfc68d36ea63a9350178d30cd872f94f86c01a95e756aed40a44b

    • SHA512

      dad056cad28797bee0b12636fda760c63d4ac672fd24daf5a8938b095d2d8865ed8bf1fdd610b355cee586e3b1bf9e6187ce89a4be419673c251ef31ba7b00ca

    • SSDEEP

      6144:ChYmMyhrCfxVu5vAa11nhntEinadPgWmw1R2N1xHI9uyJ:CemMJxa/1BhtEinG/f2THI

    Score
    3/10
    discovery
    behavioral23behavioral24

    • Target

      $PLUGINSDIR/KILLPROCDLL.DLL

    • Size

      32KB

    • MD5

      83142eac84475f4ca889c73f10d9c179

    • SHA1

      dbe43c0de8ef881466bd74861b2e5b17598b5ce8

    • SHA256

      ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729

    • SHA512

      1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1

    • SSDEEP

      384:3rYz6grZodORNWATt4TBmlk5ooyzFh7BukAUdJoUtSOSR:3QggDWATWNCFh7BNddJoxO+

    Score
    3/10
    discovery
    behavioral25behavioral26

    • Target

      $PROGRAM_FILES/Baidu/bar/BaiduBar.DLL

    • Size

      468KB

    • MD5

      ce09bbf273e67347f2264d66005cba07

    • SHA1

      7751ab1dcf3bb52083ecc4d00621d743131726f5

    • SHA256

      97176d434158d5c96afbfabdeaf2601702c25fa76787a767e24d71860e74985d

    • SHA512

      09f147b08a57ed15eff997031babb462b914b522020fa2570b1f5d46d012d8d87e7f6fb9efa6b12f1bb72af5ac85d577e426787179249dfaaf6a5d48b3acf6b1

    • SSDEEP

      6144:d7Xgbji5kc0pY4apz2aWwXoOF9l743a9EHVA2dIjCqUV8Ual9:dzgbWuc0Ikw/PR3mA2dIjF

    Score
    7/10
    discovery

    • Loads dropped DLL

    behavioral27behavioral28

    • Target

      $PROGRAM_FILES_COMMON/NSISLog/File,Diz.ThX

    • Size

      65KB

    • MD5

      cc28a1b886f4b737c382917973cdae4f

    • SHA1

      f40482987bcf5aae9b5ca1bf42096c46422aca76

    • SHA256

      bcbd1d3b34a41c75145f681d0b9bd359523b87e3088ee7a18a4812ce5fb1797d

    • SHA512

      f032ccb4a49cdafb207ed85c16c6e15f42ecb6d240b7318df1fc253612229a67ae08d2e869041c1c204a7215d473e9c30fa4b418fee1ac617bf87a846979b971

    • SSDEEP

      1536:nvheR/feSm4j2euX7BdHvW5U9fd4qi1dTwGhUxWf6l4Y:YR/fJaeuX7b+5U9F4T5hUwCv

    Score
    10/10
    discoveryevasion

    • Modifies firewall policy service

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral29behavioral30

    • Target

      ⷴ.URL

    • Size

      337B

    • MD5

      f7b5d279fdaca0d76a3cd13b4cdda081

    • SHA1

      1be2ce4f4a02800c6320043c59404d24b997f51a

    • SHA256

      0bbf6ec991832b6ca1b14f2a8f0c020aa3aa5fa671c05b1aba01e54967ba3970

    • SHA512

      a01518fb50f58648df1b9657fa171dc06391cac3766f46bde327b81e185f300b8790a567afd74d401a64730fa710dab2a80c42fd351eed7991ed145d9cf4beb4

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

discovery
Score
3/10

behavioral2

discovery
Score
3/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
7/10

behavioral14

discoverypersistence
Score
7/10

behavioral15

adwarediscoverypersistencestealer
Score
8/10

behavioral16

adwarediscoverypersistencestealer
Score
8/10

behavioral17

discoveryevasion
Score
10/10

behavioral18

discoveryevasion
Score
10/10

behavioral19

adwarediscoverypersistencestealer
Score
8/10

behavioral20

adwarediscoverypersistencestealer
Score
8/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

discovery
Score
7/10

behavioral28

discovery
Score
7/10

behavioral29

discoveryevasion
Score
10/10

behavioral30

discoveryevasion
Score
10/10

behavioral31

Score
1/10

behavioral32

Score
1/10