2ceb025a3125915e904bc8861933f6d33960a5ad6c4c880c4ac89788253e6132

Sharing

Copy URL

Twitter E-mail

General

Target

d92b403f9dc49cd4ca685df02f4ddda9_JaffaCakes118
Size

3.3MB
Sample

240910-2nzkwaygnk
MD5

d92b403f9dc49cd4ca685df02f4ddda9
SHA1

9e472131a0a6c3b774f0305a82706f8e0d5b12c6
SHA256

2ceb025a3125915e904bc8861933f6d33960a5ad6c4c880c4ac89788253e6132
SHA512

2f9ceed257a18a63e3809c06c01d5914564f61d5f74a1173a3a4ed0e7d4a1cd464f98d2cc9a5a5c66355a8cf1c8a1543c5e155914ed275305c7d40f0318620e1
SSDEEP

49152:ZLuypX9F1pV3BSjijlUFyxgcuvPP4SfNyJ4zoymlks+rp0tHp3KQFJ46TeUn6Yhm:VlpXz1NZcJvP3FyJUorlJ+1CwGHC

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  155绿色软件站.url
- Size
  
  219B
- MD5
  
  3a1f2a8a3ef08ae269517a69ea918b2c
- SHA1
  
  7d2e6719702bc8472e045e010efa6ed3f7df4b5b
- SHA256
  
  66eafefa8bb0155e60828476bde6068573fe64a4fd0aa052eba074dbe85d46cd
- SHA512
  
  22203a78192cadc02d0f887247675925273a69e3be82ec1a331197f892216a282cc8f37c3ffbfb578a708244181037277b8cc6a40d8ec70cdf0feac5d80f8576
Score

1^/10
behavioral1 behavioral2
- Target
  
  GoKuaiSetup_5.2.0.54.exe
- Size
  
  3.3MB
- MD5
  
  2dd8d9afef48b41bd959a5ffb75cf99f
- SHA1
  
  cb2bafc913d9403a0c807001f6376c623596e502
- SHA256
  
  2f22660b3e3147fdfcc5e2793864546eb3f9701db24f460fb410dc20aebc0add
- SHA512
  
  e5303c43ab8b3ad18d1feee32ef2489679ab668bfe7d6a57b42d3934fa7d03eb9eedfb867b11d192b9e4a4276a01d72b58657ce42d8fdb9c837f56764b6a95dc
- SSDEEP
  
  98304:dVoQnA7zR3LZSoajRq/5i3K02UJpAw9l0qGm:dGQnA7V1SoajRai6IAwUqj
Score

7^/10

discovery
- Loads dropped DLL
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  325b008aec81e5aaa57096f05d4212b5
- SHA1
  
  27a2d89747a20305b6518438eff5b9f57f7df5c3
- SHA256
  
  c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
- SHA512
  
  18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
- SSDEEP
  
  192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/KillProcDLL.dll
- Size
  
  4KB
- MD5
  
  99f345cf51b6c3c317d20a81acb11012
- SHA1
  
  b3d0355f527c536ea14a8ff51741c8739d66f727
- SHA256
  
  c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93
- SHA512
  
  937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  GoKuai.exe
- Size
  
  1.2MB
- MD5
  
  240c9efcd0f922441867ca8d74393404
- SHA1
  
  83a3bf0aaad0c5f5708839e08d3f85db09106da0
- SHA256
  
  50645a3f7d709269fc22f1e1f27203ebb1b75551a251442b2189b71cc4f039c2
- SHA512
  
  30c7609dc64778fc257a8455d68ad1619f1149a7b088af11ed7b256eb15c484b474154f8033e910fd828c0cd7b0ca37ae1522768e7db3ee9153cb02a8970919b
- SSDEEP
  
  24576:U5pd8sAT/whnGsv9ZR/d879exaIJKmLKjULpZ2XHxWow2bSzGpVf2hQpUOuLT0oW:upd8sADwhnGsv9ZR/d87oxnKSKjKU3kY
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
behavioral10 behavioral9
- Target
  
  GoKuaiMenuEx.dll
- Size
  
  44KB
- MD5
  
  cc308d68f7cf41f58274c02821029904
- SHA1
  
  60567311dfb94f9275530387a7f9c7549e139153
- SHA256
  
  25f1b9359bb6473fd1ae9a7dc6b4e7d85a4d5d643f476ac5cbd794bd047a9ad7
- SHA512
  
  e16d572f300d2f5be2b8f5d4c7f9a247ecd84451f3cdd8f79c3d83b338bff2dcd0ddd0288e99f0c63b962d8bf598f5d352ca8fa566a18f621a62489ad4abc1e5
- SSDEEP
  
  768:t85/kMknl4q1Lgr04RFMooObKd6cVMHcZ4tMhLl84R:W58MM4q1Lgr04RGObrcV2zWp84R
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  GoKuaiUpdate.exe
- Size
  
  210KB
- MD5
  
  00a4d133baffad687370bc9c38471942
- SHA1
  
  d8ff6f255dc47e542a76a4f35dbf08f5040a1985
- SHA256
  
  d2b0c3689eecb64b724265b7e7f921e3cd5b7d7539b517921f79d1cc14421535
- SHA512
  
  194f1431b47544753e433821da094f5a70b286b14d5dc476fc31f37cbfc7f83b4a0861dc7f2546c23ac19d8cd77420df55b7ebad9abcf467f08c62e08c5bba5a
- SSDEEP
  
  6144:i0WmOqdtWxh2duVoaPZCPZztWx1/KuaVok:i0z9diGzss
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  Repair.exe
- Size
  
  45KB
- MD5
  
  fb4d557b807fa75e0e4dc884654050be
- SHA1
  
  8322efdbf97194fa7608d09c793f87f792a49ad1
- SHA256
  
  c2d72aabe6421bd189ae22c1521d06e3c244e0e20062570d1fd7ff566b3264a3
- SHA512
  
  c0faa87d40cb9d34934b80e124d149487e6346de855f17a7923e60ecf16a82518cd0140d242fe7e10eeef5795880588258f16221f1628aa6b82cafa0689c37b4
- SSDEEP
  
  768:FlagqZbnDwyX/elk2yOBTB1dXsWi+AXNtKHxZfAHSdLl8+:FlWbDwy9OHvs75NtKffMip8+
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral15 behavioral16
- Target
  
  RunLaunch.exe
- Size
  
  47KB
- MD5
  
  223c583960c8255a3176ef04e90630cd
- SHA1
  
  c34823cfeb3f92ca3ee2cb50c209894f19b5eb71
- SHA256
  
  28c4a28fa115ff21132d80d900c89bdc03c24de32fa93e682a3b729e489b1fdd
- SHA512
  
  79080798f5d6aff15351f67c5b66dfef8d3ce3b3ae0f1de3ca61105b551433827e304c25624ec0293b6160ec797a54630b6c9cfd6e20052b61fde878428a1de9
- SSDEEP
  
  384:Uxskd/8wjRzXtFCDHSOKljPV7obiX1xq3UZU9hlwVuqYJLlFEMeMkt5:Ux5F5XtEyO8jdWiLZU9hldLl8r
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  atl100.dll
- Size
  
  134KB
- MD5
  
  36d7d05505951f542922df4c725cc57d
- SHA1
  
  074902ff54d30ef6ee2fd6ebe475526cac84670c
- SHA256
  
  74b7c86b75cfaf5121554bd8cc4dd8e496458311070fa43b9b4fb13b4d8c8eab
- SHA512
  
  4c7f9445703fc79f595739cfc0d4e24dade4c9959f6cb24840b020e98943f4dbed9c2937187165452215ab0a683d1159c4d629e22bffa625bf08286fce657889
- SSDEEP
  
  3072:XGAbjYAiKWDEvB+55/Ho4y6P5sxQ2euRA9ot:z+KWovoP/Ho4BP5wdUS
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  bugreport.exe
- Size
  
  37KB
- MD5
  
  65e5d0df82a4f497f44e0a5031445b20
- SHA1
  
  7f466b1328907e45f4c264b43a4122a755661674
- SHA256
  
  845eefb43d6162d5aa763dadcf0e7e5a9793f5a9b88d0b0b5d0581dbc3d7d865
- SHA512
  
  be8dee4d8da4fb6a04a649728304e3115c9cb276aee8c8c70785b101d9943047ef9eb6cd7de8cef4483d6f4dc25b2e09ca66c0423085de27a7a44555abcea857
- SSDEEP
  
  768:CcAwjWNGzylbOsaS35oO6Jjdi3IH5kippDrTPCZxjLl8x:TAwjuGY8ROaH5kcvcxjp8x
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  mfc100.dll
- Size
  
  4.1MB
- MD5
  
  07bccdcc337d393d7db0b2f8fe200b3f
- SHA1
  
  5a02b227cb0a22a8e7884cd138c3e8568d083d94
- SHA256
  
  bf38dda13b938b49a4df72b6477342373ee6e151be12c25cb0c17662fcb4bcd4
- SHA512
  
  e5637727a549cf7b88f13474097a71200f0dfa511ecd55c5a42e5f53e9f86ce8b7ce763448830fd073e232876f7537bad96f2ced8d3159558778460264d07639
- SSDEEP
  
  98304:BZP0PvxMJfTcXPSo0akd+BPSLC4IEy+XNy136jCfsqLhDIJJGN8mFLOAkGkzdnEe:BZP2iIE80qLrHFLOyomFHKnPAG
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  msvcp100.dll
- Size
  
  411KB
- MD5
  
  03e9314004f504a14a61c3d364b62f66
- SHA1
  
  0aa3caac24fdf9d9d4c618e2bbf0a063036cd55d
- SHA256
  
  a3ba6421991241bea9c8334b62c3088f8f131ab906c3cc52113945d05016a35f
- SHA512
  
  2fcff4439d2759d93c57d49b24f28ae89b7698e284e76ac65fe2b50bdefc23a8cc3c83891d671de4e4c0f036cef810856de79ac2b028aa89a895bf35abff8c8d
- SSDEEP
  
  12288:iHEqYsrMWIqz473PTiPoH/aGhUgiW6QR7t5qv3Ooc8UHkC2eKq87:iH9YsIWIW4rPTiPofaDv3Ooc8UHkC2e8
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  msvcr100.dll
- Size
  
  752KB
- MD5
  
  67ec459e42d3081dd8fd34356f7cafc1
- SHA1
  
  1738050616169d5b17b5adac3ff0370b8c642734
- SHA256
  
  1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067
- SHA512
  
  9ed1c106df217e0b4e4fbd1f4275486ceba1d8a225d6c7e47b854b0b5e6158135b81be926f51db0ad5c624f9bd1d09282332cf064680dc9f7d287073b9686d33
- SSDEEP
  
  12288:fQmCy3NeRjkpQmj3oaMtQqjoygfXq3kon9IlbgaOxQdVJJ6j5EBKX8hR5:ImCy3VQs9MtLjTgfa3kon9FaOdEz5
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  msvcr71.dll
- Size
  
  340KB
- MD5
  
  86f1895ae8c5e8b17d99ece768a70732
- SHA1
  
  d5502a1d00787d68f548ddeebbde1eca5e2b38ca
- SHA256
  
  8094af5ee310714caebccaeee7769ffb08048503ba478b879edfef5f1a24fefe
- SHA512
  
  3b7ce2b67056b6e005472b73447d2226677a8cadae70428873f7efa5ed11a3b3dbf6b1a42c5b05b1f2b1d8e06ff50dfc6532f043af8452ed87687eefbf1791da
- SSDEEP
  
  6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E
Score

3^/10

discovery
behavioral29 behavioral30

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Adds Run key to start application

Checks computer location settings

Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30