Overview

overview

7

Static

static

7

d99a68d2ab...18.exe

windows7-x64

7

d99a68d2ab...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...oc.dll

windows7-x64

7

$PLUGINSDI...oc.dll

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...up.exe

windows7-x64

7

$PLUGINSDI...up.exe

windows10-2004-x64

7

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

AgentVkontakte.exe

windows7-x64

3

AgentVkontakte.exe

windows10-2004-x64

3

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d99a68d2ab7de221c401526e50430db4_JaffaCakes118

  • Size

    2.7MB

  • Sample

    240911-ezhp6ssdnq

  • MD5

    d99a68d2ab7de221c401526e50430db4

  • SHA1

    77e81aa5cdfe728b72a485a1e58b5ebba867570e

  • SHA256

    13d804af52af8d815dbfc16a423ffd7191bd5c6f1072e2fdc2f95727b6e3a5db

  • SHA512

    5ca9dacbecbf33d067ec1e1d9a552f986a2837066df6af1a838880a374187ee635351dfbe415f07efa5f0bed58cb2a481e67651a85a6fe5430ad1f762b39b4bf

  • SSDEEP

    49152:V0l8CGaFaLMa6XFJOYT7yZS+1Oz5zt6w+kWZ4Lr+fBcJbO:VHCqR61JOW7H+1MEZZ4LSN

Score
7/10
discoveryupx

Malware Config

Targets

    • Target

      d99a68d2ab7de221c401526e50430db4_JaffaCakes118

    • Size

      2.7MB

    • MD5

      d99a68d2ab7de221c401526e50430db4

    • SHA1

      77e81aa5cdfe728b72a485a1e58b5ebba867570e

    • SHA256

      13d804af52af8d815dbfc16a423ffd7191bd5c6f1072e2fdc2f95727b6e3a5db

    • SHA512

      5ca9dacbecbf33d067ec1e1d9a552f986a2837066df6af1a838880a374187ee635351dfbe415f07efa5f0bed58cb2a481e67651a85a6fe5430ad1f762b39b4bf

    • SSDEEP

      49152:V0l8CGaFaLMa6XFJOYT7yZS+1Oz5zt6w+kWZ4Lr+fBcJbO:VHCqR61JOW7H+1MEZZ4LSN

    Score
    7/10
    discoveryupx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops desktop.ini file(s)

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      fa5beae80dba254fb6c21b58265f5310

    • SHA1

      f2f776611dbbb157b151aa744a7e0be1d4b8c079

    • SHA256

      34b8a2130729064ca2f9b3b8e6f90d883d84662156b648a4eeccefefc3473269

    • SHA512

      7c74b9e9f1ff0665ffd6fcf76fca462d9f4fbd7c4a215bc67b419497ef4c3cb9cede6c5b0803cabb316bc5391c4c6f0d578d36e1094b8ed326b140f8e272b538

    • SSDEEP

      192:06JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTZK72dwF7dBdcQOz:06JaVh4I5rpPbTZ+BdhO

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/KillProc.dll

    • Size

      24KB

    • MD5

      f2223ee8d3b5a26d9386dd90fd6326cd

    • SHA1

      edf24705bba2a459637722af3b7a8b7bac23d2ed

    • SHA256

      488aa34c7d2da0ab4a6b50463d5bb7fb402493602d3164bd1d56a2e93d97237e

    • SHA512

      59bdc5368c9dbcee3f7807a653618becac2c36ac4b4c5b3e8906f32e55ddb0620af30e1c771bd9e3145b7caf996c1cc439066e1ce17cbe6f3ed9248c2e6e4428

    • SSDEEP

      768:p13K3oHsFZLEQOkfb5CtRvBFj3d6dLMk:p43oGgQzotRZFRsH

    Score
    7/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      1a7a1f7fd0acd2ebe7722d56357a56da

    • SHA1

      d6e952df2d3c33b923685087509eda5be1c53bdf

    • SHA256

      3b2f46ecabea3457a0e29847974ced9f26d617449812e485543d28d645cdd060

    • SHA512

      cf02e30108ea7e584b5b01a8347142927973f0b4b25a03020075cafb2badbee4eec3bb7c4c5785928f4d1e86248983904f33c0df363ee5c4c53a973c7beb39aa

    • SSDEEP

      192:KO6dJA/ruAFEiUdWWE6hsD4YUdJfbub1argMO:/KAFERdlxhTYUzqZar

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/YandexPackSetup.exe

    • Size

      1.2MB

    • MD5

      aa3e7fa461135448172a3c5825b71b97

    • SHA1

      74e4cbbd500b1c3c2f7cc632d0e506e00b58c2b1

    • SHA256

      a11b32f8fd452be074a4733e217ef8313749b0cff7b79f9d2f921985b13a6457

    • SHA512

      2e5b80d9f29d3291170ee3ff0d26d27cffc3a338968371c8e5acd8223eda30bacc10527fe24b526461622f04d87bf9eb59d8a0a830d0c77a381c197c2210a047

    • SSDEEP

      24576:x2Uyyx9Bur/YZRHMN9s0f8/ilRdVQSfUkrIdVZ4Zt8YIXo6iWSdRujCbiI083:x2p55sIoilRo4Ij0Vgo6iWSdOCeTG

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral10behavioral9

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      3e4842c9ad9c067222e780445bad1d70

    • SHA1

      5a7b4614c8e59517ac8115e20e66b9660ab46aa3

    • SHA256

      668f1a0a6ff8832a9920d7fee1e4fb433a2ae6bf98edbdeea80bddc810f460b4

    • SHA512

      1c4a78df5264c96b5901843846daf459bf0aba2862317511d4652c9bb72fa03d4ee93d5fa71ee8ac0707ef111c0873d2b7b430d8dae3e752488680db635e78a8

    • SSDEEP

      96:A20b56S03smw/SK5bUhkRuiKkwhJkEIGEoOcxzKMyB0rmA3HdYnndXxV:r/Syw/SDViKkWJhEoOd0rmA39Gn1/

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      AgentVkontakte.exe

    • Size

      3.4MB

    • MD5

      889f8c2546acf4c730e024c6ae25231f

    • SHA1

      a1b4198374f8b66a79d01d70783db6c1b2e098a5

    • SHA256

      dc7d880f00e62210492c03c5da5b698760a53261358119f90060dccbbc716ff3

    • SHA512

      f5085385bc336d27c24315d78cc3fe9d9eaf825141857fd555f74c9309afd3ed8101d179055d5ee00d068c8fd5551cd4224f4e086f69eb4d46ff3b34699d43f3

    • SSDEEP

      49152:3+MgSYRVgXLgl6zxC4mdkN4XVZ2eEbZb1FeruF0BGdoJUzTHSYmhZtq:3dgSVLgl6zxM44FZ2HYm0odoezejhS

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      uninst.exe

    • Size

      50KB

    • MD5

      42f1c08629a14fac80cbdfed19c6b89d

    • SHA1

      50fc70606fa496948a67eebfe7cb36d8b4927b4b

    • SHA256

      244e1bcb83e8da3803c86e8117341b89035b3637dc56ff838e8a3073d968a8a1

    • SHA512

      a78b9c4772f4e5bb95b31ad989e1a978ee5346b04398202d712efebc3bcb933dcef456249b7a1e652d6a50657e317b5ebde83501e2efc0d398fd6f02802b666b

    • SSDEEP

      768:7Sup23EQCjlQRB8/ewZ1iU6nyYFxbssT/F/O71mJ5qpQDdnvKVdXYFfR3pn6xmAe:Wu4EQalMK/ewGnh0mJsyDdnvmBYBSe

    Score
    7/10
    discovery

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral15behavioral16

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      fa5beae80dba254fb6c21b58265f5310

    • SHA1

      f2f776611dbbb157b151aa744a7e0be1d4b8c079

    • SHA256

      34b8a2130729064ca2f9b3b8e6f90d883d84662156b648a4eeccefefc3473269

    • SHA512

      7c74b9e9f1ff0665ffd6fcf76fca462d9f4fbd7c4a215bc67b419497ef4c3cb9cede6c5b0803cabb316bc5391c4c6f0d578d36e1094b8ed326b140f8e272b538

    • SSDEEP

      192:06JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTZK72dwF7dBdcQOz:06JaVh4I5rpPbTZ+BdhO

    Score
    3/10
    discovery
    behavioral17behavioral18

MITRE ATT&CK Enterprise v15

Tasks