Overview

overview

6

Static

static

1

.url

windows7-x64

6

.url

windows10-2004-x64

3

api.js

windows7-x64

3

api.js

windows10-2004-x64

3

api/uc.js

windows7-x64

3

api/uc.js

windows10-2004-x64

3

api/uc_api_db.js

windows7-x64

3

api/uc_api_db.js

windows10-2004-x64

3

api/新云软件.url

windows7-x64

1

api/新云软件.url

windows10-2004-x64

1

images/sec...ex.htm

windows7-x64

3

images/sec...ex.htm

windows10-2004-x64

3

images/sec...ex.htm

windows7-x64

3

images/sec...ex.htm

windows10-2004-x64

3

images/sec...ex.htm

windows7-x64

3

images/sec...ex.htm

windows10-2004-x64

3

images/sec...ex.htm

windows7-x64

3

images/sec...ex.htm

windows10-2004-x64

3

images/sec...ex.htm

windows7-x64

3

images/sec...ex.htm

windows10-2004-x64

3

images/sec...ex.htm

windows7-x64

3

images/sec...ex.htm

windows10-2004-x64

3

images/sec...ex.htm

windows7-x64

3

images/sec...ex.htm

windows10-2004-x64

3

images/upl...min.js

windows7-x64

3

images/upl...min.js

windows10-2004-x64

3

imjiqiren.js

windows7-x64

3

imjiqiren.js

windows10-2004-x64

3

include/db....db.js

windows7-x64

3

include/db....db.js

windows10-2004-x64

3

include/db....db.js

windows7-x64

3

include/db....db.js

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e3b806e0fdb18deb342acd3cac39bb80_JaffaCakes118

  • Size

    4.3MB

  • Sample

    240916-be61gs1hjj

  • MD5

    e3b806e0fdb18deb342acd3cac39bb80

  • SHA1

    ad5c8b4e968ab3305cabf741c78b8fc6bc77a6f5

  • SHA256

    bc809c371733a1fc086345bfab61c436e76703df826971a0840f07057215e108

  • SHA512

    a6234d538169cf91901e950b1ea6a99a0df74df61221c0f5ea1d94b0bc584b29077b447b827ccc6a996fcacfbe88f947ce698d73bb0a91d3bdbabb3da5df3810

  • SSDEEP

    98304:wMmg6jVcXDJKU2B4vV9OhDHi+JPKhkA5r9q0BuAQs16LPCjTI:wMmg6o1KU2B4vVkxHjJTA55TQ66LPuTI

Score
6/10
discoveryevasionexecutiontrojan

Malware Config

Targets

    • Target

      .url

    • Size

      196B

    • MD5

      13e7411a23a7fc127bdd4b7ff9da88a2

    • SHA1

      3fef75d8a1525c9321390da0ecf5368b6ae12ffd

    • SHA256

      2987f1659569d8128a01022780b6d55778e93e90d41e64cfee7949f1b630a559

    • SHA512

      5a5485306c083d91a249a3e3b6d2b2f5745180fc40ca5d86a9e6dfb9f997ecc59ed1c59c0e15efb0cd3cc331a8f0c9074f370af6d8269891d00982bbeda3abce

    Score
    6/10
    discoveryevasiontrojan
    behavioral1behavioral2

    • Target

      api.php

    • Size

      4KB

    • MD5

      a237e6c8aef8d969bddcce616ebb14bc

    • SHA1

      24bec707f1fe01b7c7aa8defac6e6c835d6ce206

    • SHA256

      2a3b534fdc68a9e0818d99bb83a2b6ccf462fb1f37381d8b203b90e8074d0d58

    • SHA512

      f7886842b472798ecbde5acb8c5bc9a02d92595f1b0ea1c2c80116db3f3dfb09368edf9c51cbf47a8f29ec8c7c18504a6f8e4867ee12688ed973f1732d3de2c7

    • SSDEEP

      96:h24Dqzi09R2hlYozE6OO5q4u6Uj12yCpwAoL8oMM:h24WX2Do6OSg1vCUL8dM

    Score
    3/10
    execution
    behavioral3behavioral4

    • Target

      api/uc.php

    • Size

      7KB

    • MD5

      f7e966bd752027d380864b8b7c27cd87

    • SHA1

      24ab622b434ad5b80f545304c0e5ac13023dcc7b

    • SHA256

      04e0ef7c98ab0080a2267861f2e89f8cf7c40a2446d5926a9e49d3f768554625

    • SHA512

      83f1af6502659581cc3c611d34c501d526d1d1d9232bd6a4d165bdcaa3ca7e1712485b12a36cde952042dcbe22928f40f3534f27c33334f973d2eaffccf5c99e

    • SSDEEP

      192:2A60Du6uh1LF94Rboi2bB17bCHaGPQ168:2A60Kd94xoieB1vC6GPQ168

    Score
    3/10
    execution
    behavioral5behavioral6

    • Target

      api/uc_api_db.php

    • Size

      3KB

    • MD5

      cd8dd686e1f9410c40d41812dae8bb47

    • SHA1

      284c5b73d1bfdbfb556a65a913196faac7b2533e

    • SHA256

      0e2e3c5d6d43205e9fc5e8474da748716de35280b8f0e55fba36dfbc50f9fb27

    • SHA512

      88b11e62116d628a35f3acff9f3b7756125b5757c1ac12ef3e90c4f0691770fb168e7ddc66d8077d09ced1de1d34bbb991a31f39a95bb8f88ed4fde4b0c5be4e

    Score
    3/10
    execution
    behavioral7behavioral8

    • Target

      api/新云软件.url

    • Size

      133B

    • MD5

      4f0017b3b346bd0626f0c3b915e6e734

    • SHA1

      823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92

    • SHA256

      df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678

    • SHA512

      0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6

    Score
    1/10
    behavioral10behavioral9

    • Target

      images/seccode/background/index.htm

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      images/seccode/font/ch/index.htm

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      images/seccode/font/en/index.htm

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      images/seccode/font/index.htm

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    3/10
    discovery
    behavioral17behavioral18

    • Target

      images/seccode/gif/OCR_A_Extended/index.htm

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      images/seccode/gif/Small_Fonts/index.htm

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    3/10
    discovery
    behavioral21behavioral22

    • Target

      images/seccode/index.htm

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    3/10
    discovery
    behavioral23behavioral24

    • Target

      images/uploadify/jquery.uploadify.v2.1.4.min.js

    • Size

      17KB

    • MD5

      67a0e26e777ddebd326ee917c81f95c8

    • SHA1

      569de0346eb34918ab7a5e4ab11317d434e34fa7

    • SHA256

      1b948d34b3fbc1682f1188390cbf40b5dcc6b006bfd9589c031d808bdbcacc42

    • SHA512

      2edc1e958f3a086ba50551b7e5a8a61467467b2251cdce1970764961697f0042529291047c6e0adc0ce48eb9847728358c8920e67e7e031649392cca342ff6c8

    • SSDEEP

      384:dTsWGAZvwGxP1hNWwI9V0YO1NkRHe4yGyfq7LMoOyYyw6xsHlQywdYC/Mo0GaOou:+WGAKGxP1h4wI30/7kReHhf9Cw6xsH1U

    Score
    3/10
    execution
    behavioral25behavioral26

    • Target

      imjiqiren.php

    • Size

      4KB

    • MD5

      610778336abb8853102f3aaa2e61a09a

    • SHA1

      673fb12c9f11d117f4d59e7c83fc77a9369c6550

    • SHA256

      cf51f3d028e5d77582b4a4c84244e48cd4212094413366d886710c4220652a14

    • SHA512

      a4aeb5976e89f475347f027f718642784cfea4d7ce524456ff13a27ac807d6f02d223d5991be3d18dce78d97f614b1c99bb8aefd1162fd856144ef8a900caca0

    • SSDEEP

      96:h/4Dqzi09R2hlYozE6OO5K4u6Uj12yI2a7pYoMM:h/4WX2Do6OSA1vIGdM

    Score
    3/10
    execution
    behavioral27behavioral28

    • Target

      include/db/database.db.php

    • Size

      2KB

    • MD5

      a1080073ff7720effa66ee5cc36db6a8

    • SHA1

      38f8aa0f10856904ef22f5d08cadf9da897ab768

    • SHA256

      2b501c090958f4b4f819bfaedcac7b42e1afbbab46ebede3b087d2ddac2391b9

    • SHA512

      7a676fa52feb4d8f789791a347895ca68e0654524708aca8e485d959ef7c5127d78d57153f570218ff5927fdcc2f7ef57e2389a7aa99b8a3c335875bc8452ee0

    Score
    3/10
    execution
    behavioral29behavioral30

    • Target

      include/db/mysql.db.php

    • Size

      11KB

    • MD5

      03bca3be7177cf3c64be8a2ddb3f7a37

    • SHA1

      8fc3b8541c6c9ab4ede621064bcb39934a9a1ff7

    • SHA256

      bf1845b567b6f6009d5655860be26b615ab8cea3bfeac8244eb8134b82b1de24

    • SHA512

      c3aa24a89583d6855397ed348f8f9cfd29263e2de8ebfd7d66fd163be02f86b100770a8613cf064702a5ddc7e1b6cc5ecdb8b17461103306e1c36ce75834def0

    • SSDEEP

      192:oI+sxyTRue9d3tMlOeZ/F8aZU2n+KJy4wH+YglzaapX:oIJxGRNilPDrIFwlx

    Score
    3/10
    execution
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

7
T1059

JavaScript

7
T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

8
T1112

Credential Access

Discovery

System Information Discovery

10
T1082

Browser Information Discovery

8
T1217

System Location Discovery

8
T1614

System Language Discovery

8
T1614.001

Query Registry

8
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

Score
1/10

behavioral1

discoveryevasiontrojan
Score
6/10

behavioral2

discovery
Score
3/10

behavioral3

execution
Score
3/10

behavioral4

execution
Score
3/10

behavioral5

execution
Score
3/10

behavioral6

execution
Score
3/10

behavioral7

execution
Score
3/10

behavioral8

execution
Score
3/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

execution
Score
3/10

behavioral26

execution
Score
3/10

behavioral27

execution
Score
3/10

behavioral28

execution
Score
3/10

behavioral29

execution
Score
3/10

behavioral30

execution
Score
3/10

behavioral31

execution
Score
3/10

behavioral32

execution
Score
3/10