General

  • Target

    e9999338d731bae38d1a91da59111fc1_JaffaCakes118

  • Size

    51.2MB

  • Sample

    240918-vsazratcln

  • MD5

    e9999338d731bae38d1a91da59111fc1

  • SHA1

    b71f0e873e072d507afb793e3b23c243598d6b1d

  • SHA256

    845aa574b8599bd297bf4978f4e2073b5a90e0abb43ee0a79fcf9d516f6bb9d8

  • SHA512

    3548653d14cbcbf80433251788a183bdeec438cec5dd427f67be12ebf00c222941abc63591fa64913ca7e620990820e48ab0678ae2f18582c93c9fa53b1102ba

  • SSDEEP

    786432:Q8fIhAxuXdxxVtifKlJnO5A7IP0Pl7zWeKBF9t3ZxJMQt/qClV:Q8AmxuXdnVt6Kq5A7IsdfCBF733IoV

Malware Config

Targets

    • Target

      e9999338d731bae38d1a91da59111fc1_JaffaCakes118

    • Size

      51.2MB

    • MD5

      e9999338d731bae38d1a91da59111fc1

    • SHA1

      b71f0e873e072d507afb793e3b23c243598d6b1d

    • SHA256

      845aa574b8599bd297bf4978f4e2073b5a90e0abb43ee0a79fcf9d516f6bb9d8

    • SHA512

      3548653d14cbcbf80433251788a183bdeec438cec5dd427f67be12ebf00c222941abc63591fa64913ca7e620990820e48ab0678ae2f18582c93c9fa53b1102ba

    • SSDEEP

      786432:Q8fIhAxuXdxxVtifKlJnO5A7IP0Pl7zWeKBF9t3ZxJMQt/qClV:Q8AmxuXdnVt6Kq5A7IsdfCBF733IoV

    Score
    7/10
    • Loads dropped DLL

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      b18dfaded8f6d2380fdfd8f6b6969211

    • SHA1

      969fa0e906240ab1123254feeb833c275626cf76

    • SHA256

      747d0222b652dbfc85e0de4f8486473662d325a55e32c7eacb91e53e37ceba58

    • SHA512

      25fb09b8657997d31e61c908f1cd08357c1a1b68bbb1ba377e87b6a3eb347a2ef96c1a771b6c4332853abb33728c55c83efa73df5da03f3dfc132f8a69a2886c

    • SSDEEP

      192:66JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTLK72dwF7dBdcQOz:66JaVh4I5rpPbTL+BdhO

    Score
    3/10
    • Target

      $PLUGINSDIR/KillProcDLL.dll

    • Size

      4KB

    • MD5

      99f345cf51b6c3c317d20a81acb11012

    • SHA1

      b3d0355f527c536ea14a8ff51741c8739d66f727

    • SHA256

      c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93

    • SHA512

      937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef

    Score
    3/10
    • Target

      $PLUGINSDIR/LangDLL.dll

    • Size

      5KB

    • MD5

      9b17a13f814b137f88b961c087858063

    • SHA1

      c290dd3139b79aa340aec3ed3d674160433035e1

    • SHA256

      e54792a179a06acbb9b69c117ee804dce070505d1853d6e7d512f2a055a801b2

    • SHA512

      3a625f5f13e344c24973c79c074d1ced4d9206f87f392dc7c8f0c116d0f2b878b60340e2377d0240c47f0e34e25e4e3af8b196bbca1c6a29a0f51d8408e8b0ec

    • SSDEEP

      48:SnNQ/z+vUML8eYXICmlmGYKHz0JSpXSxwo6mpwzcR3RqG8aEJcABofgMGKO:Bz+MM4eqmvz0JScx56mpwzAhWcGV

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      810f3a0aefe36a9f63e29e604bea91a9

    • SHA1

      2559d3d4adf51f8ecbe2d07e669e344eb7d0bd80

    • SHA256

      f160eb7a1b4eb8d2e99e7424ae058acd81ba5019e43cbfa0ce81e3102b356779

    • SHA512

      836b73c38ab60260e1bc81ebf8347e14d02453fc361b7d6f10f137287b8189f8bc43758ce2d9def8fd1c71112aab7ef1930af2d64ae69f6d4e58a6fe17b310bb

    • SSDEEP

      192:CO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1argMO:XKAFERdlxhGRYUzqZar

    Score
    3/10
    • Target

      $TEMP/2345pic_duote.exe

    • Size

      12.0MB

    • MD5

      13a7e00683c5ea8aae932f1f0ee9d47d

    • SHA1

      2c19b41d36c17b4d2ec027b8d52828c03e18fd27

    • SHA256

      c576ae37c023742be2fdd09eba5b6795733a31111dfa9c8c9afc3957fed43c7f

    • SHA512

      1afa58168c9dee19668d05428f7d0cf8b94bdda01fb27b9d401a81e38ac3001bbd6dc213943e3aad9ac4d1f08f55b48f28160026719df69d8179a754cbb3268b

    • SSDEEP

      393216:p51Ixv+RVQLrxSV+FLgtxXK3KvB7Fhsle:/1i+VKQVntvB7Fyle

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Target

      $PLUGINSDIR/FileInfo.dll

    • Size

      111KB

    • MD5

      e3b11d137aaffa7871a3033288259a89

    • SHA1

      44c222b5ea9ba41989cb1402a52571d175328878

    • SHA256

      b8c4451ebe81264600adadd1c1dc604cd974b99a0788c2249ee426398fafd9f7

    • SHA512

      087836b2ce6e4a51c29574cab1b16c8bcee2a1fca9b10111f8b78984b58509cee65bfbc31b21c572d5a879606e5c7d88875988700ddc293ffcb36f2297a6401c

    • SSDEEP

      1536:Xz60kHrpisDjyZABSnLre1k78gnrzMxC2ND7U+11cVsWjcd3QMpzlhRJwJBGjp:DsHr7jyZa1k7FvuZy+1F3QMpzXkJup

    Score
    3/10
    • Target

      $PLUGINSDIR/RCWidgetPlugin.dll

    • Size

      1.2MB

    • MD5

      d65d2f13a0a12f877ae41397e974f2bb

    • SHA1

      960ad723bd77be86d431cb8f8b16d86076325bf4

    • SHA256

      c4edad9de811b67afe078ab4af77c881e532dc532f470d9dbb2392c91eeb1208

    • SHA512

      b8388aab96ff0d2e915d1cb5cad4c36e3a353bdba8696c9dfe803b565ccf21585d4b9d2bf9d73767b0ad63bdb1804715d8e05634660e581f73c6f1218ca925ef

    • SSDEEP

      24576:g20l9qUvD1uQkIylzaG3uSAIUF+ZWnFrj0Wbd2kzjgHr:GmUvUQFoaG3GIgRnFc4u

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      18KB

    • MD5

      b22e97f113fa16668c8443e3115c6fc6

    • SHA1

      48ea020dec838c2207df7b8aa60ea4f666a32564

    • SHA256

      336d7bc4f7ace28197c1dc6daa81bfbca0b3df731ef9de268ee1568c9c24f339

    • SHA512

      8ea593a4adf1a4dc4d838aa49f55c36a743cef541f0b4ca02835b6d90b303761f95da1e8505fd31a4fee21a563a1d6c64c7cc2ed1c5f9a61d4cf6898419613a1

    • SSDEEP

      384:t4JoiO8V2upW7vQjS/WndpkEYPL/r8yCeMl:qJzO8V2uovQjhIEGjo

    Score
    3/10
    • Target

      $R0

    • Size

      6.1MB

    • MD5

      5faed9ef84b13de2f8d37f544402d28b

    • SHA1

      9bc9df07ad35357ef225d053e31a5d52f48905fe

    • SHA256

      fdb8a9460b1d107a220141149820480cd666879ff37cdb014c40e352165db578

    • SHA512

      a9a029dfbb2c9eae4de54c59528f24dafee7e6e1a6a189f242178397a21e32966a934972fb5fb6fcaab845b71b09e7728366c6aeaa6e1872feb82895e653696d

    • SSDEEP

      49152:j09t9iBL2FBw3PgeCX/GFk/r7cwoyNpcdURNhNuEcqwTgGRGB/A2O/R0lfQgGTKY:Ow3JEVsKlY/KY

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Target

      2345BatchRename.dll

    • Size

      184KB

    • MD5

      afbf0227aaccefd3a45ccaefad647115

    • SHA1

      d92bc4464ed3e5f26ce6215df2c5b5a9fd9c3748

    • SHA256

      3ef12c046fdc30952b89bffe59505e8100d055a81fd692c51c467a120946b954

    • SHA512

      85a0ce12c8a2bb08b93bd027e4d63361390904b56fb47a76cc80b71ac23b90a6fb2e63cc57609056190087fcee5cd9840af54f76bdd5237246aae27a8606487a

    • SSDEEP

      3072:888hlBTrGYiH0sUA8RNpZV3FMnqqRPcek4BNTG3giLz75k/kp:88oVrpiHA9YPPcezBNq3giL5p

    Score
    1/10
    • Target

      2345EditorApp.dll

    • Size

      2.0MB

    • MD5

      422cde69a975fc62fdd617caa953e395

    • SHA1

      629db24c354dd887a3f72efc907c31bedd95c405

    • SHA256

      89ea580bfb4f52fe36132290fde7c0294812d84b9346be3943d266156103d38a

    • SHA512

      93a1b2a7957b4f65ba21901d35fdebb1f992d7cd1bc698a3f2d82c263108c867c0da7335c98071dedb149593cfb3d32d20b921ae2d629911c2f8806863805e55

    • SSDEEP

      24576:/NQPRIIb4DohGZ9pijkHpQFjDmjL7oGfQeZW4IfO48ehxsaeYMI7zHM+j/:afK9pijkNURNhxsaeYMIHM+j/

    Score
    1/10
    • Target

      2345Extract.dll

    • Size

      523KB

    • MD5

      80570cca51617880f8a4f4b8730325f3

    • SHA1

      c2c4b4cf8bffcc65793ee305daa6844b98df5a38

    • SHA256

      09475cffe0101b4fa506a82a48632a95ed06d265bcee3fa71e1468520469633a

    • SHA512

      e9c2b6989d2450e953f578cefea21d747fac40c2fc65ce662a46a8dd18e1bb11b274203e2276407e7aac6a6552c3c5d86c4c9a9afa888b8dc5966a0b68b4c923

    • SSDEEP

      6144:awWVS0h0axho4LhKX3YDkK1x47lmcyyq61NEuqhCvmWc++q2Aql:jEiaxhBLhxd47lmcyyqMEuqh4Jl2Aql

    Score
    1/10
    • Target

      2345Image.dll

    • Size

      2.4MB

    • MD5

      fde41a975bb09e6d726481553f049a9e

    • SHA1

      bc0104926b159aeac3e99a46e48556c1103282ff

    • SHA256

      2ff65d7a1091cf5faceef1784b06efbe223813d6fadb40416b1196222de7b6e9

    • SHA512

      34005f7526c69f4a15c4170d3dc0ce4afddda4e25f8a7df11f7910826cf80e9cd3d65db7d7e860b9d3ad9a714ceac522718844e09cc254f5edcc962ebb9749b7

    • SSDEEP

      49152:XmzrWTSWH8gRrPPtkO6Y3GbOFEqXlTkjugw+eFQ:WrW2/gRrX6YI7f

    Score
    1/10
    • Target

      2345ImageApp.dll

    • Size

      4.1MB

    • MD5

      6b3fd73fdbeb07ede85d8d7fc631862f

    • SHA1

      1756893b74fd82de9158a72715e07497db9b5393

    • SHA256

      839636dac8ebb052501ac56115b16818c886bb1c54c27681c6eea093da5054d2

    • SHA512

      0fd174e21bb75502f312c0640ff0ca4a3c67c4395357f9f380d6b2250dcc1c200e72506c392e3cd91d2cd0d347c4ac7d8b93c5ca72e4da0e694a7d73f6297d7d

    • SSDEEP

      49152:dbDXRGQXkIXf+feQNAZPUxgLYNwt1fdTw0PCUEGeEkWVWXRLdE/NHCXg:dbdXkIXf+LNACxgLYKnaAeG

    Score
    1/10
    • Target

      2345ImageCapture.dll

    • Size

      329KB

    • MD5

      47042284dda7be9bf9e1cc1ad22f75c3

    • SHA1

      d208381e7aa59fa0ea2fb4a3cb8a3ba165a67a97

    • SHA256

      ea34fa1a7b33b1d2b8b87f6b6256991c8d8725d10457b8d12cf0ea5630b110da

    • SHA512

      6a0d1f441e9ba69277876df9049792406de570ef7eb4b6cc011c4570c6e1b7c6356971afdfd083fce535b9add74004de7cc8d2f898a932961e395f3242bef9e6

    • SSDEEP

      3072:GEnWDYILq/a4rGaR1vdu+IhXb9lrggggjDPHnrLxacLVjXAk:BWIa4ZR1ctPrggggfPHJnVjXZ

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

vmprotectupxcryptonepacker
Score
9/10

behavioral1

discovery
Score
7/10

behavioral2

discovery
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discoverypersistenceprivilege_escalation
Score
7/10

behavioral12

discoverypersistenceprivilege_escalation
Score
7/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

persistenceprivilege_escalation
Score
7/10

behavioral20

persistenceprivilege_escalation
Score
7/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10