196d78953b7beeabc50a1c0294312246d52b465fa6d3dacb82fe6be223bce9f4

Sharing

Copy URL

Twitter E-mail

General

Target

ea767005d0a9ab6fe2df21c2d0acc8f2_JaffaCakes118
Size

975KB
Sample

240919-dhcbdsxekg
MD5

ea767005d0a9ab6fe2df21c2d0acc8f2
SHA1

ddbe57dec13343bfed1f36b2ac27f6423247c3c2
SHA256

196d78953b7beeabc50a1c0294312246d52b465fa6d3dacb82fe6be223bce9f4
SHA512

97d8950bc0cc06529d57a693ff60de19e7a5ee4c60a0430a9171aec53fdf448ac210ff5f3f49a15b059d76ba16e3f14a469dde38ae1691450ebb121890879720
SSDEEP

24576:zw2RXQaFWw2HR9ySnx2yE3G04IY1xTuMbcR6Tcvbqq54L:zwoaNnx2v3G04IY1xTuiTob/4L

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  ea767005d0a9ab6fe2df21c2d0acc8f2_JaffaCakes118
- Size
  
  975KB
- MD5
  
  ea767005d0a9ab6fe2df21c2d0acc8f2
- SHA1
  
  ddbe57dec13343bfed1f36b2ac27f6423247c3c2
- SHA256
  
  196d78953b7beeabc50a1c0294312246d52b465fa6d3dacb82fe6be223bce9f4
- SHA512
  
  97d8950bc0cc06529d57a693ff60de19e7a5ee4c60a0430a9171aec53fdf448ac210ff5f3f49a15b059d76ba16e3f14a469dde38ae1691450ebb121890879720
- SSDEEP
  
  24576:zw2RXQaFWw2HR9ySnx2yE3G04IY1xTuMbcR6Tcvbqq54L:zwoaNnx2v3G04IY1xTuiTob/4L
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  0dc0cc7a6d9db685bf05a7e5f3ea4781
- SHA1
  
  5d8b6268eeec9d8d904bc9d988a4b588b392213f
- SHA256
  
  8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c
- SHA512
  
  814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0
- SSDEEP
  
  192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  4e96f412a8cc653053d5d918df6b0836
- SHA1
  
  a3c7d59043feecb1603874b27c23d4166b341f2d
- SHA256
  
  e4a54bfc327986a89165bdef361069810aaa985c3abecd442c786725fabaf977
- SHA512
  
  2fec61b4ad31250bdbdbbfd551d831801790b96902c67200661e8f4f2753378bbf6c0c88b12e1be9173a29597827c1c4809511b6d52666dc3324bd7031c8229d
- SSDEEP
  
  96:IiqA7bDe2xHkR1C41EhvSE+6nNtMn0iGd8CqRLqtJ1trRhElfL:IiqA7/ZH0uQMtcfCqo/tdgf
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Uninstall.exe
- Size
  
  53KB
- MD5
  
  4791c9c35258d61f72816160f84e2b4f
- SHA1
  
  b5e89e063a9e241ab711dacc7577a67b4786f227
- SHA256
  
  60e4073a1db111b9dbbb09bad8956e1e97938540c412b4f78579412c47db7507
- SHA512
  
  9ef2de0f904be73252c7ff0d9877953a880bbcd6f002e45f04788d4209544b6ec73b1401cfbe63c91ab73fc581c6a7cfc0a0a744481048bd5f15342b04fc9390
- SSDEEP
  
  1536:spgpHzb9dZVX9fHMvG0D3XJdgdLeAyN/5di:6gXdZt9P6D3XJdceAWi
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral7 behavioral8
- Target
  
  pdvserv.exe
- Size
  
  1.9MB
- MD5
  
  78e65d6a04a8d8d91c1ae78b605e6e16
- SHA1
  
  8322ce32e6b4f2f35084cc046427c5c234f18ac8
- SHA256
  
  e93a3e46d6e8d7d037d9f77a75ee55d2f63665960044a1044813b6d5229d940e
- SHA512
  
  bdacf51b4b551fff19c34d73dd3fb77374a0adb9ce940b910e8a47bd517911659f50f9dee119a981dadc0427e8127d06e2022283c1b541e15438d70e32a02669
- SSDEEP
  
  24576:FREuSim93ySUIpLfaVSA72yK1/YppeCBRUwsAOIiT3lij76:FSzyb7F29pLl0m
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10