Overview

overview

7

Static

static

3

ea8f6dfab4...18.exe

windows7-x64

7

ea8f6dfab4...18.exe

windows10-2004-x64

7

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...lp.dll

windows7-x64

3

$PLUGINSDI...lp.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$TEMP/Detect64.exe

windows7-x64

1

$TEMP/Detect64.exe

windows10-2004-x64

3

ClearOptions.exe

windows7-x64

3

ClearOptions.exe

windows10-2004-x64

3

DarkWave.chm

windows7-x64

1

DarkWave.chm

windows10-2004-x64

1

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

x64/DarkWa...io.exe

windows7-x64

1

x64/DarkWa...io.exe

windows10-2004-x64

1

x64/PlugIn...es.dll

windows7-x64

1

x64/PlugIn...es.dll

windows10-2004-x64

1

x86/DarkWa...io.exe

windows7-x64

3

x86/DarkWa...io.exe

windows10-2004-x64

3

x86/OpenAsio.dll

windows7-x64

3

x86/OpenAsio.dll

windows10-2004-x64

3

x86/PlugIn...es.dll

windows7-x64

3

x86/PlugIn...es.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ea8f6dfab4cf68f39195d6f4bab22a5a_JaffaCakes118

  • Size

    2.4MB

  • Sample

    240919-erd21s1amr

  • MD5

    ea8f6dfab4cf68f39195d6f4bab22a5a

  • SHA1

    9c44148101f0371e6344aae44c6fa8aadd3e719b

  • SHA256

    066baa2c21f69128f80d5b6eac2dce4579259451bc5ec1ce072fce7636cb0952

  • SHA512

    bb571af70d8edad9d76510d42275b51b3551ca915b5276d5a7a9a2052680f153ba952d332daa251a6d286b6c0f7ec21834ec6bd8ddbb472c1f1091fee007b879

  • SSDEEP

    49152:GDF481x40utyJooh/My16Erw87oM/1j/hx44JJR5cdpCForAcz4clG:GbdutyT/My1Vrw8V/Vhx44TCCFobVo

Score
7/10
discovery

Malware Config

Targets

    • Target

      ea8f6dfab4cf68f39195d6f4bab22a5a_JaffaCakes118

    • Size

      2.4MB

    • MD5

      ea8f6dfab4cf68f39195d6f4bab22a5a

    • SHA1

      9c44148101f0371e6344aae44c6fa8aadd3e719b

    • SHA256

      066baa2c21f69128f80d5b6eac2dce4579259451bc5ec1ce072fce7636cb0952

    • SHA512

      bb571af70d8edad9d76510d42275b51b3551ca915b5276d5a7a9a2052680f153ba952d332daa251a6d286b6c0f7ec21834ec6bd8ddbb472c1f1091fee007b879

    • SSDEEP

      49152:GDF481x40utyJooh/My16Erw87oM/1j/hx44JJR5cdpCForAcz4clG:GbdutyT/My1Vrw8V/Vhx44TCCFobVo

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/AdvSplash.dll

    • Size

      6KB

    • MD5

      13cc92f90a299f5b2b2f795d0d2e47dc

    • SHA1

      aa69ead8520876d232c6ed96021a4825e79f542f

    • SHA256

      eb1ca2b3a6e564c32677d0cdc388e26b74ef686e071d7dbca44d0bfa10488feb

    • SHA512

      ff4e6e6e7104568fc85ef3a3f0494a5c7822a4ceaf65c584ad534f08f9a472a8d86f0a62f1f86343c61e2540b2254714b7ea43e4b312ff13d8271ff069386fa3

    • SSDEEP

      96:6hNSXIcmYjkvTS6MnBNZ1BMjDfhkkEkkXstWpPwoS:JXIpzTSd1BSk/kJtWpP

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      325b008aec81e5aaa57096f05d4212b5

    • SHA1

      27a2d89747a20305b6518438eff5b9f57f7df5c3

    • SHA256

      c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    • SHA512

      18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    • SSDEEP

      192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/OCSetupHlp.dll

    • Size

      754KB

    • MD5

      06961f9fafb5237ddda9b36da7dc59fc

    • SHA1

      a3410ce23efeba446cb50babd82bfbf568792bf0

    • SHA256

      ba4490e75368696e526396266bc12e00f1b93ded3c7294d4e60f9249e315f03d

    • SHA512

      f746807170f4c15d419f554751c9fa03df6ff9171cd549cc1b6f8d759f20a5a31ca2f33a9026f0e2e695bd3affb47ddd672bb7415a32bb943d56b742cbc1e2c4

    • SSDEEP

      12288:WIM3VP7HyrzEBf8V/eaC8W4ah2Ig4COeVgiTGRavoDnT5ieS:WvVLyrzEBf8deaC8o2Ig4CzhTGRav0o

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      c10e04dd4ad4277d5adc951bb331c777

    • SHA1

      b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

    • SHA256

      e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

    • SHA512

      853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

    • SSDEEP

      96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      $TEMP/Detect64.exe

    • Size

      109KB

    • MD5

      ad61719b8b04a6073fee4ff6ee827908

    • SHA1

      ba7e46b9cc6bc098f3544841b1690f28740c2810

    • SHA256

      9f65493fe1416e64614a6bd9f92e2e7f0269aa83feb1c595df8f7123e476edee

    • SHA512

      be6e7cd447538b031d0467e4b939222972692910a7e3580b9a0b498f2ec3d98845415732d733ea85e7acafa252662216a7bf7bb60a25e8d6efed36e14954361c

    • SSDEEP

      768:Ee1gNhj8Z1AketgNppppppddddd275o7nD6k8RYD62Dd3UaTTTTTTTTTTTTTTWck:Mhj8By6ppppppdddddi5o7nD61RYbdE

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      ClearOptions.exe

    • Size

      198KB

    • MD5

      c6682599933c0a47fed9214ce04ae217

    • SHA1

      ac932411db10c2a7a3e1dacaec049e4f46496d15

    • SHA256

      1b4c5a775289e945a64f77b899eca22f8e220f4325a5bc2b466b1654172a889e

    • SHA512

      8e93c9a6788aa5d666d1a87c3865de6c98f67de7c0e598668836fc6111a8b50d6632efe43bb957afc7048bed83561c6402281436fb07a1d801b5e34430a571bf

    • SSDEEP

      3072:uHFpNy6ppppppdddddi5o7nD61RYWkBhC:uHrNy6ppppppdddddi5oNq

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      DarkWave.chm

    • Size

      19KB

    • MD5

      28a9af166fd24775fc407b7fe1c2b68a

    • SHA1

      3b1825f615506593d2257927ae8d856300536ce3

    • SHA256

      71aae12b2adb1cb4cb6c45de4d5e0c7fa3062ae1ea570001ce608f45c8907f78

    • SHA512

      fee13f484009716e3379b0097d66d462616ba59f1dfcc45f73bcfa4f3c4c413d9e79eb98d6aa39a7533ebfa379a4615b976a84130b6bed764ad07a845338b496

    • SSDEEP

      192:6KiSc57hdme+cRRGHNk7j32I9Wd1GYuiVtgjMPHHAqDbcuO46eJvvnPblYg9tinG:6KithsTq3FQ1G1iDxbjP9JnnDb9oyl

    Score
    1/10
    behavioral17behavioral18

    • Target

      uninst.exe

    • Size

      133KB

    • MD5

      8f3d70d2f823bc912c4bd89fef50ec8b

    • SHA1

      5037d4c86e17c43d7a0091186fac1eb215aab410

    • SHA256

      f88400cfd615d394bd230f9825f3d844d7477825c934506ff7c436c188bcde4a

    • SHA512

      c3b8c326e88a76c24bcc71a02167e58689184e57a9d7fd605d715666d9cd0bd2dd8cd0dbd1622514acf47b831ed575dbcef015013c3b1f11563dcc86c3a0f5bd

    • SSDEEP

      3072:biezvrL9oMXJAy6ppppppdddddi5o7nD61RYBc:bNvTOy6ppppppdddddi5oXc

    Score
    7/10
    discovery

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral19behavioral20

    • Target

      x64/DarkWave-Studio.exe

    • Size

      895KB

    • MD5

      8fdd9cb27a6ead3eee892ef314e3af9c

    • SHA1

      c5bf824f55b0f1e36a4620746aab16b41c356529

    • SHA256

      db7031968325717eb5a9e959fc224b08fb9852efd8f89cc2caa5520e96de8182

    • SHA512

      480b9e4a248f5a6abb23deeeb677027ce5780def8e52627e4fb59f69cb8df14eeede9f5771bb42d6280b0e4eceda37ecbae763186753940225e6d7912d58e32f

    • SSDEEP

      12288:1Z+69QT0vrdM1ab0b9ySzUM3f8UMANTCGmWBKdxNgYuVSs:1Z+69K0vl0MeTkUMyTdNKPNgn4s

    Score
    1/10
    behavioral21behavioral22

    • Target

      x64/PlugIns/ES-CoreMachines.dll

    • Size

      906KB

    • MD5

      2dfd4a0d9a3923e669211c2b97d785f9

    • SHA1

      40245d1900aabaf61f883f93b7e65359ce63ae63

    • SHA256

      efdaaab734ee26c553b06eef675a7891fc08f7584347a430e6b67905a0284d1d

    • SHA512

      18c76f9e4a60266c4e174469bb0784fbe0c4212210023b2131384bb8df147c841ba879ff2dca90488c278d31e1e39390220ce4a27a26ced90ea2db7d2f68ef40

    • SSDEEP

      24576:aqdf4Yf9EyKvHvBJDS2QveTQKVT+uQR4mPMAp68AD/KPNgn:aqdf4uERnBJm2Q2TrTED9Y

    Score
    1/10
    behavioral23behavioral24

    • Target

      x86/DarkWave-Studio.exe

    • Size

      762KB

    • MD5

      5ccade7b81704d8fa3b43b6250a8845d

    • SHA1

      7bd78f1a85125ebc3647d8ec6e9ea540860545e7

    • SHA256

      c8ff5ab3c917035db9f9fcd763cf81d4a0072ba94cee30399eb53997bd43fb3d

    • SHA512

      f7f33c52f6ba62737c13d1ae94450b6b0e094781a2e55fafd320a7a36d2dacb233d424331e8654792c3e87f7a4745551f5fe176ddc14d1389582531e21a6ae83

    • SSDEEP

      12288:0GC9QRXFDbsO6lxyZCNGnt17wkunmSlqfDNDIMc/Q0hXUTHlt3KdxNgYuVSs:j3DYO6lxyZeGnt1ENnWNAxOTFNKPNgnR

    Score
    3/10
    discovery
    behavioral25behavioral26

    • Target

      x86/OpenAsio.dll

    • Size

      52KB

    • MD5

      6a67d93d68b3139dc5440a8ed3762d9c

    • SHA1

      ff9e34401520e6fab6a8a5478b157ef73f8e91a4

    • SHA256

      7fbc378945d8ae3f4b9cbad3bba1214186de319f4afb3f79e5b606edce6e6bc9

    • SHA512

      e66bfb5f8d9fcf433246d8135bda976aea92b7c525a0c0b8d760fa072d69c2646666f0a8113b88afe1734258f92a30cd377d159ce0687c9fd7bf8917bd53f90a

    • SSDEEP

      768:+77O9syqPTGTv+cf2biVCqoHklpxYiB9MNu95TYUQsNoWlb:yNGTvSeoEbfMEoW

    Score
    3/10
    discovery
    behavioral27behavioral28

    • Target

      x86/PlugIns/ES-CoreMachines.dll

    • Size

      793KB

    • MD5

      b4bb91053cabc969f858adcac1d67179

    • SHA1

      76b465464f63039d7066d152103692452844c466

    • SHA256

      63b8630e501aee3fc1a34e04f74eeb87453f23446d2de5631e1fc4ddd690d0b0

    • SHA512

      99fa0ea2bfae79a9001c7dd121f9e9a8a8a73a316b879a927c57ca6457854387541cdcfeaec64d8ed73fb4286c56e7b43020edf77314304c30ddb0d4561d51cc

    • SSDEEP

      24576:RXH/581E4pLcK4TQOuT+uQR4mPMAp68AD/KPNgn:Z5l6cTsTED9Y

    Score
    3/10
    discovery
    behavioral29behavioral30

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discovery
Score
7/10

behavioral2

discovery
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

Score
1/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

discovery
Score
7/10

behavioral20

discovery
Score
7/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10