8109b2fe6fe61eec679d059c1e553c20777dde2b6b8200ce3bdf57b2f2068bf5

Sharing

Copy URL

Twitter E-mail

General

Target

ecc952f6900284b23aeb2f2c02d08ba4_JaffaCakes118
Size

470KB
Sample

240920-ec7e1sxalg
MD5

ecc952f6900284b23aeb2f2c02d08ba4
SHA1

c109f7caa0aeae6e7ba464d6b12d2e6fc8ebea62
SHA256

8109b2fe6fe61eec679d059c1e553c20777dde2b6b8200ce3bdf57b2f2068bf5
SHA512

3fc457dde4694a0f4f83bcb641d965ae5c82cbc04d30f55f931a2c140486c3b18049b37fb7532c05897ff2285cc5cfd7329e286fc1709a704811c2e36abf6e92
SSDEEP

6144:w8TCDgy82yhZHzSky3XE8V22dl192Bjpdvitf8LuBToP126xHe0K/rUHLM:hFJLHzSky3jV5dl192BABM1261eDKg

Score

10^/10

Malware Config

Targets

- Target
  
  HA_SendLink191_Fire.exe
- Size
  
  481KB
- MD5
  
  c70f92533a5e197dcfdcc2c5edbdd98e
- SHA1
  
  aab8d6bf5dec47e89bd34ad036b4edbc73444563
- SHA256
  
  38a285fad90354c149689c2edcfbf2fa37441582fc97abfd4969739bc7df8c02
- SHA512
  
  fd22a20825ebd1342003210306a3bbf4f1cf9c80d819558543c98f73911b458f71de5d8294e689f265ec2e1366e19522346863934f836fca1fcb2d7874217dc6
- SSDEEP
  
  6144:FhF2fYDYYD+y82yhRHFSky3XEMV22Jl1F2BjplvitfMLuBTKP1265He0alrUHLY:fUTXJvHFSky3VV5Jl1F2BWBu126deHKU
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  1e8f2fefe3ce893b117b26948b8978cb
- SHA1
  
  59cfc6c3f5716e91609e54ca80ae8b06c93ef8ab
- SHA256
  
  8203ae1589a50e6ff012e5d27bdd4f8ed7506077ca9b052827f5e90aaeb98519
- SHA512
  
  b3c36e1aa5d3ee5f482f4175a7d6fe10cf2bf3bd3423ab4266d11c4181cfbc7e3f66a30855034a8ec026a4d5987598f0116e98519b7445d9e5687bcbab2c0e5c
- SSDEEP
  
  192:qzixixDOHhG9db9rd+oSVPECMlh3I8tqDyng7hwbbHF1QuCb:qOx0DOHqrdwTY6+ng72bbMum
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/Splash.dll
- Size
  
  4KB
- MD5
  
  e07ad0d2f86ddf926911e3d2dbc2021e
- SHA1
  
  370c93de8c9ba9549b0a646b329cb8d2fc7c91f8
- SHA256
  
  2ada4d9531a62772ddd7eeb0737fe91925982c543990d9c0d4faaadde12b7ed0
- SHA512
  
  c13747e3cb2d6712f3bf19bfe1bbbab47763239a4e21bbe685edbedae98bda9c7b8e4e06c22e8b7737752a3c3129e07c91c00b6e90ac741e891bc1bfa966fdae
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  6KB
- MD5
  
  5c6271fb9e292a5f970abc96e5b0182e
- SHA1
  
  95f9b6d87c142cb42882cb3ca38d1fd424ee5bc3
- SHA256
  
  0fd71473abf9bdb824772875c915ba4864af50666cb41782ea26db11f4ded7ae
- SHA512
  
  32ff24ede0d0ae99411e4780af0d9f774190cac5e965eca98a0003e772324f1d90ed9b27d2d4f700634aec29b906822f8c37640c840e8ed07adb35dafaf25a00
- SSDEEP
  
  96:HxLJdRZk8OkmE+WHw0FMXF6CWhFxKpKsVQhEfP0:HxLjPk8OT30FFAaCP0
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  10c44246d99a1c2e5f5e6b52b111a63d
- SHA1
  
  0f41da79c3e789f4ae38738e3a5d73c538f8af4f
- SHA256
  
  7a24883bdbf08ce90938094b6ab6f09a842af10b18b8ae4d70da2e6b806490b8
- SHA512
  
  e5b0fa27cd02a67be5eb9c63646621d3e9ccfada98659c50dee8310a58ce12e1a6a059788b85f0f440067ed7e281a0e1a526b9403993b9000f91a51bfbb50da3
- SSDEEP
  
  192:rOSsJI/rqmIDNLU0dq51EgAiNbubv6rLZ:lHQQ0d01Egbq76r
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $TEMP/Assist_hanzify.exe
- Size
  
  193KB
- MD5
  
  7e32fa5420daf2bef4833396f4390ab4
- SHA1
  
  22238aa3e8ad066c525afc62e140937bfd597ca8
- SHA256
  
  7a9be0f039c30ed7b521619244d5f1b34029f573162b39022948ab472bb65a04
- SHA512
  
  3b5307f03cd6f74c11440aa36f0222c21850af7f4723e73b261b727b5c03c94fe2fa02e897e8a07c13c4bc0b53819a3b3ca6be0c668328fe0de0de5a9ff56ea1
- SSDEEP
  
  3072:ck5+bFdkJCaWvV9MDKsxt+Q2ua4m3r8HlimB4PKPRngJY/HkzanhV2HD:x05aoV92xt12N33r8BOU+J6kzanhsHD
Score

8^/10

adware discovery persistence stealer
- Drops file in Drivers directory
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral11 behavioral12
- Target
  
  $R0
- Size
  
  128KB
- MD5
  
  7ff63507a1ea33dc677c1f0a838fadf6
- SHA1
  
  c35183495c7d90f22ad83970b4a86ca0c4b8b433
- SHA256
  
  68dbf3a7828473663ca275c6eef36d91ae0e620baa7c1583d0bbc4f780dbe5c3
- SHA512
  
  cdb8901c61e92894cf471fc305b0087f4849a71b8cb9f04eb6ddc6b53f90825532ceaaf57f6e5f98ff1f5a18ba20a0ecb6583a12e8777b5145704058582eb27d
- SSDEEP
  
  1536:RGkDMJFeUvHjc5m9uY2nTP3f3ZOvzyaBnoifEhRfbBRJRZrPatTcu69OA7M6nFNR:gJ8p7JafiBRJRZrNMA7M6nFNend2
Score

8^/10

discovery persistence
- Drops file in Drivers directory
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral13 behavioral14
- Target
  
  Assist/$R0
- Size
  
  156KB
- MD5
  
  aaf5a6b61ca11868c31011a68d95a5ef
- SHA1
  
  d58bb83332af9e56758ff5cb1fcd3173567e6c4c
- SHA256
  
  a8cd1c0f58135ad104b0d2a3064d3d4b9792be5ff40a721aac7eb37e26708b36
- SHA512
  
  e6461950958a38089197932f6ba34b578a6d6932e1cf7412a2c93f5841e853468037c0cd2081d3ef5f744ab04df7b8b967113aa255066a1f22ae980dc6ceca3b
- SSDEEP
  
  3072:rLUxXZ6+a0acTJyxc+avp3U0S96yM33fJgqVfuO8LLx14:cxZ6/cNSKd7r33VfVA
Score

6^/10

adware discovery stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral15 behavioral16
- Target
  
  $TEMP/DUDU_HH.exe
- Size
  
  220KB
- MD5
  
  0b2a860a558ca00e1b4f389b6d8be1e6
- SHA1
  
  5e5a12756446751482d3db2798bd954f2f49ee68
- SHA256
  
  81db7a9742cb8fb50f7a97a952388cb3f4a1a9d150bc84705f8c2abf2c71dafe
- SHA512
  
  2210d69d467358c3174bf0685bd6dc1236d56aa9a19246c58931ebf87fe955fb4ed5e9acbb328b1775930e20fa275781c0eb48dd6d943de46ff20dc8fe511147
- SSDEEP
  
  1536:OmcjI6qnGJWh7jtCY4d/2uXAEaTKKNZuYfoIRSPVOklNmUSxxbZl99JF:OHGnGAl5id+kQfJoIOVOklNmUSxx
Score

10^/10

discovery evasion
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Loads dropped DLL
behavioral17 behavioral18
- Target
  
  SendLink.exe
- Size
  
  232KB
- MD5
  
  8764358d0a43bb3a3316bef556e13470
- SHA1
  
  3de905521f15937eaa3726fb63d22509b1c7c5a4
- SHA256
  
  2967c03995f30626ba1217437c962ebd96d038acb078ce98a0a0fdc6ecd97f79
- SHA512
  
  b9d509ea1d786bf41d743d62fb1135ed091369d07f51ed9cac5016a9227fc6d5d41af9141faa830636deb1cf56c8d03068416b0cdbc5336ff120c13fd4c957cf
- SSDEEP
  
  3072:iPsNDP86GKHz/BKhRfORZNRwOLZZt/Xav9vShnoE+qpaZccA/HZ:iP0GKHz2tqzmOLNXsShIAZ
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  SendLink.url
- Size
  
  61B
- MD5
  
  f50bb685c735a5fbb2796086f49edc2d
- SHA1
  
  efca8e52c428bcc045e34422f8d1558d24d13ba8
- SHA256
  
  3110fcc032405e705e8710e263d43f38c2ffbef6054bf58ef38a90741fc838fd
- SHA512
  
  fc4867586e6843710aacdbb6dd922f297570c474e811f74581e6fd3303e1b7e5e0ef4ba4c8248704f2dc08adef9ff4b2343d578494ec21464101f579c3ae5fef
Score

6^/10

discovery evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral21 behavioral22
- Target
  
  SendLog.html
- Size
  
  2KB
- MD5
  
  1234530e71e7c443ee3a9ec8b3e57975
- SHA1
  
  7a8c1714bf7a76a5f08591fb9e103929491ab259
- SHA256
  
  d9ad94d068c4fcd94d145b58c7a22138d1aaae589071244de123d411e385ec29
- SHA512
  
  2c15328f0a13649bd9e214867bf767b246d8b6fcc2dc4e519d34e92308d48c07679c1b6ca778347bdcbe76f6097b3a88a5e07db71ef2caebc21125f47afba9c3
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  SlideShow.html
- Size
  
  4KB
- MD5
  
  4a1e93b5c2c5edce62fbee0cae44a37d
- SHA1
  
  aa1032b212501287c62bcbad0a4e0290a639e182
- SHA256
  
  5d7bb37fe6f93305e973b796ff07a5c32ae2388b86efd4466c49fad71468084b
- SHA512
  
  52e9cc1628666ba88983292218f1cdf22fa7224cdc8549bdfd05be4fb9649c6ee0bd437d6068c50fe8d80820a756def26b2143f19411d3319fc76e25d8a736ca
- SSDEEP
  
  96:VvRI7pbCQ/QfwHTRp4IagpGocgrTnc48BP:VpEtcw4ITJzn56
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  Support.url
- Size
  
  59B
- MD5
  
  0e409c21b9005c0c38bc481c77728300
- SHA1
  
  827ef47484383191a9236f2e754d854135b11107
- SHA256
  
  42ae69f14dfe217f82c20c40cce355c51ff77a06948bb303e9cbcdcb08cc17d6
- SHA512
  
  443904890abb402d28b7b96e59076c222cfa63c9f2c5e44eeb1f8ea2add20d19a3c3aad9c554260b67ee7e2d8db4d822cb02f7e6dbde05542ed82b229bd06834
Score

5^/10

discovery
- Drops file in System32 directory
behavioral27 behavioral28
- Target
  
  uninst.exe
- Size
  
  56KB
- MD5
  
  53731b89e1c5fd02c209ed4129db684e
- SHA1
  
  78a34ff0f17a6fde269b31d86db99036e01cefca
- SHA256
  
  055140ecaa73d6bc79ef49173f6fbcfef3fe35619e9cce538eddca9b3b9023c4
- SHA512
  
  f9dbabe261e526351025bfbb9e81cf76e83da041d9523d28e54cf4b1808559b6920e69865189822319c5a86ee0a8ffda227c1483e76d1601184938b0d501c6c2
- SSDEEP
  
  1536:1PgXwpm4RmzZwCnUF2ICqdkJI6P+ZCsBTjt2bm:1PgXLdqF2fqdkJI1CiTjt2bm
Score

7^/10

discovery
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral29 behavioral30
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  dbab668ce84d6b38824ed1c9b9121adb
- SHA1
  
  de8c80d7b0d01fafb750b2bded1f055d102aa3d0
- SHA256
  
  ede19cf9613ccbf2f4c731f6eb1460efe56484e97c8a0745a2a5460571e64f11
- SHA512
  
  5857680db3b642f14742ad55a3349cbe059c18c5dc58ae0def53886df5eb2c9abf5e444db1bc8449db779c33e940f8f2c4a7520ad8f374b9f2f01e57d6a2c953
- SSDEEP
  
  48:SHbz1tBa/XC1TQO50vwovgxVLrh2TpXHW+iJ/L9Cp+0rf1uapskdfhhdJcN:m9UXC13C/ovLrh2cD/L9NolhjcN
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Drops file in Drivers directory

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Installs/modifies Browser Helper Object

Drops file in Drivers directory

Loads dropped DLL

Adds Run key to start application

Installs/modifies Browser Helper Object

Modifies firewall policy service

Executes dropped EXE

Loads dropped DLL

Checks whether UAC is enabled

Drops file in System32 directory

Deletes itself

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32