Overview

overview

10

Static

static

3

efa8c87419...18.exe

windows7-x64

10

efa8c87419...18.exe

windows10-2004-x64

10

$PLUGINSDI...on.dll

windows7-x64

3

$PLUGINSDI...on.dll

windows10-2004-x64

3

$PLUGINSDIR/LogEx.dll

windows7-x64

3

$PLUGINSDIR/LogEx.dll

windows10-2004-x64

3

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

i386/SSCbF...f3.dll

windows7-x64

10

i386/SSCbF...f3.dll

windows10-2004-x64

10

i386/SSCbF...r3.dll

windows7-x64

3

i386/SSCbF...r3.dll

windows10-2004-x64

3

i386/sscbfs3.sys

windows7-x64

1

i386/sscbfs3.sys

windows10-2004-x64

1

wow64sup.exe

windows7-x64

wow64sup.exe

windows10-2004-x64

x64/SSCbFsMntNtf3.dll

windows7-x64

10

x64/SSCbFsMntNtf3.dll

windows10-2004-x64

10

x64/SSCbFsNetRdr3.dll

windows7-x64

1

x64/SSCbFsNetRdr3.dll

windows10-2004-x64

1

x64/sscbfs3.sys

windows7-x64

1

x64/sscbfs3.sys

windows10-2004-x64

1

$PLUGINSDI...st.dll

windows7-x64

3

$PLUGINSDI...st.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    efa8c874193d8e6d16c1a27affd58d6d_JaffaCakes118

  • Size

    792KB

  • Sample

    240921-m8bl8azajl

  • MD5

    efa8c874193d8e6d16c1a27affd58d6d

  • SHA1

    e765584a08fa4dc17b17e258beb3534e460c02f8

  • SHA256

    5c42ee9854d6566d3138fe23cb9c973e74444baecb10fcfd80e772e6dc1c47f0

  • SHA512

    bd78b0e1ea423d07a2c3115b006c0a5d21b1f9d9f67cbe32f62d885cd729c31ccfdd58678ede1fdf1ca429853e37c9adb392bcc60f3875aa0c7c2b2ef9b10634

  • SSDEEP

    24576:MDP5SFcKooa5pyg/ALvrFRU89yPxID2Tt:RoCg/+o89yZID2x

Score
10/10
metasploitbackdoordiscoverypersistenceprivilege_escalationtrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

95.93.162.57:4444

Targets

    • Target

      efa8c874193d8e6d16c1a27affd58d6d_JaffaCakes118

    • Size

      792KB

    • MD5

      efa8c874193d8e6d16c1a27affd58d6d

    • SHA1

      e765584a08fa4dc17b17e258beb3534e460c02f8

    • SHA256

      5c42ee9854d6566d3138fe23cb9c973e74444baecb10fcfd80e772e6dc1c47f0

    • SHA512

      bd78b0e1ea423d07a2c3115b006c0a5d21b1f9d9f67cbe32f62d885cd729c31ccfdd58678ede1fdf1ca429853e37c9adb392bcc60f3875aa0c7c2b2ef9b10634

    • SSDEEP

      24576:MDP5SFcKooa5pyg/ALvrFRU89yPxID2Tt:RoCg/+o89yZID2x

    Score
    10/10
    metasploitbackdoordiscoverytrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/GetVersion.dll

    • Size

      6KB

    • MD5

      4e7b00425e50da61831f833bdd0af64e

    • SHA1

      20af15effdecf38969740ac7d19d51a3a48e7eeb

    • SHA256

      fea4762c97ddc671d21ce375e0b482f83ac5f79b5cc6d3c7ca812fa69e16eb5d

    • SHA512

      f8977ef64dc2d441eb1f135fd1937ec7a456fdc41b36413cd7911b47aa7377325258ac60ac6c44e08f4c077a1417b6c68b665b4e00610b057bb913b03ab77939

    • SSDEEP

      96:E12aLmx1WREdTHF7ZmI5uy9tzAeTqES+ndEhK8h30i6IxRcsTdCwBi46AQu:+EdTl7AquleTpS+ndEhKsHjTdCwBi46W

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/LogEx.dll

    • Size

      12KB

    • MD5

      6629d16d2e3adb559cd74195c4cbd6ee

    • SHA1

      33e1e93843fdafe716904ad8ac0ce732d33e2d0e

    • SHA256

      b22d19b82f92a23810286bf5328260de66c2068b5f7ff1f7ccd1aca7fc0ef62d

    • SHA512

      1e0110bcc1627b4a50230fc86347d0c08b244184b65e8f081e1014d78264aca5e407fe9444a6325606580cddac24b837cace004ce8ffabce4a6358979769bc2f

    • SSDEEP

      192:U/+mRGVgtYLcxgJd2THwnTxDpJFGwYEPND+9:I+mRGVgtYLcxgSbwnTLD589

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/Processes.dll

    • Size

      35KB

    • MD5

      2cfba79d485cf441c646dd40d82490fc

    • SHA1

      83e51ac1115a50986ed456bd18729653018b9619

    • SHA256

      86b302fa9c85dfa0c1c03ba000864a928365dab571f3355347dba02da22949b7

    • SHA512

      cca186a7f9c5cff3f4eca410fbe8cc13dad2514a7e36aec9b1addfbcb239ace9b9b2d8427771858e3fd11783abce7e24d43c286f98da9f8b17562ca095a4c043

    • SSDEEP

      768:uxEiycFoaj/+WSiJfmjvab7L/cUf7IIlMLRF:uxEm7sgfmjy//cgdlM/

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      00a0194c20ee912257df53bfe258ee4a

    • SHA1

      d7b4e319bc5119024690dc8230b9cc919b1b86b2

    • SHA256

      dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

    • SHA512

      3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/UAC.dll

    • Size

      13KB

    • MD5

      7191bf2f751c79e50386b87c458ed2da

    • SHA1

      30df71f1945f0ece8d396042dba84d92f84dbfb6

    • SHA256

      45de80c4ef75ac01fdfca02a0c05c090311cb65b0f52b61e2307494d643466df

    • SHA512

      121143369c5edd732a513c884fa90d0ffc03f3966c46f8feccad09591295890de61dec7872e6fd6cd03ae132287bd1dad44d74b45fc8e623a0fa4a647510ca91

    • SSDEEP

      192:dlKA1Fiy+JjtWyPPW/O3w3hzwGRDvTR5QKZMAWSp2o0R:WA1n+HXoO38bVvTDZMAWSpuR

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      1e8e11f465afdabe97f529705786b368

    • SHA1

      ea42bed65df6618c5f5648567d81f3935e70a2a0

    • SHA256

      7d099352c82612ab27ddfd7310c1aa049b58128fb04ea6ea55816a40a6f6487b

    • SHA512

      16566a8c1738e26962139aae893629098dc759e4ac87df3e8eb9819df4e0e422421836bb1e4240377e00fb2f4408ce40f40eee413d0f6dd2f3a4e27a52d49a0b

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      i386/SSCbFsMntNtf3.dll

    • Size

      139KB

    • MD5

      6b33da35476adc89c7846d02ba738d37

    • SHA1

      d1f0865df78197c8d3724eeb3a4495ebd5e8dda3

    • SHA256

      5b44755cc71a5d04999a01ad2651b5540eaf75466bcbf5e5cc2e3466777365e6

    • SHA512

      9494c61a70f7a1f012df4d686d170e19d4178d48f80a8b1daa709f87557fd5295a29c34ec4bcd85d42ad1c9f21c5e836e4405cc3e4401ba55721d73f24985b20

    • SSDEEP

      3072:yrB5lQJ3AS1OPpCyIwm1TAwW4cn/SzgLTmFs:yrB5l2v14C9wm1r9gLms

    Score
    10/10
    discoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Modifies Shared Task Scheduler registry keys

      persistence
    behavioral15behavioral16

    • Target

      i386/SSCbFsNetRdr3.dll

    • Size

      188KB

    • MD5

      6df1daae30c935249c6a3bae7644a005

    • SHA1

      3378eb338d4b0203f78949cc9f6392523e0fecb1

    • SHA256

      c04558a19461991f9abb7fb10a680652b7c65a85d2bbcc36ef8d769ccde882e5

    • SHA512

      9eaca8ff8e046f0ce17cfa21e1e320925ed9b63bc1d79762ed692d54d24d3889ce0ba03717e6ce4ebd70186b9bc92a6e170511ea1cd1fd964164012fd8ef8064

    • SSDEEP

      3072:YKKBmSf/tjdp+hAYk79NKq9YTyA6KOO41Un1ee6cNVSKzr/5hggnfSuClhb3PSlh:YKKTJdlYkRw8Yu/OmoeeHPRS3zalBz

    Score
    3/10
    discovery
    behavioral17behavioral18

    • Target

      i386/sscbfs3.sys

    • Size

      289KB

    • MD5

      9009dd1db6a61d2872936a8c5d3c0db4

    • SHA1

      857b2e6ce4f848b7e209e579ad928f767bdb9225

    • SHA256

      186fcbe93f3237850437d645ef41a9c4a7b68190481a817b98a34464d32851b6

    • SHA512

      c17d77ff14c25d4c24ca291b8ae2b943f14eafc5fb69c16fc31f597cbb30f7db18ddfb9056c7fa6e9d3276f3a2cb3a54d85df43dc627a7e604e6106e33422a2c

    • SSDEEP

      3072:CceFGZuC7vHXUKw3z2WAAF0+Vn/FzueQtM2UUNFYId/wL96mJBotc3Eve07ORsUT:gCqAC2tM2fLZ14Z3q/URsK9lgDjn9jK

    Score
    1/10
    behavioral19behavioral20

    • Target

      wow64sup.exe

    • Size

      83KB

    • MD5

      f42653c0ab213d6822b1cdb656e8fbc4

    • SHA1

      c3960bf7e834cf1c7f971135170636b857fd6666

    • SHA256

      a6038f761cc5c3ebf22ba8912d06967f348f04b5b32e6f56add6cc9b073153db

    • SHA512

      68698d4f3fae467b223fb15ae2064b179985f4b1067c59bd86c4ca1478eebdb8506026fdf88e2b851374944ac4da3274bddb90c14b79ba3ceaa89471a5720393

    • SSDEEP

      1536:5mvaEhvelgUYi035Tas9KPTCgikccPD/TpLZxQMTMYlnxkNsguSN:tlgE035T99gTNwcL7pLZiMTJlnxkc2

    Score
    1/10
    behavioral21behavioral22

    • Target

      x64/SSCbFsMntNtf3.dll

    • Size

      160KB

    • MD5

      c9940a2b243ec73ade7a65e4572fde6b

    • SHA1

      c4bd632f0135d75e7adf94f02fba22c6a9ff7342

    • SHA256

      7bf8ea86624b461767ddf5573cfe9a55814efa6f67d808c1d91c61a45cd06466

    • SHA512

      a8589e417cdaa42161eeb9af4aa104b4b7232e6333498cbe9e1e6b8090399b3f97471f1099fb051385142e051a8f82c834e2b8b0d3882b72ba74bff16b7a01b2

    • SSDEEP

      3072:HCIOd79Gi8PcOocNMx3FiTrMIntrqzbp1Algnif+G/CaWLEuA4:HCIOdpn8PcOoH3FiTQIntmGDLWLbA4

    Score
    10/10
    persistenceprivilege_escalation

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Modifies Shared Task Scheduler registry keys

      persistence

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation
    behavioral23behavioral24

    • Target

      x64/SSCbFsNetRdr3.dll

    • Size

      108KB

    • MD5

      8b694d7742f69e2954f8efe5b2761c48

    • SHA1

      b9d614b762f8d6c887d433d891221133bd32e899

    • SHA256

      8ff4097a469e52dcadf39115e8a6caa7cd0f0ba215171378821f660ffdc8d910

    • SHA512

      c1a8c58d2a0f033c71672e62d8195a5337e79103c87018fb513de2e24e4cf815d069f5232916f693b2b13bd039675e4a77b8f6b9acdb215c93b6d928b842eaeb

    • SSDEEP

      3072:8BbUqska7adxarvTNjG/dkHTGtPpTel8QEzLYwyindh7wFQR8c:8BgLkaadxarvTNjFTGtPdelVAhGlc

    Score
    1/10
    behavioral25behavioral26

    • Target

      x64/sscbfs3.sys

    • Size

      339KB

    • MD5

      e0822fb022731eac39dbc524c2d9265d

    • SHA1

      6b06571284f3d09b1813b9eb100f13e35aa0c301

    • SHA256

      3ff04f86e0622c96f879f50728252dfcf9cceb6706423776a0a89082db3045bd

    • SHA512

      ca9e3979de35b808e72efd6d1af8a3d7594059937b554b5d7722dfbfc4d316935591ebfc026f27f6ee275eda2392219b3962fcaffa82d2eff5b05e47b0e10c93

    • SSDEEP

      6144:JVq9TsViAe+sv3zcIE+gt/7t2fLot80uVxHeJhLa:nq5aqgJ+U7KXVxHe3a

    Score
    1/10
    behavioral27behavioral28

    • Target

      $PLUGINSDIR/cbfsinst.dll

    • Size

      74KB

    • MD5

      a52aec5b90ce512b7de72d0af69c2f1c

    • SHA1

      92684985d5e0649d1519ce7820c77537f7db5892

    • SHA256

      f2fbbc71b7c0f7a1e8c87498a7c7fb8078672143363ef1ef9be1555c9262238a

    • SHA512

      6860e3e8881c39ca395b0343e38c78fd7c66b9d31a979293cf7678d99026d4d3382f39c13be41777e51b36411d7e164bf0c2f611184fe541266b42ce74b06083

    • SSDEEP

      1536:iDov8IsQrlXclyPNBsgnDOmfFKrRMTYPDq:nv8NQrlgINegCCKRMUPDq

    Score
    3/10
    discovery
    behavioral29behavioral30

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

metasploitbackdoordiscoverytrojan
Score
10/10

behavioral2

metasploitbackdoordiscoverytrojan
Score
10/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discoverypersistence
Score
10/10

behavioral16

discoverypersistence
Score
10/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

persistenceprivilege_escalation
Score
10/10

behavioral24

persistenceprivilege_escalation
Score
10/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10