General

  • Target

    fe7e17ea6bdee70677a162cff9654a1b_JaffaCakes118

  • Size

    18.7MB

  • Sample

    240929-padp2axbke

  • MD5

    fe7e17ea6bdee70677a162cff9654a1b

  • SHA1

    7b68282e961b1ceddb77a296507097ca10d4a331

  • SHA256

    8b165ed56a818809871aafcfcdab1e36b8a1b5fc5545ea8d23e1ebdd73c98b94

  • SHA512

    41c1856c61a5fe31a713a2f3bc10fdaa282e9dc36da638835775b26d451bb4f72495efb5cb8d99adc15988aed28e790cfe01300aa4c4fd66d93caea1374e2fb4

  • SSDEEP

    393216:wyt8VDilmI38DouRrJtmSJfgcLnLNkimB3L0wE++6bvtxLrLP:bt8wV380mmSjzhktpLK+7HLrLP

Malware Config

Targets

    • Target

      Fetion/@绿化工具.exe

    • Size

      160KB

    • MD5

      eb8a98d20e9758d312b94c95f994e8ff

    • SHA1

      0268ff48488690074d31278e26a3a9fa7bc9a8d1

    • SHA256

      9ce6059114bb9253cfd739d3aa1d4e289a630c61520edeac815d861ee18cc664

    • SHA512

      33bee2fda86e172ba8d665f7347409306d8c4aeb831e331765a3e9873c4d5c638c8d87bd0f38faab2c821f88ebcea64b557ecdfb748f54970c4a052186467e35

    • SSDEEP

      3072:xdRY5hG2QC1J/JJw434OCt4iCSIAql7m3N1KLPV2VaXKgMfKwwo4vvt:x3Y5RFoIACENSPVeaSwJl

    Score
    3/10
    • Target

      $PLUGINSDIR/ButtonEvent.dll

    • Size

      4KB

    • MD5

      fad9d09fc0267e8513b8628e767b2604

    • SHA1

      bea76a7621c07b30ed90bedef4d608a5b9e15300

    • SHA256

      5d913c6be9c9e13801acc5d78b11d9f3cd42c1b3b3cad8272eb6e1bfb06730c2

    • SHA512

      b39c5ea8aea0640f5a32a1fc03e8c8382a621c168980b3bc5e2897932878003b2b8ef75b3ad68149c35420d652143e2ef763b6a47d84ec73621017f0273e2805

    Score
    3/10
    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      107737e3282fefd85684f2fa3df6d1c3

    • SHA1

      3befbcae116a644ae28cebdc1d7dfe6be5c8ca5f

    • SHA256

      21042be362d4073053bffcc90511b3ecf77902243525b56bb159581b5ece43a0

    • SHA512

      439ac2f3066902e08d63dc3061f55063089857e765feb29fe47ba5819a9bebdff3fe2fe55fc8bfcfddb729d340f006ee95b5aa4422d712f9dcc07cc02ec410b4

    • SSDEEP

      192:FTmFxiXTQdQbg9FkGuz9lBDpO5DwbgUojcA96lK72dwF7dBG0N1:FTmriEdYQFkGUlI6vojj6l+BGE

    Score
    3/10
    • Target

      $PLUGINSDIR/KillProcDLL.dll

    • Size

      4KB

    • MD5

      99f345cf51b6c3c317d20a81acb11012

    • SHA1

      b3d0355f527c536ea14a8ff51741c8739d66f727

    • SHA256

      c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93

    • SHA512

      937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      0ae9c427fe7bbbbf1368c1c6d3933ae7

    • SHA1

      c8e5131613302531c88512dada29a18886259268

    • SHA256

      49437f4b9fd38007f3b2735f0a8a12830b995305c75118b440202980183d5c6a

    • SHA512

      59b76b00f2b0d6242dc5bc3cb36d3ff78867445f502e34cea890c6f493c2adf9b97cec539963204ddd1c641e1a77139f46fc33dec4dc636f4b06d2edffffec6d

    • SSDEEP

      96:vCCshwlpqUsYghN/9uvZ7CLWNCSiiVTQYBGVXRvuBDlSriklbuba1iLc+cEyzo7e:BzqUuh/uLCXIkYBGV9uVlSblbubbwtl

    Score
    3/10
    • Target

      $PLUGINSDIR/linker.dll

    • Size

      6KB

    • MD5

      8450b29ee8d592c208ba1aaf6ee50267

    • SHA1

      75096da057bc85cef63bb0eec168652ea75cf618

    • SHA256

      53aa57e582dc56421c1191a0a9efac9c36960b903b7d825f3b9682605ec2b612

    • SHA512

      d23a3057053a1f36f5eb212ae0b09b9b0b41e50b8a6a20bbc46c12c51199ad0bca741bcce17534488158e8f2b9470dbdac2aa059688b7588a05778c40d461039

    • SSDEEP

      48:q/XgJspkvsIWyuS3fyVLkmqbIWXGuDNcGo+FLtLFSfrPIk2vIhll:4gJsFIWjS3qVomqIixo+9tLFUr4vMl

    Score
    3/10
    • Target

      Fetion/CrashReporter.exe

    • Size

      704KB

    • MD5

      6417ab969b9a1ff99936d357fa2ea5a8

    • SHA1

      fff6527bd2d95c9204f689f5821c0b4ee7296c04

    • SHA256

      971d1acc2f059c12c498d31ccf210446ac5b337df9785cbe89bb17b7a61b29e1

    • SHA512

      5766df1f80fe40d0e36aa5ce8d835740d660bcec45ab8f41ac919e8e40cd0a50511e8dd212ee9524f14b311b210f4fc1302319dff28c897f36d93c897f4f2919

    • SSDEEP

      12288:RmH2QcL0PGieV0yPecDGFMu5IkUMR1EtwJ+pxMec9THIeovQvrI4/R+530:shcg2V0yPecDGFMuVR4w9X9TJovQvEu3

    Score
    3/10
    • Target

      Fetion/DynamicGifCtl2.dll

    • Size

      184KB

    • MD5

      245e160da3d09b6af36465f026434c77

    • SHA1

      613ff234ca9210e41831e4fc9a5cf4692b2c28d8

    • SHA256

      101e3e140e44fccc07853880594db42eee32c4d0cd4262597e80c1b31d379b55

    • SHA512

      a4d1d1eb8a18addb6472b23de8e5f8d23a1dd3a97733c56a56d2fc9b6993b3285c1e9fcaa1356349716467b6d9ee660089698e24092798a8b8a2110ac48b0fa6

    • SSDEEP

      3072:o+CNVO9qGZ6I9WwUS8g7flhrelMmsvYuRHtFNtu94thoeEUQ6k:ZSOgGd9WnS8eXep0XNtu9l7

    Score
    3/10
    • Target

      Fetion/Fetion.QuickLaunch.dll

    • Size

      82KB

    • MD5

      8b285064ded6293c5dadd13e44a6f5f0

    • SHA1

      7103817b536b2a24801f1aa16eb96a64bd61bbf1

    • SHA256

      55e4d5fdc1ccaf2d74255c4348dda1f988e675e5fdf33c18ec6e31a7ba32d161

    • SHA512

      e398031dc3ef29f22101a19ea52bcc66dba50681df38d5f6cd3d02808c3889f041b1499e3129d15f4eb3d6854ed16ca510bee7e3b5d3c8c9b0d938087c479a3f

    • SSDEEP

      1536:mmSQ95rqGdZ5H+75xPAqILi/2IslO16y+Z1w6Z41AARH0jaFCL:qQTrqGz5W5VAqWi/2IOO16BZ1woEAARC

    Score
    3/10
    • Target

      Fetion/Fetion.WebDetect.dll

    • Size

      120KB

    • MD5

      6866206fc105023ad84ee49e944a44de

    • SHA1

      db3af8615b8e7af640689faf41facdadeb817494

    • SHA256

      dc55378e2528b7d2c471297c5e3b6bcf3317b90e0a91b876179c17e8086eb369

    • SHA512

      36668a642ab5f47520339568fcc66b973564a6736b1c9b3cecb73a40eddb76b5c20f71f50e11823cc79c1b82a48a0e68f25a9546cc1f6a8513fe64579c8537f3

    • SSDEEP

      3072:nf9SEiJBe+eBOBxsGcCY9lqzyD58zaKVe4M:YEjBOUGcCYGNhzM

    Score
    3/10
    • Target

      Fetion/Fetion.exe

    • Size

      23.5MB

    • MD5

      995b2653753911f079697e684a4b1261

    • SHA1

      ad5f64b0c324a84533ef3848b72202df5bcba62e

    • SHA256

      71cf20d7b069079bd0ae903020bd32644ab7d6900205b03b4ac6cd762a1f21ae

    • SHA512

      04695764fb2e8a3a78b6407d690843a72e956877100a2870b42b78da24dd1a1f0efd3b4564e699dbd93950f3f7a0c08a9446df5faea84db004933dfbd13334a1

    • SSDEEP

      393216:Dr5+xDh84Y+e3e2VESVp1Av8EhhtxvXDpKlo/79L1yRXAKsRLxIbEEM:DFS84jY1w3xvXDtxt

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      Fetion/FetionExt.dll

    • Size

      74KB

    • MD5

      b955d04238db300a975ff4e52020c50b

    • SHA1

      2dba56db2c2cd4cea77ac4036b89253339ce5259

    • SHA256

      2e2c0f2ca7d606ceb41e3a3f66d12c7defcc6d8030b175d3f4b44d13d34ade10

    • SHA512

      fff4a3e64597fe0b47ad73abe22b722cb90e52b54d34b733c0e53611c57d8e2cf5bdbc5b5620c956d66328ecb7c2287f1277f7fea4361b4911d572a373ca6c8d

    • SSDEEP

      1536:7J+yg4NAC7c6NxH3jpZKaAN5Qg5rdlO11jThAtvUVE/tCUJ9ZE/n:7IyhN3ccxl3ubNO11jThAlUVE/MUJ9Zw

    Score
    3/10
    • Target

      Fetion/FetionJumpList.dll

    • Size

      16KB

    • MD5

      e747a1937cd91000d208e08affd1bea1

    • SHA1

      b2f40e4a33441f94c5de6e93a2f65d64fd23c255

    • SHA256

      12c59a7c52072e73ee89af003638d55bac3260cdec20bfef7ddeea9475f8c66d

    • SHA512

      437d91899b5b275e1f73d1c7e10fff138ddac44a10db7021f0eb48d2aa9ec94de01074a5ebc63cc100744c0747150afe1053f71d4c90482ddaa0f8513b29f174

    • SSDEEP

      192:fWbQaAGUjS9q/d/lHGH09S9P6UdEx1PqUIzI0WmsG7aOR3XFVR6y6GVpWSD:+Ln05li9SCWcRWBG7aOt1V5hVP

    Score
    3/10
    • Target

      Fetion/FetionShow/AvaFlash.exe

    • Size

      107KB

    • MD5

      2ea066769cd8120420242bf8823fad1f

    • SHA1

      073428841595a1bd47e2d314c00474b1ed353584

    • SHA256

      40639d3a610088f5d04ac2e7ec05a5c90ee02950e5626f10435badf19adbc401

    • SHA512

      47c250189c4545be8cace7b144772fadcc2f55d0866bd05d10a522042dbfcd65e5a14cf61238a8847b1e8e5d8d5cdac9626a6f3afc0d2cec4da049dc7efc1069

    • SSDEEP

      1536:L7nLD/7ZAJEpEHgllYbaB60rdNRUYML/6PHfDovGytOmttHFCS:L7nn/7SRgMbm6Q4LcHfSGytOwHT

    Score
    3/10
    • Target

      Fetion/FetionShow/AvatarX.dll

    • Size

      260KB

    • MD5

      592b84c788fd57494fdb8904bc108986

    • SHA1

      d7e64a3e25c0aef1d536c697976dd51d97f5b6c9

    • SHA256

      fb4957a3110340e1fa48144b2e6d47ba838db3b726b4521379608932121172a6

    • SHA512

      6dfa534f1509ee478328a0f0ed31517b002175e6ba983171dd40c42ef3913b85efcc088c8e8182a5aa3ba90328ffe7c565a395fb3378f9df527376ed8a5d46c7

    • SSDEEP

      6144:AOR2WUMYNd0sizDLMdQ5EedWq7q/+Cs609YpCj+zIr+C9p06snIn:0b+jz7AIn

    Score
    3/10
    • Target

      Fetion/FetionShow/Document.dll

    • Size

      516KB

    • MD5

      b39ec97284ac5afd2840a45349d1a36e

    • SHA1

      3e5542372d3226f84b00174caae7bc89d6ac15ad

    • SHA256

      bcd4426b2b5d6ae4229dcb978339f68c89bf13cafa1cfcc302bdafe1a4b8ee38

    • SHA512

      2ad68cd39f6145218cd7d1c04999770d914d35b9fa7ca6eaa2ec07050a4e6aa06b8a5729ae6af0215dbbec66d204f79942ac5c95b9bc0f00ef2ac9d461cae349

    • SSDEEP

      12288:cFhBop+peGbtWVdLLEBy3vN6AqinzY39yRZewWaqj0:cjBop+S3vNPnzY32ZjWaG

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

cryptonepacker
Score
9/10

behavioral1

discovery
Score
3/10

behavioral2

discovery
Score
3/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
7/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10