General

  • Target

    07cdf0a12c12ca35d3569e1984c3b3ae_JaffaCakes118

  • Size

    5.4MB

  • Sample

    241001-25csfavgmr

  • MD5

    07cdf0a12c12ca35d3569e1984c3b3ae

  • SHA1

    047192f24ae1889f1f8dc13ef139b14f329ef31d

  • SHA256

    6a82e8bb79e7881fd8ebbc82b194dbbf84b0d9d0c7d8f8b21822e942e3fac4a9

  • SHA512

    eb8f1e084f59e0d46f9e3ccd14d732be98c2e423bcda4537d17bcbf143b9d0c6b182ba34638da05dce97a4b10b0986d813fa00bdaaaae36240ace63c89973c9d

  • SSDEEP

    98304:V9CpXHOdkGObTWxiuj8iFLqe7uAho0AqCVTmT/HMOn3PF8XUT9HpZ94byp+4bABX:V90XHgkuYiFbaYyVST7FJT9JZqypO47G

Malware Config

Targets

    • Target

      07cdf0a12c12ca35d3569e1984c3b3ae_JaffaCakes118

    • Size

      5.4MB

    • MD5

      07cdf0a12c12ca35d3569e1984c3b3ae

    • SHA1

      047192f24ae1889f1f8dc13ef139b14f329ef31d

    • SHA256

      6a82e8bb79e7881fd8ebbc82b194dbbf84b0d9d0c7d8f8b21822e942e3fac4a9

    • SHA512

      eb8f1e084f59e0d46f9e3ccd14d732be98c2e423bcda4537d17bcbf143b9d0c6b182ba34638da05dce97a4b10b0986d813fa00bdaaaae36240ace63c89973c9d

    • SSDEEP

      98304:V9CpXHOdkGObTWxiuj8iFLqe7uAho0AqCVTmT/HMOn3PF8XUT9HpZ94byp+4bABX:V90XHgkuYiFbaYyVST7FJT9JZqypO47G

    • Possible privilege escalation attempt

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      68d73a95c628836b67ea5a717d74b38c

    • SHA1

      935372db4a66f9dfd6c938724197787688e141b0

    • SHA256

      21a373c52aaecce52b41aebe6d0224f53760fc3e5c575e821175eee3a1f7f226

    • SHA512

      0e804deab4e647213132add4173c1d2c554c628816f56e21e274a40e185d90254e29c8bfc6fbfdfea2a492d43d23c0bfa4b276252a3f5e1993ab80ff832c4914

    Score
    3/10
    • Target

      $SYSDIR/DirectCOM.dll

    • Size

      23KB

    • MD5

      67db686162f3a0860dba6bb0f1c69c0a

    • SHA1

      70a8a8d1872f6a7f64ac9302cb1600a6d8419a35

    • SHA256

      0a690f1e0cde5fa1908717e065f923051ce72cbeb9081a6a6484f86248092e55

    • SHA512

      dad4503c1edcaa56b2730210a0c5cb73e74106673b11b2b9d27cfed97a3a73cd000b3fc8057d17b16a9fa47e460ba2450093f3a6d26e56d7545150562c2cdb50

    • SSDEEP

      384:Kyn0rDjnaxiOxIL/5BUGvwVfOBbAi3Mukgns3AS1fXjpa1AhlNVzsR4D:Ky0GMOmfoqQx7pCAjX

    Score
    3/10
    • Target

      $SYSDIR/MSINET.OCX

    • Size

      129KB

    • MD5

      90a39346e9b67f132ef133725c487ff6

    • SHA1

      9cd22933f628465c863bed7895d99395acaa5d2a

    • SHA256

      e55627932120be87c7950383a75a5712b0ff2c00b8d18169195ad35bc2502fc2

    • SHA512

      0337817b9194a10b946d7381a84a2aeefd21445986afef1b9ae5a52921e598cdb0d1a576bdf8391f1ebf8be74950883a6f50ad1f61ff08678782c6b05a18adbf

    • SSDEEP

      3072:R5JTZQu4epojdkYv55RCezn/T81B+ySRdL:RLTbP85RCezbwm

    Score
    3/10
    • Target

      $SYSDIR/NTSVC.ocx

    • Size

      33KB

    • MD5

      fae8aafc5af74e012343ab1d6c5abef9

    • SHA1

      fc2608d156fc738d4ef2aab92b6547416e08a8e6

    • SHA256

      0fd183406280b99a292eb78f4a6cbc70f704dd7094ec2c32f30f1769781d6221

    • SHA512

      775a2b3bd47e930bab5615d9633df5e81945405ae778b88da077c971928a568cd3269b9f00138f42be6e6b3a41f8dc34dd31f203924acee06085c10e64a0b6d6

    • SSDEEP

      384:zDYEKIE5M7eSzzKC5JLELfD4bC03PlocplocJl2guK/AWje1CX7sOeBS3OklxRNr:fYta9zRlyM203yPGhV/NNsGllxc5ZH

    Score
    3/10
    • Target

      $SYSDIR/RICHTX32.OCX

    • Size

      207KB

    • MD5

      045a16822822426c305ea7280270a3d6

    • SHA1

      43075b6696bb2d2f298f263971d4d3e48aa4f561

    • SHA256

      318cc48cbcfaba9592956e4298886823cc5f37626c770d6dadbcd224849680c5

    • SHA512

      5a042ff0a05421fb01e0a95a8b62f3ce81f90330daed78f09c7d5d2abcb822a2fe99d00494c3ddd96226287fae51367e264b48b2831a8c080916ce18c0a675fa

    • SSDEEP

      6144:hTr80hTueZXFOTSqP0xqRBTdtmFdCJErRj6/uE:NhzZVOTSqcxqRBKFdF6/uE

    Score
    3/10
    • Target

      $SYSDIR/RegistryHelperLM.ocx

    • Size

      380KB

    • MD5

      42020dbf2b8b9619da866435a5579ca3

    • SHA1

      3c7f9f14377e13183d5a7a08b0d4f397d71d5eea

    • SHA256

      c552b4756823d3b9eb285e998a30955e52c1280eebb9423b90745904faefec5f

    • SHA512

      d0a9c12535d4983ca84ce4273455b41d00d402187ed4d8b399864a995b5e32dac6a1930cee1049a9c1fa941c38285809c10100347687971569fefd63088e0185

    • SSDEEP

      6144:EsIYEbj7mfxqagt8mMbb/gF0FGdMFPwObCp3N/KdLRgNh:EDZj7mfxqagt8mMbb/gF0FGdMFPwObCv

    Score
    3/10
    • Target

      $SYSDIR/SYSINFO.OCX

    • Size

      65KB

    • MD5

      0db04d84b06f760be7a852a8cfc20df2

    • SHA1

      fc5cd0599a43faebf9e7e9179defb79999215286

    • SHA256

      6bd71e7d01b763380809ddd74a78c83e490d71779269ce78bcac19929803bfc2

    • SHA512

      4278974188035c0610255d09dfa99f34ccf49f5172b027238525357b16c91450245125c375fd41715579ca2b39e2c67da14adeea8d8e13fe523f9cdabca36c3f

    • SSDEEP

      768:cY8A1SfHWfFRFndKnT8D04I6kOpWYyfR1qh+tYwn/0CP2wjU5ip+IDr0hGparYf/:c5tHW8Is6kOl6R1qhAYC/fO/hKkYfr7

    Score
    3/10
    • Target

      $SYSDIR/WSHOM.OCX

    • Size

      100KB

    • MD5

      8648a9dbd62ef5f97ed2e4f97e6e430b

    • SHA1

      d88e68e7377d0541fce2c8776ff7c65d8192ba22

    • SHA256

      045ce5e282d90bb199ab4fa472b91f245e4c1591c4cefd10e5e89ee7f4e671aa

    • SHA512

      1896851ca9c9fa33d6f998e3b40994e569867c1b050741a03cf4e5bfd3056e3ca2e47a13500df8a0c147c7f450ccef0f116f753640e866524be8e264ba81be8e

    • SSDEEP

      1536:B8Ub/FQQuDUYyjMJdoJyMgQk3xcbn91U5byrRlftDJi0KUgJ:qUbCSYyAJdsgxw91U5byrRBtDuXJ

    Score
    3/10
    • Target

      $SYSDIR/dhRichClient3.dll

    • Size

      484KB

    • MD5

      6462e7ca07ab27bfe4b48b1f7c8bc91d

    • SHA1

      8600853c3c5effd0325cccc02fe8d2da0c0fc959

    • SHA256

      c369b2740b2b5fa8b94a6863eb1df6c1174dab6303f7b87a79055da00613df90

    • SHA512

      e5c1f535cd71ebe45e9fee12c84c60a9cc2b4ef29eb65d0dafd06d37e2279e1ffcf997e881cd167942166e5f19f089cdf015a50a393a53193cd64c368fbc29da

    • SSDEEP

      6144:BSuJDzCkGkLcTrw9MuWLGoNkAURWormOO8VnP0GTT8UZWLTUw4/beP:BSuJPC2Is0GoYmz8Rc8zELz+

    Score
    5/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $SYSDIR/mscomct2.ocx

    • Size

      632KB

    • MD5

      c1b4af41a0370e4081d59ac99bcc929d

    • SHA1

      c0c55de97f41a24bf50b2d08eb428371bb4a3cce

    • SHA256

      2b7a1f905486736eda8b51add1bc2590c2a6d9d5a9ab7565335d989f39c0eb8e

    • SHA512

      0bb987af80ab3b598f2d3008a6005484d2d4d082958e757aed3fd1cd5cca543f02d7b475e2c030e28e320d327dce4b4009894f51b7ab8f03acf54314d86d38b4

    • SSDEEP

      12288:qxxeCsfuxdH8ZOlK/kV99RWiVwyzgAQk9yjWy6OcjKN7jsUseUbQ/D5v:qxUCwwd7T9fWQgAQkEjyOcjKJsUseuQF

    Score
    3/10
    • Target

      $SYSDIR/mscomctl.ocx

    • Size

      1.0MB

    • MD5

      ecc7d7f0d3446de36045d1d9e964fafe

    • SHA1

      da6b0ec081d628c33b150327f3bd16d3b7fa4729

    • SHA256

      bc58d624ceea02ab086f1cce809c992bf5a7105e88931853317a2f5aa5afd6e4

    • SHA512

      443de697be9886cd97235e6468f3a7f6bf11612711e54dba31431b0d9418672e1434e839ed50cacf28107f692f0c9d9d2f57d90e3a843d81015d459c180db632

    • SSDEEP

      24576:s0LiK1d6dxOehwsj5dC33M/jYVRDSfaF0gg1CVGO7oVtNKG:n6dAehwaY19G1u7+Ln

    Score
    3/10
    • Target

      $SYSDIR/msflxgrd.ocx

    • Size

      238KB

    • MD5

      06ee7bb3c681b9fa8af4280a154ee133

    • SHA1

      479eda4aaa877cdb0e27583c43209eda9a474acb

    • SHA256

      f2a67eb2888d8889c45576c037197c310fbbb00bb79089760508fdb132c690d2

    • SHA512

      c3909b35ca4cdae2e1f947a30874109d44c8b3493ada46a2f05a4d7c3bb420c74e70bfb0ee42a0bbc000f674f94f7efedf20f5c80aec9311210d7b64c7499940

    • SSDEEP

      6144:JMV3LOqB4GvoBOCzYRpHGbBFYe0SwX6ktCfh13cBO:JMzaGKOCzYRANKX6kQB6O

    Score
    3/10
    • Target

      $SYSDIR/scrrun.dll

    • Size

      148KB

    • MD5

      214577b79cf59e2fc9addd9598c0aeb8

    • SHA1

      93156dac6b13223df08c8aba43aec72d25fc54a0

    • SHA256

      ff668b448a1e8c52ea37749f41e883c30d79fcdb5af6bdb571a91c9d2ad69ad6

    • SHA512

      a98aff08a053351168c025a4a01203ef39ba38e099d7642a63fe921928b8009e296c22997f2c8a6fa9edef866e402a26928b6d585e53b7c4d1fb53290d66fef9

    • SSDEEP

      3072:QkVdc6GfdibvjRHd/ObPL9WllFK2xV/guRM8KA8qWCuKJyIEmnBNKV8PmO:nyXsvRd/ObPL9WllFK234u2ZqWCu6XK2

    Score
    3/10
    • Target

      $SYSDIR/sqlite36_engine.dll

    • Size

      302KB

    • MD5

      936f7475b19ae949a73a43c9814b2493

    • SHA1

      2c5392185e2f1c13ee57313827daca06e85dbd5a

    • SHA256

      e558799f6480c2e0b9199cc36006ec23a33b79f84c647279d3a0928aefcf3ae4

    • SHA512

      9b2ece46e3d350f906185e4bc359625e404888d1b78ddfcfc007670b4042a20a18e22b9ed5e99d7764d3d2d160ec658253a8a434189a4f03ffdde67af167604d

    • SSDEEP

      6144:tTh0DxG49GEbRl9lZW3JAWkZp9llDZrU4c0utIL4xp8We24:tT2DI49nl9lZWZABBD1cH8B

    Score
    5/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      AdvisorLetters.exe

    • Size

      57KB

    • MD5

      3fb26c3c25cb7797431dc09f49658ad1

    • SHA1

      503500dafc05c472fdf44ce197fd02a0862b155a

    • SHA256

      932bea834aed08bbea58f83712608341c86f1482c9174ffb78f72f7727200338

    • SHA512

      9245e8880fddef00893220ce4d1be187a1a028eca863ea8ddd456f5d2e0e1ea5057e235d04efad4ba854007870cb87c946de5f615727a40b37780e80b6ab3245

    • SSDEEP

      768:CCQodpIu4n92ifuB2YXqCDGQGvuKpZmmJu2dSLWbCh8045a:LdiCzG/BZBQ2o6CW045a

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

discoveryexploitpersistenceupx
Score
8/10

behavioral2

discoveryexploitpersistenceupx
Score
8/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discoveryupx
Score
5/10

behavioral20

discoveryupx
Score
5/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

discoveryupx
Score
5/10

behavioral30

discoveryupx
Score
5/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10