09d49caa0da84f08aa2875a3046ea4d39241e1b6c077cca38104cc51083ad645 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1015cc81ada70871cc091071bfe3b070_JaffaCakes118
Size

75KB
Sample

241003-w8jghazgkl
MD5

1015cc81ada70871cc091071bfe3b070
SHA1

26e7243b059709846ea282734d8edc6d678a2b54
SHA256

09d49caa0da84f08aa2875a3046ea4d39241e1b6c077cca38104cc51083ad645
SHA512

e99e0d0a0af365a97ec313be87076809ccb93826fd7cd7e517198231ff564ea9e14b6b2bba886712a5bd68eea03ae51716768677ae711b169f05137adce5dc25
SSDEEP

1536:R739KTTrJq6UXR9PKAhNkEb4bHLwCLKB1QqJK+sQ:R739KFoPKakEb4NKB1LK5Q

Score

7^/10

defense_evasion discovery upx

Malware Config

Targets

- Target
  
  1015cc81ada70871cc091071bfe3b070_JaffaCakes118
- Size
  
  75KB
- MD5
  
  1015cc81ada70871cc091071bfe3b070
- SHA1
  
  26e7243b059709846ea282734d8edc6d678a2b54
- SHA256
  
  09d49caa0da84f08aa2875a3046ea4d39241e1b6c077cca38104cc51083ad645
- SHA512
  
  e99e0d0a0af365a97ec313be87076809ccb93826fd7cd7e517198231ff564ea9e14b6b2bba886712a5bd68eea03ae51716768677ae711b169f05137adce5dc25
- SSDEEP
  
  1536:R739KTTrJq6UXR9PKAhNkEb4bHLwCLKB1QqJK+sQ:R739KFoPKakEb4NKB1LK5Q
Score

7^/10

defense_evasion discovery upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  99bc22826a0568dce241be3a4ffd0c0d
- SHA1
  
  62e4662250abdf10d23a61076fd7cbd00a5c5b6f
- SHA256
  
  120e4fac0538b7e7b75934706668063a4e7785d0405dca43fde36d55f6d968de
- SHA512
  
  35b016b6e2dc850e5432becd57f35faf73b180c0a6f822a406cf9d5439a87126c41c49aac025cdeecd38bbd01705ddbd8c217cb33134e978ecc9624053b52be9
- SSDEEP
  
  384:sKlm7i+c3QW6ckPhyDEaLnr2bbBBIXwZ:5qi8BcyhEhLCbbTI
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/Loader.dll
- Size
  
  7KB
- MD5
  
  7a648ba85fc5a27f283fe0128ebc9d9e
- SHA1
  
  ac058a5459cd89c9efef284b8be669cbaa7fb6e2
- SHA256
  
  5d1082a75f602d636d6fd430a40b9dc238f790aea85a5620ff6cec59456ead27
- SHA512
  
  81035fcab064dc04d1a27b76e1e92a006b90413706414ef52ca8b2b80118a0c83f52f3194f176632bf5697bed4681b639497ec61ef2065cb989973eb30107c85
- SSDEEP
  
  96:qYXfjbbbbbbbbb+bbbbbbbbbbjbbbbbbbbbb2jrJAbsdoZbbbbbbbbb7hbbbbbbH:qWj7dcAACWKy+3ioXdKF1
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  digikeygen.exe
- Size
  
  13KB
- MD5
  
  e8d4ba868d11903ad49f2d74adc7edac
- SHA1
  
  278d8f57663bc5e9ad89a109a239d587dc626c3d
- SHA256
  
  ffc68989a8d40f76a764afde0d72b61d96bdccd04094925000404adf18333d98
- SHA512
  
  f3a68602e796fdf303c3f86d5eb7681fb81c26ccd7e9aa59fb2f8d71de34ee35b8336728b20da75fff4954e12f40f79a82245f67a0160df37d1aa2038cdc89fc
- SSDEEP
  
  384:qvwl/o7oSvckB/Y5DkGQ+YTjC8ILCS9YfSvp/Y:5do7oSk6/KkmYTm8I2S9Yavp/Y
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  helper.exe
- Size
  
  20KB
- MD5
  
  b6668d53a64178743380744e54dde671
- SHA1
  
  855680d12f04702a2ae5c1f41c1d72f1c2a67cf7
- SHA256
  
  934605f4eb02fa990247de29cd1d4d7dee022346241988bd3dcdd7db2076327f
- SHA512
  
  57de013bffe644e8148f0b7337170f1d179e879b22758517a180707d7ef7a217fe729b9dde4c2fa0bd3836e49fa6de68af70d38edc26e400de0704c13e573b6b
- SSDEEP
  
  384:3WKOv936ghsEn7z+SOhoDwWsJ1GQbrLuLMoF6pcxn72CBQDjM2r60cpWalYLY:Gh36ghsEnP+xmFsJ1BbPaIWyfvLW0cpV
Score

7^/10

defense_evasion discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral10 behavioral9
- Target
  
  uninst.exe
- Size
  
  27KB
- MD5
  
  c8e26c101921a9782623034289b47a89
- SHA1
  
  83f09c23e7fa4a3891a395d396b61a92923e2e8f
- SHA256
  
  279d319818f3b56b602775f36877b6c9653e20185a4fc56b0ba1a032565161ee
- SHA512
  
  75ea087be652acb398bd9c0e1a4a81d75ea40d4b388860955da8dff34e538a9b0c1730727fb9cca4168f9123c5988292ffd1c80d74b325af61e4bcc628ed5375
- SSDEEP
  
  384:gGXTc8s95UMnQwzQbDOCpW27U6d0V4vkQQeCo4iu5uvwl/o7oSvckj4b0l8MJy3R:gGXTc2MQN97d0K4p1do7oSkjQ7y3R
Score

7^/10

discovery upx
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryupx

behavioral2

defense_evasiondiscoveryupx

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

defense_evasiondiscovery

behavioral10

defense_evasiondiscovery

behavioral11

behavioral12