Overview

overview

7

Static

static

3

11acb9ce13...18.exe

windows7-x64

7

11acb9ce13...18.exe

windows10-2004-x64

7

$PLUGINSDI...ll.exe

windows7-x64

3

$PLUGINSDI...ll.exe

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

AutoShutdown.exe

windows7-x64

3

AutoShutdown.exe

windows10-2004-x64

3

ClonedFileCleaner.exe

windows7-x64

3

ClonedFileCleaner.exe

windows10-2004-x64

3

FilePulverizer.exe

windows7-x64

3

FilePulverizer.exe

windows10-2004-x64

3

GenuineReg...or.exe

windows7-x64

3

GenuineReg...or.exe

windows10-2004-x64

7

StartupManager.exe

windows7-x64

3

StartupManager.exe

windows10-2004-x64

3

SweepHelper.exe

windows7-x64

3

SweepHelper.exe

windows10-2004-x64

3

SystemInformation.exe

windows7-x64

3

SystemInformation.exe

windows10-2004-x64

3

res/info.html

windows7-x64

3

res/info.html

windows10-2004-x64

3

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    11acb9ce13bd536814fe7a00a0f3d119_JaffaCakes118

  • Size

    3.5MB

  • Sample

    241004-d59keasdlm

  • MD5

    11acb9ce13bd536814fe7a00a0f3d119

  • SHA1

    f671d2ba64fe08537ded22a0e27a516509147917

  • SHA256

    1a79f996f0f4f9919814e0bc2fb2a413feb4e75af72ca80c3af0c89f9393f3d0

  • SHA512

    f14542a7a85d5476f09318347745c07a71322426e5cc322a0c2b28ae5cbdaa2539fdc96660266d465b80aa97f46eb3fe27232169d28638eaff2ce24046a95c79

  • SSDEEP

    98304:crzs6YwQbEDxhyu/zUEWfr2PrPR0YHTqwC:crzswQOTQxSPbRfHQ

Score
7/10
defense_evasiondiscoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      11acb9ce13bd536814fe7a00a0f3d119_JaffaCakes118

    • Size

      3.5MB

    • MD5

      11acb9ce13bd536814fe7a00a0f3d119

    • SHA1

      f671d2ba64fe08537ded22a0e27a516509147917

    • SHA256

      1a79f996f0f4f9919814e0bc2fb2a413feb4e75af72ca80c3af0c89f9393f3d0

    • SHA512

      f14542a7a85d5476f09318347745c07a71322426e5cc322a0c2b28ae5cbdaa2539fdc96660266d465b80aa97f46eb3fe27232169d28638eaff2ce24046a95c79

    • SSDEEP

      98304:crzs6YwQbEDxhyu/zUEWfr2PrPR0YHTqwC:crzswQOTQxSPbRfHQ

    Score
    7/10
    defense_evasiondiscoveryprivilege_escalation

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/CheckInstall.exe

    • Size

      1.5MB

    • MD5

      99eae10da4986df6b5e63244468b6e1d

    • SHA1

      84f260486b9a7f80e55b3190a363eccbfbfcd998

    • SHA256

      b7c5e8dc04e178e54cc54c975a0eed217b6972aa7ded5ab365cfd9738e9849d2

    • SHA512

      f658f4ec40009bab4bf5bc2456c4461ff8836dca8b38a652c446cb5bc3cd7fdee2e5d836af6fa6b16bf2541ae8c646630169a8f500f38a1a2151475ee75338b1

    • SSDEEP

      49152:46STbmuBmiyMvsA5IcgDrEgDlq95LPTQ403AYHR:/uB1sA5IcgDrEgDp3AYHR

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      ec48a8204e1aed3d9a951cd92158cbe3

    • SHA1

      0db29522e15448553b697b88b31a3d8392efd933

    • SHA256

      3166399ed2ee296749aa412a4ec70807373b6349e9b94a7fcd97c3418f744f0f

    • SHA512

      9b0ab63fbe4bf89ddf93e5fc6922cc95c0586e21dea945ce04065afd7957bd2472e34c909d356123346f62dee4c6d6077a0072810c91b61ad3df4c168cdb79d5

    • SSDEEP

      384:u6lFg78XxXRKk9u2d58KzdlXj9m2AaCbqsb2+:9lFgmBKSukWmXjs2Avbqs

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      AutoShutdown.exe

    • Size

      2.0MB

    • MD5

      f9fb9d49e400efba023da3bc1f0ef4ca

    • SHA1

      1a871c555209cbb107da14297f2d01c796348d7b

    • SHA256

      26e0adde5bad363f4e7cf39e562328858159655032ede2cc76df8d564a81e7c2

    • SHA512

      d99c427bf95a894e6816f56b5054f6fcfd2569beb72be4d452ae33997f55c7485493181c394ddba01e06c6ea907295d927209d2f6fbc966c6c432f87358c6916

    • SSDEEP

      49152:WGT5M+S/Rv767u5SG6+pYhG1zF/sMC+L2N0uibTG0ki:WD67/G6+pYhG1zF/epN0Oi

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      ClonedFileCleaner.exe

    • Size

      2.3MB

    • MD5

      5930600b2a14cdc21c6f4a2ff72e78a0

    • SHA1

      10b79432d21441d36799e15cea47b190daebb8b4

    • SHA256

      c808c8395dd578f8e40c1d3672c3e9e7e0dfcf49f01d09bce28cb24a3bc8a0f2

    • SHA512

      fc2c5fa7486714af4cb28b8fb298e86e3cc32fad5ea5edadd09f8e3b8129f61117a922f6d2502181e5e67f0e8f54f806b5b90fd7c3b18aac993aa91ae5298df8

    • SSDEEP

      49152:8hcSLm39y6v4Hrep7L1DsCelrm7AHTGgrUMg647pXkT:8kc6v4ip7L1DsCelrmarg6c

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      FilePulverizer.exe

    • Size

      2.0MB

    • MD5

      264dbeb1c42a0d984b9bae6228a624f4

    • SHA1

      bbfe3a78b3f682d625c086aad548afccb58b5f9b

    • SHA256

      5c80007ac70fc6a5d4595531bb4896c75b7c5497311ba113d8727eaabd7dade9

    • SHA512

      6f4753ba9dcbcb158c124378f6ab11f711291ee389736f80e65c3895afdd5960d6977c617369b974f3f01b4dead22ae58603e2364285b81032f6fa4567fd4ecf

    • SSDEEP

      49152:EcRJD8MiSKP0ydLSLY8poj09orA/DTbXX6GCp6IfK5CM+gT0h2VZTA:JySLzoj09orA/DTbXHCvfKKWTA

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      GenuineRegistryDoctor.exe

    • Size

      3.8MB

    • MD5

      2296b43333a06c894583e4ffc44c0f89

    • SHA1

      91a3a364b629b4cb8805b646f28fde8c0cb137bf

    • SHA256

      46510a796467580a805d7e44324f491f7ca9c33900bfdb05e09cf139d2003a13

    • SHA512

      3cb4d08061f2621ed7bab1c893beb989a70c0758a82c0d533330c4b6093427fa5e4a4c56a14280a84551c3705bd44fe0fc023e93c5f053e9256e71df90c82f19

    • SSDEEP

      98304:pScTmANkYB2gnedjJVyPeTRlSeJmTPpwn:pC6eTrbJLn

    Score
    7/10
    defense_evasiondiscoveryprivilege_escalation

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral13behavioral14

    • Target

      StartupManager.exe

    • Size

      2.2MB

    • MD5

      a94eb475286faa1bf9e366400897c4e5

    • SHA1

      debe74de993f905eeaaa3f937c2e28dc208bf892

    • SHA256

      6dbf7075edb3d430eae52aad7617f9818cb0d75119d33c422f314849e0a746e0

    • SHA512

      2b4a73be36912877095185e75e64fb2ff81cbce0afa8eb505aece5b93d54a191062454df786637d4e1ffcdfd4129778baa082546548814897067d18cb9f317ce

    • SSDEEP

      49152:WjJDAK0cIS/5wF8tm+1QWWNUIQJw5p9NpGx6WPaukdHgNt1MTeFL/m:WjiwtmxWWNUIQJw5p9N+6AkdHg7FTm

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      SweepHelper.exe

    • Size

      1.1MB

    • MD5

      0df4bcf778719f94aa11d63414c29dca

    • SHA1

      5fc82e0369044df36e4434414c7f0671db59be89

    • SHA256

      73a98912bdc01cac981b5934f445ebba29f14ac91e5456d7f0b7f4df1f63d13b

    • SHA512

      a7ea85c612ce1b6c9f137b2a303c6e5a9067e8e7fc10203508f0dc30f9bf71164b09e57d2ee40980b993c318361ade28709eda2f4de0271c29eee5377fdb368d

    • SSDEEP

      24576:43wzM9DW5ATuooslnUzEgLqnY52Cjij/jx33r3xKA+MMpw:43wAlTeggLqxpFr8A+Ppw

    Score
    3/10
    discovery
    behavioral17behavioral18

    • Target

      SystemInformation.exe

    • Size

      1.9MB

    • MD5

      34092a12e0c389ba10a108a5e70d306a

    • SHA1

      1c011c9d166fef735d45427986dd8a8373ea519e

    • SHA256

      01ccbc3f7cf6939af51a7eddbc29a4cf47b5360c1c4630065812e7b337b26949

    • SHA512

      432d72178dde2aef4b1c298b36a347f348360bf541a0ae51a824c3e3a34cfd0e8636b2e82e42fb48d3b7a22d03a20210f8c956412119f7e999106c78c8252c7f

    • SSDEEP

      49152:N0tqSds/m8nHq8GOBbuQ5yX16L9u8DNy/zx3CDTLgwf:N68nmOBbuQ5yX16Lszxsbf

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      res/info.html

    • Size

      1KB

    • MD5

      4133ae9746723d5098cc606f1d087d08

    • SHA1

      df0b52ae9b5a6aa9b9b0741173e935bf02a0f699

    • SHA256

      e6f63c573034320ae2c6b0ed9e7d6b3b90ef1229cf471fa672bb54eb331fa8d9

    • SHA512

      c41f10c4c4a683bb4d95e23ec58938becc56a00235d84add760a46f77171c56aa38e52fba5640f0a87c2d1d4787d891415fd700ef08837152afa2c60f4ed0898

    Score
    3/10
    discovery
    behavioral21behavioral22

    • Target

      uninst.exe

    • Size

      60KB

    • MD5

      5491545c71cda05fd53c7fd240d2d7cf

    • SHA1

      bdcbb7ce27afe53ae1c5a0f42436f5127ccbc676

    • SHA256

      b9e94e7c7e9148ff85c6b203d7aec0f055ccf057e269ab8c4911b4fd301c782f

    • SHA512

      1d1d1a3cf4c251af3cf8e45c03960ab00621d393b20c4806c12598f65cc5c342ed1101213bee6d667b1af5e1a0b3a30647aa0bd229b4957d03c1868f48a80eb5

    • SSDEEP

      768:f1cVhpQI2EQK0iPDh84nScF15GYbWjXO3XJaBdvuGrWbZubJzmTP7SmprlWoo9:tQpQ5EP0ijnRTXJkTrWbyxmTP7Hg

    Score
    7/10
    discoverypersistence

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral23behavioral24

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

defense_evasiondiscoveryprivilege_escalation
Score
7/10

behavioral2

defense_evasiondiscoveryprivilege_escalation
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

defense_evasiondiscoveryprivilege_escalation
Score
3/10

behavioral14

defense_evasiondiscoveryprivilege_escalation
Score
7/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discoverypersistence
Score
7/10

behavioral24

discoverypersistence
Score
7/10