General

  • Target

    4e76b3f0c742704f356827c234057334_JaffaCakes118

  • Size

    5.9MB

  • Sample

    241016-xj4a2swdna

  • MD5

    4e76b3f0c742704f356827c234057334

  • SHA1

    501a1334a8201aa188ba8cf8d0f994b60eaaae39

  • SHA256

    e62106ce0ab1993ad6b404a6d856c203191ba320367fbfb5fd988e2e0ce41c7e

  • SHA512

    2f5a19997db1a09479875c8c52ef43514b2eacc517cfadccb3fecd5dc0fc77e1da31ad2c5281da682660caf4d5e368058401fd1d99df1edbb63ffdcdedc789e0

  • SSDEEP

    98304:mOWYHhveAld/IVR9YKI/G2YGBbFvHtji5NUGoCMZomy5fGgAR1LUKBRn9aD70pP6:3XdcVI/G2YGRNji5P/MZ85sReKr9+70Y

Malware Config

Targets

    • Target

      4e76b3f0c742704f356827c234057334_JaffaCakes118

    • Size

      5.9MB

    • MD5

      4e76b3f0c742704f356827c234057334

    • SHA1

      501a1334a8201aa188ba8cf8d0f994b60eaaae39

    • SHA256

      e62106ce0ab1993ad6b404a6d856c203191ba320367fbfb5fd988e2e0ce41c7e

    • SHA512

      2f5a19997db1a09479875c8c52ef43514b2eacc517cfadccb3fecd5dc0fc77e1da31ad2c5281da682660caf4d5e368058401fd1d99df1edbb63ffdcdedc789e0

    • SSDEEP

      98304:mOWYHhveAld/IVR9YKI/G2YGBbFvHtji5NUGoCMZomy5fGgAR1LUKBRn9aD70pP6:3XdcVI/G2YGRNji5P/MZ85sReKr9+70Y

    Score
    7/10
    • Loads dropped DLL

    • Target

      $PLUGINSDIR/$PROGRAMFILES/$(LSTR_40)/tools/UXTheme.exe

    • Size

      122KB

    • MD5

      8a8de6f6e39d0ab2226f0c978d8a035d

    • SHA1

      e9669046f99751fa10165b291867a283c75eb52e

    • SHA256

      af422c53cc1177665dc06823531271efa4152dc1c467641212e03a6476079866

    • SHA512

      bbf270fc77cfc24cdcebc66be74063e18c4f2526262fa18bc9a4fc32447131808e99270b941539322afe8bc47b5616572af990d15101722ae10d0cb7503d3014

    • SSDEEP

      3072:X78vwnEm+1RAkd3deANZ+IxxUGOgk+0go8hEII/IIIa7bi:X7KwEpAJWhcgphEII/IIIp

    Score
    3/10
    • Target

      $PLUGINSDIR/DemoIMG.dll

    • Size

      5KB

    • MD5

      62eaf217f4cc7ea81334c0a0092fe4de

    • SHA1

      308cd496c77cab6309e6c2bbefcf4773de73b96d

    • SHA256

      e41f444fe4e063af0e27375364d821f29afd6f4d1ae85ba3ebfc644ddd9975f2

    • SHA512

      f5d90f9c5666587a984982f3b65808f6acbdc290792a901e61cb6f2f2ba4719f8acb47a735c3089d6c9fa9012fef38709492d754de7f5491980c75a23edd707a

    • SSDEEP

      96:ShK/S2RqG4RftqmnFxgC0xNQxJnGR4HZhNc:SA/9Ju15xgC5xJn55hN

    Score
    7/10
    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      00a0194c20ee912257df53bfe258ee4a

    • SHA1

      d7b4e319bc5119024690dc8230b9cc919b1b86b2

    • SHA256

      dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

    • SHA512

      3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/UIEx.dll

    • Size

      6KB

    • MD5

      ecd24b046df5838936b4ad9860f79c7c

    • SHA1

      f33fa4bdcfcd1a698cd45257e7db30b307989f2d

    • SHA256

      50576ef71d3d07ee1a6651d89395c2441314756ff7dd75063559675a7dae52c6

    • SHA512

      09747d14451e4e9586cc57337b6ccd25c11a6084e1d6a4e61fb9aa695ba5bb3a04430387dfff206acdd78d076b160395f8aeded1e0437cf365830ee457440c7f

    • SSDEEP

      96:XTMpptnDfDbRcHMYE1bKo97GH24HB/VozNa0iQDIKr0XeV/dz6e5:Xon3NcH071e1h6av8h5x6Y

    Score
    3/10
    • Target

      $PLUGINSDIR/newadvsplash.dll

    • Size

      8KB

    • MD5

      9bc6c411efa742a5de7d8372afafa2fa

    • SHA1

      2b57865e87c7ca2db97d0296d8cbe0183df2c2cf

    • SHA256

      0cac914c87d4e73875dea8544391e383f441d624ea5ec9a4864d056db161206c

    • SHA512

      092ef3f13a71a46df0f78a3b5eb4492bee32f1a12be27e0c534638ec7723b2a9aac23391768c352289df6a8988cbc6cf96ea22d8f1983b5ccf609e08d1db4bde

    • SSDEEP

      192:7p/MyET9lrRyFJb9kSw/T6rz91YrLV1hiI:7p/MyET90k7/T6rB1Yk

    Score
    3/10
    • Target

      $PLUGINSDIR/nsLib.dll

    • Size

      5KB

    • MD5

      fce57f99b4600c44ed62539184d9c610

    • SHA1

      f47e2bb1cbe25de317e7d6f575869ad79f4535f2

    • SHA256

      b4e77dd94f0240be9b73eba9a0eb17631826469423305008fd89e687317c2f10

    • SHA512

      60744fd926e5fa174bf7705d1d365934464abdbcbd40d328943d02d955416c37131610708a888f513036688e9e9f1d4cbb018b6cf203c9a0ba9c863e9779060e

    • SSDEEP

      48:KW7wi4ZUFW9oP7j4GaUxWqFZ9hxnuhB3HNdfbiUSFFyFpV0Av9h4agOC+RXCHMI:4Zd9a4Ex/zWdfbpBLV0Alh4Pj

    Score
    3/10
    • Target

      $PROGRAMFILES/$(LSTR_40)/tools/DesktopThemes.exe

    • Size

      136KB

    • MD5

      4b904c2ec04fa7fa3fd20b7fe6ff4661

    • SHA1

      7260568c7a6f3ef051b99baaed1bdd1748445eb3

    • SHA256

      a0ef9e1c7081a57fe28f10b6222afddd833d78c281cc58974bc6d7291129c7e9

    • SHA512

      ced4e75b996d4558d25102975b1a2d4c2a574d55e712a3045c49541d0fa783e66857d5aee5fe20528afdf92ed7b47b4fce651a062502e2987971e31d520f69d9

    • SSDEEP

      3072:A6Zh8Rl+lYkqUiNFHJbOW6DbEI82CVVTAMCB:A63iVOWYbEIhCV5AlB

    Score
    3/10
    • Target

      $PROGRAMFILES/$(LSTR_40)/tools/DesktopWallpaper.exe

    • Size

      624KB

    • MD5

      78ab2ae669d1e3e1836f081bb096be47

    • SHA1

      139a958fef06f4cacfe6ca1a944f8328e9e4a8cd

    • SHA256

      399b459da7e6bd946209b611ca9eba0a93ba258e00d1cfd64c3e865ba48d5d69

    • SHA512

      26018163812db365e5494be33b59abd28fd22f6aed22904dc75acfc0ec279ec6d8d5606d0279f309a4e9c1a372e5cce972bb88a2e71d39da15fd9562d6a3fd34

    • SSDEEP

      6144:feTeM/Ruu4VtPHzDKuf9fHCSWRmv6q67LQXyuIL0wMHMMw5RXP54ndL:DMJ6CufNYqEQ+P54dL

    Score
    3/10
    • Target

      $PROGRAMFILES/$(LSTR_40)/tools/UXTheme.exe

    • Size

      122KB

    • MD5

      8a8de6f6e39d0ab2226f0c978d8a035d

    • SHA1

      e9669046f99751fa10165b291867a283c75eb52e

    • SHA256

      af422c53cc1177665dc06823531271efa4152dc1c467641212e03a6476079866

    • SHA512

      bbf270fc77cfc24cdcebc66be74063e18c4f2526262fa18bc9a4fc32447131808e99270b941539322afe8bc47b5616572af990d15101722ae10d0cb7503d3014

    • SSDEEP

      3072:X78vwnEm+1RAkd3deANZ+IxxUGOgk+0go8hEII/IIIa7bi:X7KwEpAJWhcgphEII/IIIp

    Score
    3/10
    • Target

      $PROGRAMFILES/$(LSTR_40)/tools/haozip_silence.200863.exe

    • Size

      4.0MB

    • MD5

      04571a19aaa2fcaee52b6f9724452caf

    • SHA1

      c582ada80941bb62169eb8e515a3228251b994a7

    • SHA256

      2c02c49adb8ec1994299affb0a5635e78b2a3dd291fa21a7a36f5460d8c91b88

    • SHA512

      e44bd52d3efdac1702a735cdf785a217c7ec19a200c357edec1562c69f029ff98b809f2c1286df29e487be47dcb0e2a2c5823b20eebcc2e48e02a99a81617e87

    • SSDEEP

      98304:hjtcdq3J8kgcrEonhWQ/MJIupvggaLygRvI0T:hjK8J39LnJcFpvIBx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      $PLUGINSDIR/FileInfo.dll

    • Size

      46KB

    • MD5

      25aa25fcec2065cdf81f77d2153a63a7

    • SHA1

      e09b96d596323201ce5586daa16c9b8ecfaa7654

    • SHA256

      ba62fc93cdd027de00af9cbaf31bf102d47fe9f1d74493ebf6faa2f2c9982435

    • SHA512

      5de8b9ca1b38fba4f63756066d10a0312acafe9c051645fd192e500d1cff23a21845cec2d1fb1002ddf7002f9f6ae3962fd6087f3ab793d9630c33e35d6aba64

    • SSDEEP

      768:tAZ9soz3qR9QI6vY+V882mIqfhvsXRi1wOieGtJOQ:uZ9jqR9dP+7hvx1wO4tJOQ

    Score
    3/10
    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      15KB

    • MD5

      828a94a3b9a080f79e84015b55fce227

    • SHA1

      c15c615925bb72531ba32194253eefa49edaa93a

    • SHA256

      1d0a17641f697203fd0c0b9ba0b715436299203c9c1be90c458fe668a1eb68d2

    • SHA512

      c3d41a3f9377a8c18a85eec50a3eb3cf5a4ec8ea4bbffd73992455cb01aaed9f158183bc647684f82c516534266a46ccfcd7c2c0b3e1b73774c3bedc9e80054a

    • SSDEEP

      192:1sIZHdT9uwYX94kYd2iCzHR+yK7imphLAykycpKPd5mT8ozxGUWumle:1sUHd9GN2d2iwl0impATIPdAT8Ov6

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      a82b0479708b96c7bf4dd6b798aedee0

    • SHA1

      7e47b402848a86bdddd5f0de8bb4620471caaab0

    • SHA256

      72410442a894b8316da6ad469f03997ec17c0b0d117745bb6ac5cac3232c7d20

    • SHA512

      02e07def3897d87d546c0cf1492191591be587f64ae5c165b9a91fb977585c65a860135eb8c102b67dede913ea935459ce70c4ca973b292122c8d097ab130d58

    • SSDEEP

      192:hCZej3uzvJwqJMQKN4GbeWZksMI4ETWcEbcBZ8ep2Kra7y6G:hCi2HgN4GbeWmbI4Eybogia7y6

    Score
    3/10
    • Target

      HaoZip.chm

    • Size

      59KB

    • MD5

      dccb22cdbbc56a05786e32105122b821

    • SHA1

      0c1e64eb3a429e26b95ae782fc9752ed082a1279

    • SHA256

      42a76219b3382e58aa713e9b142b8f03daf318580b16b4cae538603d357bdd9b

    • SHA512

      da4c994ca89b189cca41893d16f67e9cd75dbc315a8c9e0421ddadb8ee8f6f28be27788dba9924d551267e091faba176efe758baac6520e294352c871850a29b

    • SSDEEP

      1536:JD41zTCt0J07EIsu8wDB5i9jfKZ+KpcsA+GbldmYxs:kzTCt0J07EIaoB+fJKDAzp0

    Score
    1/10
    • Target

      HaoZip.dll

    • Size

      2.8MB

    • MD5

      311087196830aef1fe6a91395bb159e5

    • SHA1

      01204f57b1fb96a088b3f1727ed7e873fbf4496a

    • SHA256

      774954f0e8382445dc885eac498e4fa524251bb2a09f7ba04d9c980b876a3038

    • SHA512

      f924ee84dffd07ca7f18960dfc1b976377d8ba745c1a88d87caf3aa060d1ed7e0960a850c5161e8c9132210a96ed25727fc65044dcbca4cd08f1954d98f981b4

    • SSDEEP

      49152:sLAXp0kkMqYXofxKKE6oRkJ6h3F1XjzQ2OyOtjwjWI+G29CeynMICgKs7gKsw765:sLAXp0kkMqYXofxKKE6oRO6/BzQ2OyO/

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

discovery
Score
7/10

behavioral2

discovery
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discoveryupx
Score
7/10

behavioral6

discoveryupx
Score
7/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

bootkitdiscoverypersistenceprivilege_escalation
Score
7/10

behavioral22

bootkitdiscoverypersistenceprivilege_escalation
Score
7/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10