General

  • Target

    529eff5edd9594d6ca4cb18f765d08b9_JaffaCakes118

  • Size

    12.7MB

  • Sample

    241017-tyepfsvakf

  • MD5

    529eff5edd9594d6ca4cb18f765d08b9

  • SHA1

    d21594fb0a4a1b959807bfe6df0bfa27c9273bdf

  • SHA256

    dde4fa3e7f74545ade6d40517754be781da68c97c0eed870197a3608aee7d237

  • SHA512

    b4b7af50b3abf260568db986241898515c5cf7ac2f8924adca0de5dd636d32daf46c3067e3d34025130a7a48146865fcf4c2cb0f4b82a6288cc5c8145a546c4d

  • SSDEEP

    196608:3bTXvibv6wjqdy5K0VhpX/Ab3MJAqsqFl0LPf0i7duoYmBODxdbaT1oQWG5IAOvI:Py88hhIIsqFO7fx8Wom5TOvZ5+vR

Malware Config

Targets

    • Target

      529eff5edd9594d6ca4cb18f765d08b9_JaffaCakes118

    • Size

      12.7MB

    • MD5

      529eff5edd9594d6ca4cb18f765d08b9

    • SHA1

      d21594fb0a4a1b959807bfe6df0bfa27c9273bdf

    • SHA256

      dde4fa3e7f74545ade6d40517754be781da68c97c0eed870197a3608aee7d237

    • SHA512

      b4b7af50b3abf260568db986241898515c5cf7ac2f8924adca0de5dd636d32daf46c3067e3d34025130a7a48146865fcf4c2cb0f4b82a6288cc5c8145a546c4d

    • SSDEEP

      196608:3bTXvibv6wjqdy5K0VhpX/Ab3MJAqsqFl0LPf0i7duoYmBODxdbaT1oQWG5IAOvI:Py88hhIIsqFO7fx8Wom5TOvZ5+vR

    Score
    3/10
    • Target

      $PLUGINSDIR/InstallHelper.dll

    • Size

      174KB

    • MD5

      dcd3a89169fc65e51c171e0c2d66a9d3

    • SHA1

      954f75de2383d35ac4caf2605dcfa90e33d9378b

    • SHA256

      65d1e569773ba94c6de7ca78852c6eb4b74010b5a83a6744a217da077fa2d64d

    • SHA512

      c994ad098fe9cbc9e4e10a15c0af5cf56f10f1a272d420f21cb1ad58199011623997e3dc539abce39df345706e927c81ee7aca7a7537db0be96cc9e3665ed9b1

    • SSDEEP

      3072:cLEyvW9Z68saB9TMh2sLZwUvB0xw3eqDpezwy6Jzy5jCLIkqH:vyvWSEB9TMhn2UvmOFfy688a

    Score
    3/10
    • Target

      $PLUGINSDIR/NSISAppUpdater.dll

    • Size

      127KB

    • MD5

      bf7c29de2f27d7cbf58040bc86dd2257

    • SHA1

      638469cd0e492e697b9b706cdeddddfef3c685df

    • SHA256

      984cee2806be2b10eeb7517cc41f7bd8821c2417100a859d60a8b6d104e3b3ee

    • SHA512

      eb568994bac0e6d79d7072fb00da0cd0ffd7c4601e274acc99ae10f65db7c7d0237249e42665bf480fb5e4069ef157ec4d35bdcb059ca9f17bf3dcb30c5a1d34

    • SSDEEP

      3072:70xihljCRbmy3T4J7Yiy4RwBgRpsfixoBwc:0ihljWb93T4J7ty4RwB0psf5X

    Score
    3/10
    • Target

      $PLUGINSDIR/NSISCommon.dll

    • Size

      104KB

    • MD5

      829bdcea94557a3484f12b8314b2abbb

    • SHA1

      4f12cc88eee6c9e87ce098dd8008dc73213d09f6

    • SHA256

      a64c6ac63564af764c885f77a75683daeb2a5fbc33719fe7cea1ecf17a87af0e

    • SHA512

      fb31254809063b1cc0c8b5032c1cddf3b6596003db67c49b2642094cd92a98aa8b21a5617f32113dcad0916289f7d0342a0596ab1c99d2e44f0b8abd5083e069

    • SSDEEP

      1536:TPd4AoL+7MQXEO+9lYQg+FG7oTKFIzqF7tOX+nk8ey:TbbUY6uLIzghfnk8ey

    Score
    3/10
    • Target

      $PLUGINSDIR/PluginInstaller.exe

    • Size

      230KB

    • MD5

      327b7c5d9682031afa4beab80796843e

    • SHA1

      5f073baa2a59e20f42a2ee4ad4437b3efa4aee87

    • SHA256

      13700a00965847d118c07265ec374778dc3e1d0b5e29cb1b7fa8f3d9d4e5e8fa

    • SHA512

      3f1b829ccd337295467fa447f0747a0cf36998fac2d7e0336764f9fc8efb2ab152dc190445f459b198208cd2a144246657bef8df6570fbfda9cdd3dfc51cd065

    • SSDEEP

      6144:PEUXy2anjLFQlbYXObUsaNEvd2WRoQZnozcDsV:PEVvjLyl0e5UgpomnzDG

    • Executes dropped EXE

    • Loads dropped DLL

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      $PLUGINSDIR/System.dll

    • Size

      17KB

    • MD5

      71bcfeaf8a113de024644d78cbea7051

    • SHA1

      c3b50391c3fe8968754408c526aa9befa9338295

    • SHA256

      e262f340e6e079f7d4f5bf23453ad004ca5511c2c61ffbfe021415d019cd1933

    • SHA512

      bc9a3ceffad8d8f102629d5879efef915d9c2b08f81e037b530632468fc72a17af4c7712ff2e2f48946ae67986ed4b691d658c45fce160c3868844c85fcc1b03

    • SSDEEP

      384:3JoiO8V2upW7vQjS/wnYPL/p1CyIANje9:3JzO8V2uovQjjp9

    Score
    3/10
    • Target

      $PLUGINSDIR/nsThread.dll

    • Size

      4KB

    • MD5

      3f75e71f7702660a121c8455f3edd24b

    • SHA1

      317141414ea676bfff39c39cfc82958b61ae39fd

    • SHA256

      f841f7b385c1341602a0799607bfd9cc7199d17a1b4e2334a55060d6d6b4b280

    • SHA512

      dfd9d458d187c3e16aa9c2e466d89076ece289c193b72d9954c18eb312fe230230e2710342ae0946aaaed13be6c235b2c6c95856d125e046395f4e384efd90ad

    Score
    7/10
    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $SYSDIR/$SYSDIR/atl100.dll

    • Size

      134KB

    • MD5

      c85670ab64068f8080998aeba6c5019c

    • SHA1

      ef762c375486594f6604f39311d32442156ac8bb

    • SHA256

      87d88235f69c062e5b759f91253abaf7bd055937dd119bd26858237f812d3ded

    • SHA512

      870a27585f72e444fa9a2b46ab53ed420932952be8a3c4ddd0d831d72be0ac1b44992cf757de76d0cd667cd5b6150e9eb96ac2a8e7161a22c7d557946a12e5c6

    • SSDEEP

      3072:ZEi2/YxBFZNAWH6Gk5BsyGfGM8WzkAFoX:0OFZKWaj5BstfbZx8

    Score
    3/10
    • Target

      $SYSDIR/$SYSDIR/msvcp100.dll

    • Size

      411KB

    • MD5

      bc83108b18756547013ed443b8cdb31b

    • SHA1

      79bcaad3714433e01c7f153b05b781f8d7cb318d

    • SHA256

      b2ad109c15eaa92079582787b7772ba0a2f034f7d075907ff87028df0eaea671

    • SHA512

      6e72b2d40e47567b3e506be474dafa7cacd0b53cd2c2d160c3b5384f2f461fc91bb5fdb614a351f628d4e516b3bbdabc2cc6d4cb4710970146d2938a687dd011

    • SSDEEP

      12288:Seb8zxr1aWPaHX7dGP5frhUgiW6QR7t5qv3Ooc8UHkC2e7wx:Seb8Fpa6aHX7dGP5Gv3Ooc8UHkC2ekx

    Score
    3/10
    • Target

      $SYSDIR/$SYSDIR/msvcr100.dll

    • Size

      755KB

    • MD5

      0e37fbfa79d349d672456923ec5fbbe3

    • SHA1

      4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

    • SHA256

      8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

    • SHA512

      2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

    • SSDEEP

      12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z

    Score
    3/10
    • Target

      $_49_/$_49_/Android.dll

    • Size

      7.1MB

    • MD5

      46c2f0217a668888d5dc47c66e1f28d6

    • SHA1

      2314ec0abb2d10b4ff94c86b12b3f3fba87e6d18

    • SHA256

      aff998790a69926ad4858f53f124aff43922894012dc38f4ef4891bf643dffc3

    • SHA512

      90e0ac9276558990cd8f2edda2e1ba7b0a558ace4537869eb71dd36c2c72532408d224b188c66c26c334840fed2a3055726c4895dacfc237a66b4b843cb63f2f

    • SSDEEP

      98304:UIjj/FK4FhGpnX9i9iIlyyGdRkBn9WSqLKCKy5zDOXMHqMC0fO3gFJ:Jj/E+anX0iIlym9WSq2CKPM706J

    Score
    3/10
    • Target

      $_49_/$_49_/AndroidAssistHelper.dll

    • Size

      245KB

    • MD5

      241313878bf15b996fa158829b0742de

    • SHA1

      bf487077287d795e7d47fd10209e18a230dddf87

    • SHA256

      97f1be6c31c7278f1de85481d5b8d86b1c429d135e4209e90b249b0ce0b9f941

    • SHA512

      d0d28217c0db50de5180dd4c4f8d4c6b24a993a91ac6e40fd773cb14e078b2cb9079e53c2d108ca8ce6d4dfbf689e141282cb5b9ae1255913c726b216bcf817d

    • SSDEEP

      6144:vMQvRNrswIvEVXxGpyIXWNx3fNAWaro8JGvdTBE57S:PRjIvEVXg3mNx3fNAWaro8JGvdTC5

    Score
    3/10
    • Target

      $_49_/$_49_/ApkInstallerFrame.exe

    • Size

      418KB

    • MD5

      7810ef73766ffae6b964a9a1d6ab69d3

    • SHA1

      c7e3e205bbae2f518c921b0bc7fdc9abfe15bc86

    • SHA256

      f169662dd4a7549bb83c332169e53afa1b17b61037368126eaa6d5bb714533c4

    • SHA512

      3f3852c76c5e5dd4b7d1ba3768e2b024b157d7e271a112946c2db5403e142d02f5a9070c1063387588ad995ee3c053ac03317907e7082089a3d3682c9d01d6fc

    • SSDEEP

      12288:9Crmv68jNdxylxIIqmj7HvkvpN0v1fB+c:9Cr6OIIqmjwvMNfB+c

    Score
    3/10
    • Target

      $_49_/$_49_/AppAssistant.exe

    • Size

      91KB

    • MD5

      5812f618353c561faba3c0c6a975ca43

    • SHA1

      cf62b40b07f2c20adb2ff4b4ca8ebaa37a5a5dd6

    • SHA256

      11e2aa9b7be5295af5a94b7f32142cbe87bb3b277bada55273cb1fc3718edaf8

    • SHA512

      9dd8ca0ad0403ec13fa3e7359a3381642a43d447989bb5221173a5346077e42f4e82b01bcea191465e1b319d07076ce686eb93a32d6325940796a82bb1e8a723

    • SSDEEP

      1536:LqvAwBEZr6Oqq339U+I47bN3rNJjAOtkbt2YRcJ6i04Ca:W1qeOqq3Rv93JJjAOtEdRAD0/a

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      $_49_/$_49_/AppCore.dll

    • Size

      213KB

    • MD5

      f8ee393f089c85b1b4562b86707d2b8b

    • SHA1

      57feab06dcc5047b4da0f39b2ade1b6845ba3903

    • SHA256

      e18e76b7546ce7d55b9422575f03a1b019a1c047c1a7ca7fcf34efa900f11e2b

    • SHA512

      5e86d71314966ca86a23f41c891a61c71ea3f323a68059b0e7272d5401ad23bcf16cef6674ca38b712629f6e20d81b3d9267b125ee664aaf22a9f65ec4ec3979

    • SSDEEP

      6144:HrKJ5DKYCLSQTxENlMSihBy6a8OBCK35S1:HS5FESQTxENlMSOy6a7Q1

    Score
    3/10
    • Target

      $_49_/$_49_/AppTools.dll

    • Size

      104KB

    • MD5

      d870e95650f7b828bd97d74eebc13dfc

    • SHA1

      340b1169de9629d29d489148759babdda018fe32

    • SHA256

      f9760ec72b89c455eeabb7a0890a5f679c28b0b6b4ea18e31e4737c201dd167c

    • SHA512

      f917d6f66daa87fffb765d031748a9bccfa4d12724414e9c2113521242813dd7cc34092f7cff3e16e13fb8c01b0054ba7b1c855b8ec791e101986fa6f3480fc0

    • SSDEEP

      3072:HxY++cHb3FrpDGfKyTpHkAy1OfsAlzyZs:RphHb1rTyTpHkAy1OfhlB

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

qrlinkupx
Score
7/10

behavioral1

discovery
Score
3/10

behavioral2

discovery
Score
3/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

adwarediscoverystealer
Score
7/10

behavioral10

adwarediscoverystealer
Score
7/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discoveryupx
Score
7/10

behavioral14

discoveryupx
Score
7/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

bootkitdiscoverypersistence
Score
6/10

behavioral28

bootkitdiscoverypersistence
Score
6/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10