General

  • Target

    641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118

  • Size

    15.3MB

  • Sample

    241020-y3bwkszemm

  • MD5

    641ba3b46d3175bb6587c9838cf75eda

  • SHA1

    d352a16c14ee64976cca78ae2e6f5a8daf16dee9

  • SHA256

    b9d6789722f327dcf8d466888aac18c70f693452cb708306937d9d7f09a87fa1

  • SHA512

    e2405525efa3fe9232c0dfbb5ccfdb4efb9910220e3a5c8cca2b177e94f9f859c5cd0d561d44cd3bfd7eef99a4cc13804c54f7dac9f4632a419f042eb8c740a5

  • SSDEEP

    393216:7fk34EjfYob8H+KzpyruFDJgb26WC0jhWli:7BQY48HCuFDJW2fCooi

Malware Config

Targets

    • Target

      641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118

    • Size

      15.3MB

    • MD5

      641ba3b46d3175bb6587c9838cf75eda

    • SHA1

      d352a16c14ee64976cca78ae2e6f5a8daf16dee9

    • SHA256

      b9d6789722f327dcf8d466888aac18c70f693452cb708306937d9d7f09a87fa1

    • SHA512

      e2405525efa3fe9232c0dfbb5ccfdb4efb9910220e3a5c8cca2b177e94f9f859c5cd0d561d44cd3bfd7eef99a4cc13804c54f7dac9f4632a419f042eb8c740a5

    • SSDEEP

      393216:7fk34EjfYob8H+KzpyruFDJgb26WC0jhWli:7BQY48HCuFDJW2fCooi

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      12KB

    • MD5

      1e8f2fefe3ce893b117b26948b8978cb

    • SHA1

      59cfc6c3f5716e91609e54ca80ae8b06c93ef8ab

    • SHA256

      8203ae1589a50e6ff012e5d27bdd4f8ed7506077ca9b052827f5e90aaeb98519

    • SHA512

      b3c36e1aa5d3ee5f482f4175a7d6fe10cf2bf3bd3423ab4266d11c4181cfbc7e3f66a30855034a8ec026a4d5987598f0116e98519b7445d9e5687bcbab2c0e5c

    • SSDEEP

      192:qzixixDOHhG9db9rd+oSVPECMlh3I8tqDyng7hwbbHF1QuCb:qOx0DOHqrdwTY6+ng72bbMum

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      10c44246d99a1c2e5f5e6b52b111a63d

    • SHA1

      0f41da79c3e789f4ae38738e3a5d73c538f8af4f

    • SHA256

      7a24883bdbf08ce90938094b6ab6f09a842af10b18b8ae4d70da2e6b806490b8

    • SHA512

      e5b0fa27cd02a67be5eb9c63646621d3e9ccfada98659c50dee8310a58ce12e1a6a059788b85f0f440067ed7e281a0e1a526b9403993b9000f91a51bfbb50da3

    • SSDEEP

      192:rOSsJI/rqmIDNLU0dq51EgAiNbubv6rLZ:lHQQ0d01Egbq76r

    Score
    3/10
    • Target

      $SYSDIR/98ipcap.bat

    • Size

      294B

    • MD5

      6975aebf0251eab7d7b62a0a571e49a7

    • SHA1

      c87ac5998a765bbb739f4e7a83fec82fc744d083

    • SHA256

      9be09e332fe9335f4045ce53a1df8630caa1a1965b57d0f7a02ae102ba698f4c

    • SHA512

      f8a4b60dee665e54b55d8bb63ce55257bdcfbfbebecb76935b6660fb93aee3e17a4b74dded7475e8b0cac29651bb81cb49093f0cd28411a8d472258f115c2beb

    Score
    4/10
    • Target

      $SYSDIR/msvcp60.dll

    • Size

      404KB

    • MD5

      59a6413fb2cc89fd8651b1d2962fb8b9

    • SHA1

      7e118606f03a591897e014b7693d64e6a86fdbe0

    • SHA256

      fed76003f544525783796a22a07b190a8340874c11b5cf1999196c697d51e154

    • SHA512

      83e7ea9905214081793c2a241b776a29dab58ba6ce279ceb3851347004c4ae99cf33fb77f12c7d7474de32d417686f8ba5624a7bd7cec73f3dcab55adae307b5

    • SSDEEP

      6144:RL9LoZGObfGc6z8TEQGpX+3OoxHkCm1N8Reo:DLmBet4wTpX+3OoxHkCmceo

    Score
    3/10
    • Target

      $SYSDIR/npptools.dll

    • Size

      53KB

    • MD5

      841007a04750a9acb56dd82095300d15

    • SHA1

      58c1e338bc78a54795a844b559b614004e53d3cb

    • SHA256

      a15c409af481494fa8c3d82ec0dc7c67075a706160cc060bec982e40c060d578

    • SHA512

      dcaeae21ffc2479fc595632a93e082396caea1eb6c4093e24c199a5ee3dd09248dfb5fe11ea200034e2be928b2db09218d9d763428294347ccd63f4cad4c06de

    • SSDEEP

      1536:4rCCQcntQk9Dh5jGTs3NlTawNH0QJu1E2RoYH:4OpKDbBawNH0Qo1EsoI

    Score
    3/10
    • Target

      bin/DLmode.dll

    • Size

      24KB

    • MD5

      f3837dd4e015986917afd49ddd7875bc

    • SHA1

      e4e4919e47266a4a37fb03982044e16e7643b58c

    • SHA256

      9bec548c7bd82e2c783e54cbe0f39419a18f52f6bad2b6fb02863b2dae7cd09c

    • SHA512

      9e6d72a88d59abf64c7edf6de04e865b129834567e1527438e288608a9802f7928d1844d3b96ce058b337eee8f62cfaa3b6b3b6e5afa8a6ed3d56405db26e204

    • SSDEEP

      192:hhHjd/sX1qs0wWhradLaj6QalEjef9DCZXmZ:LjlNfhrVslDDCZ

    Score
    3/10
    • Target

      bin/DelEntry.exe

    • Size

      28KB

    • MD5

      5e118e80e9771f0ecd401cc6eb3ecd44

    • SHA1

      a918bb41e339e5f19fa237f00ed55cbdedf60f6a

    • SHA256

      78eafa3f5da69eea96fec9e6aac3c01ef26c42d0a941be0b7408aa52bedb2aa5

    • SHA512

      ecec88498fec0eebadd8a321d0139b8cc2e6a067a9f51f9179777b076bb98c569dac025a2bfaf55a6a93853c44cd370f21cfeaa106f4320db1653bf09924f3f7

    • SSDEEP

      384:o5T7vSqsl2w3jqeK7bAmlTOc6yJWrGruAWoTr:c7vi1jtK76lf4uVoT

    Score
    3/10
    • Target

      bin/Main.exe

    • Size

      156KB

    • MD5

      c0c12a04a00819a056989a9ff95b8857

    • SHA1

      52ea609589508bb4bacce5f70123b4b3aedeb4d6

    • SHA256

      7eb2cfaf72964538ff0c166277345ce51b91f69311acca626e8eec1c550aaf19

    • SHA512

      dcbe0f45c53ee10dd69d8d5dabde66b357d72ecb8bb08e968f62e8a8717625ae58cb5f24d1294d0a77a90e9de77a4a75729a8f3e866ced8068c487e3716d20b9

    • SSDEEP

      768:MC9U7GemlZM4i+x3teby3rQvuviNUwKToNQV6WQs5yGENTLtsY:KiPlcQ2yb6FU7CQUWlotsY

    Score
    3/10
    • Target

      bin/NetKeeper.dat

    • Size

      84KB

    • MD5

      f11792e12c4ffbc7181bf4b8dcaf9a9a

    • SHA1

      dbdf47c39ebae3cd0b333c37474c1403afe86e57

    • SHA256

      64ba93259b857f1db2e6437700d01d5fb8176a0c14a808692a252f8e6ab00b72

    • SHA512

      7e22f1fda1d489210cd9f0c6e05e596fd66c4384c5ae27a63d71a9c8563599527623d33603b3e0be2a3756be3afd5372bbea9b834a454ad570db59ce423bbb1e

    • SSDEEP

      1536:F6XrlgON4gNOR8sdkJI6Z5NLaqY6Dv50zM36XRcLPKxUfVGENOqKlxThZQ92T:F6bJlcRlkJIU5cIv5V6XwPKxIgENOqQ5

    Score
    3/10
    • Target

      bin/NetKeeper.exe

    • Size

      430KB

    • MD5

      1e427f695e7bbd16d97592964e5fcd3f

    • SHA1

      6f940546cbc74e00b8428579e3ae911f95e04241

    • SHA256

      9a6740315aeaf9e7f5b3fa3b036fca73e1c4e1b895d3dde7a47ef5148116b418

    • SHA512

      80b4b7cd1d2dde0c0ed7921bdbc6033473b51fda7ea86cf0d70d2d2822e15e70626b2107bf88b214417189e8e6869811fa9de47247042c2a5641de5317e33246

    • SSDEEP

      12288:gmPrOHX2cB96w/wV2IeuNDmfwKFUp3LQ8JVEhqmS8E/GLOvXr9+QMU:HPkGCABBeSi5FGX/sS8Gdr9HMU

    Score
    3/10
    • Target

      bin/Updatemode.dll

    • Size

      36KB

    • MD5

      316e8ba769e6774a0e17078586ad3077

    • SHA1

      02ba8c4676621cdbd31e35ef3c51b3cbdc6c7653

    • SHA256

      f5462eb7d7f2758bfa55ebba8f2bf3fa01194f03a16c0e9dd5a84ed33116e746

    • SHA512

      cbff041d038ed14c83038a4a7ff9ef013d0822ed0d2666e6928d9957ee211ee358219a4f556643f8278b7b3ecef22ef68afc76d78e0e1926913a9143a66f62dc

    • SSDEEP

      768:T6QjSSzMfy/cJjcIgMEPQ50U3kNGq2zy:WsS9fkM4IgMao0GkB2zy

    Score
    3/10
    • Target

      bin/bindconfirm.dat

    • Size

      19KB

    • MD5

      91109a93bd4722564a0097c28f0013b9

    • SHA1

      eca5c0c2336fb4bc935698385d28d37914edd48f

    • SHA256

      80187c2560d0a9392aac2a373dfcb58594291f47af8155907a5f7a9468f25b8f

    • SHA512

      83442d22e94b8adf76fdbf1106e3784d122d225c77ab9614751974af7db31651c7fd2661c2410c6c8ed321775eddbaf85afb4dae80d78f98be061de881afd3ee

    • SSDEEP

      384:YnXA4ZJazS1yARaaalJkGrFbBsua5Sl8zx+m2D1d7fn:YQ4moYJXrFnaC8EmE7fn

    Score
    3/10
    • Target

      bin/bmpres.dll

    • Size

      408KB

    • MD5

      e29c65666b3f9aa4062ebc7d5359f987

    • SHA1

      d05afc499f258d3a6486ba269cef5f506d1d0a0e

    • SHA256

      a47657ac7a513f3b5ed73f621eadf91c809c8ef09a7a512aff2b60b60f96df57

    • SHA512

      3bbfcad64da8cb5018df1da06d2a3b028b43f73cdc9ae9ff62f101b4fe1cda208383362ed86a1fdc610838714a8bff4b79090717fd1dbb303fb35305c2d24765

    • SSDEEP

      1536:WLX1nyIU7wUGaWRY18aLe1Ibg9teHZgzZwnnnn/nnYnny9ngnnnnnnJppPyhnMzs:W8IU7wpaRej1IRMZMEyYXyBM

    Score
    1/10
    • Target

      bin/detector.dll

    • Size

      64KB

    • MD5

      c813d9122513e3861e95c31b04e8e591

    • SHA1

      0589d3aaf73adf54a6823ccb7a0d0f74e822236b

    • SHA256

      156c7d9fff74e27007ebb62792e509051288dd172643c64b864e2f8531fdd68c

    • SHA512

      bd39ee73c3ff82c0891dbbc65e80607e2f7682162ced846fd974862c1d001f526166da424ebedad4d5e0a7c51fe504ab38b9e8a44292f6301a8e9a4e1ef6ca69

    • SSDEEP

      768:leA3j6pRRGwUETrZVzWVUTFHRe+JyKuqrxFmFNR6orP/6LZoi28xpK:IAAXWGTFHtTuqrxIFNR1P+oi2F

    Score
    3/10
    • Target

      bin/doload.dll

    • Size

      32KB

    • MD5

      9f32dd908a04a45dc26cb8c3eb2e9580

    • SHA1

      5e90fa8254c5b39b020bfff901019264b3fc1ec8

    • SHA256

      38878278f4914b955c135497c0b285130ce9e641434d1e70e8422ef247406dd8

    • SHA512

      9902f7fdde30f9b96cd7f8ab94c726eb99fea0cde34844363b356128ef6c7f8e9188b7304cfbdff57ba59d227a9eee18ea203f669eba86b794fb68c39df99e41

    • SSDEEP

      384:AY/vyBERB/0YsrYFntJDiI0l5PVk+5Es8tn8OtAomxXx:AYnME0YM4nnS5e+5dPXx

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

strela
Score
10/10

behavioral1

discoverypersistence
Score
7/10

behavioral2

discoverypersistence
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

Score
4/10

behavioral8

Score
4/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

Score
1/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10