General

  • Target

    81e06de2ff5964474449764dabaa68fd_JaffaCakes118

  • Size

    217KB

  • Sample

    241031-gk4efazlhz

  • MD5

    81e06de2ff5964474449764dabaa68fd

  • SHA1

    9b5f06d2100a8aa51aef76f19618bfebf0f22929

  • SHA256

    ed06883617d0469068e12788a5caf61feb2a6666ee84b962ee838c816c128baa

  • SHA512

    ae954d721ed02d4b53773443f4ad2edcbd94966af73c24a16e8e92e302a45ab2db9a1169371245152660e1ab97b9da139964dc0d8dc08cfc467d2be290161116

  • SSDEEP

    3072:Gk3sx0j6ap8fWrr27J5pa67TSywjCFCw7I5we93t7wzykrjNB7QbYVeVU0hQ7GKA:NuaufWG7JbL7XSSCh93W28xBcyYU0ham

Malware Config

Targets

    • Target

      360.cmd

    • Size

      1KB

    • MD5

      3e54ff9d891714f4caf7911ce6d2ddce

    • SHA1

      e7307a27eca905f1d8be37eed83731b541323707

    • SHA256

      a3d8ffe9c729c41f8c9b276308c5f0be810e7855948e92a14c07e3e3672d9275

    • SHA512

      1763f67d734af6d190416e618cf2be35be336f023f3df25827fbc45609509a49ea908d108fbb599c958f9224fc7749e16350c4d8812ff3be43e4f4fb423c1136

    Score
    4/10
    • Target

      361.cmd

    • Size

      136B

    • MD5

      5966a0cbade2abd0574b0305c47ba660

    • SHA1

      3c3443d8dfe6780e912c788bc0d840128f455619

    • SHA256

      586fceff93a379c2365f736e81fc08b8039b69b1abeba3f1ec2e908ebc344767

    • SHA512

      a966d993bd3009c30636cc1af83df680c00bb09de01a466f6ed1809c8b8f2d6f70b2bf121406dd17e90741c6af5cdaf6df8dab5a69551e8daad795a1437a17ef

    Score
    1/10
    • Target

      36O安全浏览器 3.lnk

    • Size

      817B

    • MD5

      cba9ded752655b763a94ace45bccbe4b

    • SHA1

      219e5cdfa2d62d26542bb8349ce936f00941c835

    • SHA256

      f2560ba5f7dcf44b1a5bfe9f9537da5a5586bace2f394f99d907b96117b5cac8

    • SHA512

      1d887ff15062b754afbc02286a03ee408f6edb3a80dcafb563a63019198d67b50c1b8fa4779f2f1031ea4f7c210c655062b074f66bff89866d38e2b80c8e7923

    Score
    3/10
    • Target

      36O安全浏览器 3.lnk

    • Size

      1KB

    • MD5

      5e0bcc3ae762822e2507e7987562abab

    • SHA1

      7fffa59ff1e1eebd6bc98d1dd9aa0051ba59bb0c

    • SHA256

      7a4a0367330c6854ae126bf784dba8deff541ee269c34e575540b2aa7d7f3367

    • SHA512

      3323e365ad712a3f162d32471615d78f613605cdf37b77391f14d4831b5ae82ad45a2cc3e8548169f447fc81b5f5a09713d2661157511890fc03c665ace01687

    Score
    3/10
    • Target

      Internet Expl0rer.lnk

    • Size

      104B

    • MD5

      b26bdf8dd432f327015e14428a20790a

    • SHA1

      a5db52d58ad5911ee4d54576335c250ccf86083e

    • SHA256

      ff0f9b5b7634cadb7a4d58ccb1fa58c015217b6b890995c9ddc83156c9f8f43a

    • SHA512

      a532c5b0a22e1cb09beab9d1acbe2a972a02d3a7c7782207410fe40f2a38316155dfc8de63be971ec1d69432ecd9033c971a588d65c40a5abb69d3f4792ba8d4

    Score
    3/10
    • Target

      Microsoft/bot.vbs

    • Size

      173B

    • MD5

      260221b2e318b36c446542c9edc50837

    • SHA1

      d1041b615f1b1c513b27a8e9faa03abc7ff45d3f

    • SHA256

      55c1c843af5160b59f214584e252c404d7857c33c8c13b08c9be7474d2f496e5

    • SHA512

      a1c217ff54bf065ad4e1f337a436faf2b17bf20859b282b63f53b7430bac65ee3e0cd8a9b4ac054060095145f61c95bcaa4e5513331c69c8497cdc332322ac56

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      cpa.cmd

    • Size

      98B

    • MD5

      618bc4a33a6281eed70f19717627278d

    • SHA1

      49afacdfc47af8f3560e8436a39b76468688abfd

    • SHA256

      831cd4c3c4f6d4541f2285f49f83c9e25cd187233701cd23a9fe6d5dee9481fb

    • SHA512

      41cca1da068d42132afe2c85d8abb7d8d5cd20f4c7af599717618e704895f83af178e1882a17623e64a2f450cd50cc6a6eb3604a572b8b1a1ea56fcdf35fb5ad

    Score
    1/10
    • Target

      fav/fav.cmd

    • Size

      350B

    • MD5

      bb8f16419df048980760537aa0381047

    • SHA1

      fee995f3780355320925ca8368c7e93500ad1cd1

    • SHA256

      80e3a0ae53a55fa995ebc555e8529f4d566d8f614b0933edbdf9ba2604d778fc

    • SHA512

      9a2082a52cc1f84538002e5c16e5d6384854c129afb935d94122f1dcbf16064c8dbe59784b6332567b846c3dda48e441b2061228fdee9da2e4e552244a5450e0

    Score
    1/10
    • Target

      fav/fav.lnk

    • Size

      585B

    • MD5

      b6df6a7ea663db383620b229faeb3046

    • SHA1

      338beb3ec1b119556dea0d66e6731afc0750e15c

    • SHA256

      fc6ab2ae5370e3ddd5edc10702b8cf7e2cf9d2dc491c2635a7d9709d4bd7f8ca

    • SHA512

      85f7c4e905c4cfe6e1ecd899b0bfe1449ffec7f324ad73da03e76b7b5afd9ea32faaf31dc57515c52c70c78001fae2e4ac5e3ed4272506007f701a959e961556

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      fav/fav.vbs

    • Size

      121B

    • MD5

      1365ef9e2079883d0fc2c07953838bee

    • SHA1

      f01853cce3bd55924bd1c23e1038c5fc50c72a7a

    • SHA256

      c1fbbc4ed104e65c2ca645552d7d3ee550485220828c175fbfb4135ed7373061

    • SHA512

      459912c3ab8edc34eb091cf67110a43b30ae3568982a0b8decbdb274c35cec9b8db294048205040ff22ae315c7f48d9004e9a9d5e995e241a173eec113ef7992

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      fav/淘宝购物.url

    • Size

      189B

    • MD5

      63f72e0adad2913f0616ac0304e07b0c

    • SHA1

      5af6726532b9cf9c17641d43e1d057ffdb33de18

    • SHA256

      bdb784a299056e551ffecf5402e49f99a5ad988c1b6456f03a9450f210775845

    • SHA512

      e6021a009591273b3bea14dde6d0332dbff09ff921f43f10d55c83ba615d3d313d4f32b648c2dfe531b4ca9eda465e6b07b43b02b558252ac56517c3cb0c0b17

    Score
    1/10
    • Target

      fav/网址导航.url

    • Size

      81B

    • MD5

      97c3f90dfc6b49091e3b0ac2f4c5081e

    • SHA1

      1308208ed83e3682e9d2d8e4756c889e8a652cc2

    • SHA256

      9a66e3c8845ef59301b675977c8c7023fa61bd3a051f6c34039eaad62a43af1b

    • SHA512

      ee68548709f725ef3a78d7159261640e6c0503bcc278788e28e1925330741ac11283cfff9ee62716210691b93dbb58eccd249f2235b23eaa1d52e8eb49cc10b1

    Score
    1/10
    • Target

      fav/软件下载.url

    • Size

      83B

    • MD5

      e37d61e59cabe1cb70c4c3621eedb6f2

    • SHA1

      744c090f60fd5c2c95486ce5aa9ca721df94bd23

    • SHA256

      981ef6de8d54f921744ae45bc289616186ac6a1e05ad4fec0471efc768f5dee1

    • SHA512

      2f396e56f238933a6078961bf943037bb0b95251cd65cb86d7bbf46b9b078c9e061ef691a5848eb9aebb6154f5528b7d59a7cfab601646a1c58a82e8cf8004cb

    Score
    1/10
    • Target

      file.vbs

    • Size

      1KB

    • MD5

      2eabf3608e6b54cc84ef24a332affe2d

    • SHA1

      26741323c2bc4e472129ed96d69a445404625791

    • SHA256

      2e96fc0c5041710654f8b73c6b396958c1487b949a92f16d3b2456a9d750dda0

    • SHA512

      d304b1a100dcde47c40a44be7783b05389ff55fd72a3fa321d0e6176fd1cf68ef490c0fe4146747cdc914bd9383b331bedca26ab8736c59795acabac5b903a84

    • Creates new service(s)

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Target

      open.vbs

    • Size

      1002B

    • MD5

      ae2af5c625b42c1e13cf26702cef7697

    • SHA1

      eb0d7783826296ad37858870df932cbedc6d2342

    • SHA256

      a50f01b0305d22c61988cac12af3449c0090f0a6c18ec412e5e8208740759bde

    • SHA512

      55efed57559e803c62373076efdbc7c4006212380ed74dc5b81766bae479e67770c80a3b489061d45d5e652c1adc39436a791d70e5f774df1941d370836c1f5f

    Score
    1/10
    • Target

      runonce.cmd

    • Size

      1KB

    • MD5

      26546387c9729e1596eb8fd59106d300

    • SHA1

      71ebf69d314ff28938a8addc85f66b023f8aeee7

    • SHA256

      baf86a1340c31a317b43fc248813c6fc9ab54c9cca5aef1ce06c1ea74adcddf8

    • SHA512

      fef7f7b7780f473c00fd6b0712664642258e838e377bb23280e3ce01c682e0ef2c259b52daa83429cddce47fff553f518be6631fe627cfbeb1c9172a1f69520c

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
4/10

behavioral2

Score
4/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
7/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
3/10

behavioral18

Score
7/10

behavioral19

Score
3/10

behavioral20

Score
7/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

defense_evasiondiscoveryevasionexecutionpersistenceprivilege_escalation
Score
8/10

behavioral28

defense_evasiondiscoveryevasionexecutionpersistenceprivilege_escalation
Score
8/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

discoveryexecutionpersistence
Score
8/10

behavioral32

discoveryexecutionpersistence
Score
8/10