General

  • Target

    8512ebf39126afc00e171b784940c5f1_JaffaCakes118

  • Size

    5.8MB

  • Sample

    241102-mwlxes1pg1

  • MD5

    8512ebf39126afc00e171b784940c5f1

  • SHA1

    d79911fb1f18482dfeeb4dbc9ea7c76966255bdc

  • SHA256

    b58ea9bb8dd69dd81aab6c75466487b9f0e23c5f5c473d22bc7bffa5ef9cfbed

  • SHA512

    fa089d7dc4c924e3937aecd9b5afe1a31d6dbc38d4d748d2ec01b2e3b7bf08ee3f2ee7ffe158fc9057cf515773e84eed20e5a97a059e182835c9aa26e85930ce

  • SSDEEP

    98304:giPJkcQ8qcmyKhMT9Ozzq9CUt1XfxSG9YA+Sg2UNct6N4h3hqCaRx69LEg4upOY9:HJ/HqcmbMhAuCUTf9txRUit6QqCa4LP5

Malware Config

Targets

    • Target

      8512ebf39126afc00e171b784940c5f1_JaffaCakes118

    • Size

      5.8MB

    • MD5

      8512ebf39126afc00e171b784940c5f1

    • SHA1

      d79911fb1f18482dfeeb4dbc9ea7c76966255bdc

    • SHA256

      b58ea9bb8dd69dd81aab6c75466487b9f0e23c5f5c473d22bc7bffa5ef9cfbed

    • SHA512

      fa089d7dc4c924e3937aecd9b5afe1a31d6dbc38d4d748d2ec01b2e3b7bf08ee3f2ee7ffe158fc9057cf515773e84eed20e5a97a059e182835c9aa26e85930ce

    • SSDEEP

      98304:giPJkcQ8qcmyKhMT9Ozzq9CUt1XfxSG9YA+Sg2UNct6N4h3hqCaRx69LEg4upOY9:HJ/HqcmbMhAuCUTf9txRUit6QqCa4LP5

    Score
    7/10
    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $APPDATA/pipfactory.mod

    • Size

      65KB

    • MD5

      d04438de49859c75d1ab799eab828c35

    • SHA1

      8c778878a7b3686d7535d2d7acc65910c93ef3f7

    • SHA256

      09e5f0f9c441129dccbe32cedc46c1f6336a8ff7a5b76fc1ac357ff86374b5db

    • SHA512

      c0a39dc638370dae246e5939f7f1b5c9316083c18b0e6a4b70035c6d690107da26867147f78344a469c14431df48149f97d61d4693ce8b557469631b22b25c49

    • SSDEEP

      1536:lNY53EAa7+OlucJD0qTZFgg/HULPO/oZGhcOtUBtIGaxCa:lNY53EAaBLJ0qTPg3P8oZGhcOtUBY1

    Score
    3/10
    • Target

      $PLUGINSDIR/ButtonEvent.dll

    • Size

      4KB

    • MD5

      fad9d09fc0267e8513b8628e767b2604

    • SHA1

      bea76a7621c07b30ed90bedef4d608a5b9e15300

    • SHA256

      5d913c6be9c9e13801acc5d78b11d9f3cd42c1b3b3cad8272eb6e1bfb06730c2

    • SHA512

      b39c5ea8aea0640f5a32a1fc03e8c8382a621c168980b3bc5e2897932878003b2b8ef75b3ad68149c35420d652143e2ef763b6a47d84ec73621017f0273e2805

    Score
    3/10
    • Target

      $PLUGINSDIR/K8NsisExtend.dll

    • Size

      232KB

    • MD5

      c65f6245d1103e97e87ac3108d920d4d

    • SHA1

      c5519d1137d6b94de28f62bba9442b9fd956f340

    • SHA256

      c1ea3139cf606f73bc922fdedfb48624aab787661adf6159f86925a2150b06ca

    • SHA512

      76da042211f2bc1bba233031690018d967efa9ef567ee8b8fd7fc4931f95c9e27209c42d9a56bf0b773374557918816ba1580895a50bbcc2c1e7e15962256b3c

    • SSDEEP

      3072:TFiGaWvlNss4dHseo/vyNl12cqc53TARnQbPZUcYb3G11S9ltJ2KtjnRem1m3:TFikstdc/q312cqmAibacdIESet3

    Score
    3/10
    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      14KB

    • MD5

      254f13dfd61c5b7d2119eb2550491e1d

    • SHA1

      5083f6804ee3475f3698ab9e68611b0128e22fd6

    • SHA256

      fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28

    • SHA512

      fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7

    • SSDEEP

      192:t5ZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRYgsfA:fBo/680dCI5adOjFOg9//p27uNw2bo

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      00a0194c20ee912257df53bfe258ee4a

    • SHA1

      d7b4e319bc5119024690dc8230b9cc919b1b86b2

    • SHA256

      dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

    • SHA512

      3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/locate.dll

    • Size

      17KB

    • MD5

      7d3317f57c1a368480ace3c0ca804eeb

    • SHA1

      d4c7e185bc64aac82339f51ba6c21cf0713c9f1a

    • SHA256

      d88a04c1e39db583eaad727fd390fe599ab10198ee040bfbdd22daefadbd2372

    • SHA512

      5598c2e6caa2f66edd48f8c8305e054d4b0740b5f2b7ed92cf197a13ac66ba99a32013d34b3c2e28d007ab7979eb90a50681324eb736b1410e7df1902e4ec32a

    • SSDEEP

      384:ev/vPBkA6dK8wiLe45naPji7hpx2kRV+qgm:evyvwiNnGji7Xxjc8

    Score
    3/10
    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      ab73c0c2a23f913eabdc4cb24b75cbad

    • SHA1

      6569d2863d54c88dcf57c843fc310f6d9571a41e

    • SHA256

      3d0060c5c9400a487dbefe4ac132dd96b07d3a4ba3badab46a7410a667c93457

    • SHA512

      99d287b5152944f64edc7ce8f3ebcd294699e54a5b42ac7a88e27dff8a68278a5429f4d299802ee7ddbe290f1e3b6a372a5f3bb4ecb1a3c32e384bca3ccdb2b8

    • SSDEEP

      96:EBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4MndY7ndS27gA:E6n+0SAfRE+/8ZYxldqn420

    Score
    3/10
    • Target

      $PLUGINSDIR/nsRandom.dll

    • Size

      21KB

    • MD5

      ab467b8dfaa660a0f0e5b26e28af5735

    • SHA1

      596abd2c31eaff3479edf2069db1c155b59ce74d

    • SHA256

      db267d9920395b4badc48de04df99dfd21d579480d103cae0f48e6578197ff73

    • SHA512

      7d002dc203997b8a4d8ec20c92cd82848e29d746414f4a61265c76d4afb12c05bce826fc63f4d2bd3d527f38506c391855767d864c37584df11b5db9ca008301

    • SSDEEP

      384:LCHDPMs4GdtyO5roguusMxUXiO3wOw95euooP2UgKbd9BvNtf:LCHD6Gh87MKXil/5r2U3z

    Score
    5/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PLUGINSDIR/xml.dll

    • Size

      118KB

    • MD5

      42df1fbaa87567adf2b4050805a1a545

    • SHA1

      b892a6efbb39b7144248e0c0d79e53da474a9373

    • SHA256

      e900fcb9d598643eb0ee3e4005da925e73e70dbaa010edc4473e99ea0638b845

    • SHA512

      4537d408e2f54d07b018907c787da6c7340f909a1789416de33d090055eda8918f338d8571bc3b438dd89e5e03e0ded70c86702666f12adb98523a91cbb1de1d

    • SSDEEP

      1536:U2A8OSGjylgkara+70LICin9zgtg2LxowhtJu6MqSNicNEtIfF42q2KC:OzjLkarn7O+n9z2L6whFtGF42bK

    Score
    3/10
    • Target

      $TEMP/$_53_/K8Skin.dll

    • Size

      376KB

    • MD5

      6f2e568ad29d065ecb9073e0e943158b

    • SHA1

      1d6f747b5abe0ba06eb70a4f93a2dfe046342094

    • SHA256

      2f2f55967767478491d982c07d7197db914a3cf22d57b9ded917c1e9173f8431

    • SHA512

      8cacbf539926f7a7f4be1963ef92fd83facbce7d68f1a2c9cc0554a86b2307486f00b3d678f417746db054654d0c9c1675a9d0633b01817153ca5168a0c7de47

    • SSDEEP

      6144:nImZpwTL5wSOo1tyWdMb23N/JWTPzLf/yOYRVvoB7sHHSwF8irmRtBQaFBbkYmU+:nImvwTL5wSOo1tyWdMb23N/JazLf/yZ1

    Score
    3/10
    • Target

      WoWBox.exe

    • Size

      2.1MB

    • MD5

      4005f6935569c34b39e4faeeccdde17a

    • SHA1

      d7056c7627043f41f401b893f790cdba0c1a99d5

    • SHA256

      4a54a37b88700b28dc2fad3d772df86c5aacdf9a607dda4429a3a90317ddf946

    • SHA512

      fbd1dbd4a9c2669897cf811a3fe69b32496d667c09f821a3a9ac76bd3f00d0a13675a73c650e6ba03adc7da8b98c80db29b118f388c8d100c79f1e402487d1a7

    • SSDEEP

      49152:zinbTv9g5WNfV9XrnOVsAxq20YaErpVS55Id60bO70y37ebp5ZaKb:zibDT9qVseq20YaEVV7csOj37ebUKb

    • Detects Strela Stealer payload

    • Strela family

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      uninst.exe

    • Size

      1.8MB

    • MD5

      0476fe3408086ad9503632c5c3b084f3

    • SHA1

      3d2c4cae38f9faccb05f3b6d1e653661f5397807

    • SHA256

      eabd927f02c19fcce33816f42866f2fef7aa24910bc1b692497585ecc4007611

    • SHA512

      b7bda3fccfc420be4203cfeb7d089f9c2b821e158e59801640af0e35ba24144c36f0db50cc047d937507bd3fb88f1f4270e091b0547a365741dc555280eebb81

    • SSDEEP

      49152:dBewS4SitFdq7kGpM6/cEbTWbf2UIhXdK2WP2nU:P1V9/GN2+ndK1KU

    Score
    7/10
    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PLUGINSDIR/K8NsisExtend.dll

    • Size

      232KB

    • MD5

      c65f6245d1103e97e87ac3108d920d4d

    • SHA1

      c5519d1137d6b94de28f62bba9442b9fd956f340

    • SHA256

      c1ea3139cf606f73bc922fdedfb48624aab787661adf6159f86925a2150b06ca

    • SHA512

      76da042211f2bc1bba233031690018d967efa9ef567ee8b8fd7fc4931f95c9e27209c42d9a56bf0b773374557918816ba1580895a50bbcc2c1e7e15962256b3c

    • SSDEEP

      3072:TFiGaWvlNss4dHseo/vyNl12cqc53TARnQbPZUcYb3G11S9ltJ2KtjnRem1m3:TFikstdc/q312cqmAibacdIESet3

    Score
    3/10
    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      14KB

    • MD5

      254f13dfd61c5b7d2119eb2550491e1d

    • SHA1

      5083f6804ee3475f3698ab9e68611b0128e22fd6

    • SHA256

      fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28

    • SHA512

      fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7

    • SSDEEP

      192:t5ZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRYgsfA:fBo/680dCI5adOjFOg9//p27uNw2bo

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      00a0194c20ee912257df53bfe258ee4a

    • SHA1

      d7b4e319bc5119024690dc8230b9cc919b1b86b2

    • SHA256

      dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

    • SHA512

      3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

upxstrela
Score
10/10

behavioral1

discoveryupx
Score
7/10

behavioral2

discoveryupx
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discoveryupx
Score
5/10

behavioral18

discoveryupx
Score
5/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

streladiscoverystealerupx
Score
10/10

behavioral24

streladiscoverystealerupx
Score
10/10

behavioral25

discoveryupx
Score
7/10

behavioral26

discoveryupx
Score
7/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10