General

  • Target

    c3144d382493aea88be358201c376eed_JaffaCakes118

  • Size

    16.4MB

  • Sample

    241204-scm82aynhz

  • MD5

    c3144d382493aea88be358201c376eed

  • SHA1

    97bf18bef832f6c96112e8d493548bf6d2e4f772

  • SHA256

    f54afa4c7992b64a9a4dc666df50843ce749ded9ffa081e559154d7b2e8735cf

  • SHA512

    ad4705962c5da71c2a5903dbcf4aa3ea98029f84aef5499beb6657b19a131d216916e5e554f4e2c5d857df60d8c6dd7d80c5edbee96eba9afff58d65924bc3be

  • SSDEEP

    196608:NrbTQdQvoRsQgbXXfU8smaTvo/kJg7jtAkwgXImu6R+o8JEtdy+m:BVo4nsZma0cJah9wgXIb6RL8n+m

Malware Config

Targets

    • Target

      Readme-˵.html

    • Size

      2KB

    • MD5

      1a8bbc500c051a7c3548643ceff1e9d8

    • SHA1

      4809a35f50d25818a8ffbb295d45399a65dd2acd

    • SHA256

      733208a0d818e837762ae667c2d8ef0de8ecb5552c1f16561862a7bd2fc3ddb2

    • SHA512

      e0f699dbf1c4893b9a09dbf3b0a0caefdd508d160ab6655dbce3b56f5ded0d1ee57f75e352890bcb982790f7c5b30e57fb2a5bbc1c0c7de4ecc3970bd31af61e

    Score
    3/10
    • Target

      dzh2/DZHOrder.exe

    • Size

      36KB

    • MD5

      c7314828b759c309b07da4fee425fd35

    • SHA1

      c59d3c4a6b29a1a6be404e6e7e0e993cfa6e77c5

    • SHA256

      fd0002a4fe54b3f22d8c0054121bfb3fd3ef29b4fcef32bae1338771c02075d5

    • SHA512

      ec63d4311aea2b59b4fe74f71929cf7bf0d8e472d2841411d8000e6c2853821e5f3b278a5bcea1f9b3a4499c7f7b3d5a40e5e41537a9b5220e86d0a4da36bcbe

    • SSDEEP

      384:/WVXMX1ETZCxfr0PtajLTDqLW9Yi8yRcrF6oZb:kXM+Tg3hn8ECF6o

    Score
    3/10
    • Target

      dzh2/DZH_StockBrowser.dll

    • Size

      6.5MB

    • MD5

      3cce1258016d1185752dc61b3570ec2c

    • SHA1

      5ef32a59953ba84d5088a268aac14fa7fae775ee

    • SHA256

      cc6bcab5132f9577ac7e4a0f98d726b106d009fd8b6aa6fef3efeee0d96e6c41

    • SHA512

      a9514d38c50365c4a8f143c64541836773553fa3b8f626e6513bf7c01fe3a31d1a7e9902a43b21adc0bd505d5f3912b6ccc19c2457c020cbfaf538cb817cae18

    • SSDEEP

      98304:kwkKjbzuzn4IkFQ3FRBoN9M6OSi1umxftNZeEG6P+QrRoN8gDZngNHAkMUQu0lBL:lkeO4ZY7oN9M6Z/mdZRUlUy

    Score
    3/10
    • Target

      dzh2/GdiPlus.dll

    • Size

      1.6MB

    • MD5

      3317698f2090dd811f0aa93190e13c82

    • SHA1

      c38988e544df349bcfe4b51cb383ab206e2fc06b

    • SHA256

      830915b87cbc95217f58b8b499f73b618607c0164e0aa1217722eae18c1fb321

    • SHA512

      12e6ebfba3a9639ebc83056f20c8d4307104d7198736e52236e94fd10edbb4bd9de9d29bbff630279c3a770c3f0c158497ac8e32798505709c50bf3c7df8b2ae

    • SSDEEP

      24576:TSWwWpX3g7mgl074FUSIgi3g4bMG0x15IMQMLklslaswMeEd5DoQbcnO5c/KjO:ThwltF7C3/ouMvoslp3onL

    Score
    3/10
    • Target

      dzh2/NetUnit.dll

    • Size

      1.3MB

    • MD5

      09fbaf89b067a0738445b0c97aa5da41

    • SHA1

      1f6e738950108a20f7f46df19af951db6c705d90

    • SHA256

      7982741340fb6a3a6c67fddde527c04263b263ef71fb0bebd9b83523331c2705

    • SHA512

      a46817345d3d793ec0398ba4524f0382d21588d4ce443324b341785adf7e595cd1e7a6bf787fa42b725b8285b757aa0410163e825a1998ac35ff7b6b8c08a69c

    • SSDEEP

      24576:KgA83jdKWtrJbX6mMd0xtZob2RuuWoj78yTYkhDffQSjp+ZHtCVe3F1qM3C+YLTV:KWZKebX6mMd0xtZob2ikdftpQCVeDC+2

    Score
    3/10
    • Target

      dzh2/dzh2.exe

    • Size

      6.3MB

    • MD5

      572c514a66b98cb9924805033a1b319f

    • SHA1

      d2bd86062b139c976f1f678e8139c3c63151c5c2

    • SHA256

      7f33cb06d04e76a82f2edde912b3e2d8c8938f8506d9654acb38fccb22fb4405

    • SHA512

      8680f061ecf019aaa6bb4e48e1e5ed79572dff885c3149a03cd1c0ab2d77143d9f2aa122738cfa4612123d1cf44acf73b0e3ab24a06f0a2dd4ddbf965ef12d57

    • SSDEEP

      196608:6j+zcq7bjPpBq+67YkLx0Lq92loGaSWneJyeO2g9b/Vl1:6j+4q7bjPpBq5Y5LQGNY

    Score
    3/10
    • Target

      dzh2/dzh2sj.exe

    • Size

      381KB

    • MD5

      5cb66a68cb6ce2277145e0d5857b1a31

    • SHA1

      1c3eab790908cc2eaefcc73b568a1e78345e0d19

    • SHA256

      e068773930f70fab7d844f8d6514ec3d6a6705b2d551eaecc90821d0e93f7509

    • SHA512

      6bb21c7e7b1038120dec0eee766be2d565be8c9286297f35fa4bf8e54273d4473f05431f79c229ba24277d280e46359d01f9ccd4f518cce7eb93e20c9055d173

    • SSDEEP

      6144:HbZTXfxGBYaAr2FlbY+T4GKVX7BhLf6VMjaFRhbiD/pgrq40l:NTXfxGBYa6s8fGeLnLftarDT6

    Score
    3/10
    • Target

      dzh2/dzhdown.dll

    • Size

      156KB

    • MD5

      b6e20b992666a213b52c395b29476efa

    • SHA1

      00185d1748185e5f4f85e7090299d047a9006654

    • SHA256

      b647b6bc058998977f9222521b0ceb87adce9ffea581cf50381e2c2e0e9ed14b

    • SHA512

      314504e24e7d172a3a04605f91e2d887ddd9db0414df78a3016f2dc15560234dbdff8fddb06f3ffd083bfd6e83e9ba0fe8471a20f94794bc37454f46cf2b7930

    • SSDEEP

      3072:s9gm7H8is9VDUbaMa7adKUNLkCmu26bphGNV+5rqHFZfewd3M+2cD0HBeBYE47Oi:s5H3s/UbqgxNI69hGSklgwihhXEGOuw

    Score
    3/10
    • Target

      dzh2/dzhupdate.exe

    • Size

      192KB

    • MD5

      414cb9b2a47d435891879b0c9e19bb3a

    • SHA1

      162af577707de1e8a3984e4ccf00960687ce8c37

    • SHA256

      b629e10efffefb64615a740b3185046e55208a09877bd2c83e1298aa33e2baf7

    • SHA512

      ae1362f5fac4df066c950027bae6c9168da1eb3d62f8b44e7f3f31526b0cb4cecd010fb0df3bb6a287df3850e7c8190f2d93aa6ce2055d74702bf76f8e4e5542

    • SSDEEP

      3072:9JWXgVyynp5J6WUUf3zaByViu/deoAw/eLB:mML5U5y

    Score
    3/10
    • Target

      dzh2/fullpush.dll

    • Size

      1.6MB

    • MD5

      09c5735d023867d54d3a3a6d24109656

    • SHA1

      ca338f26781a7d46f62d08bd9cb4920e9dc0d37a

    • SHA256

      f8d52aef78603fb603e4fc762e5603a776a1353a79d7ccf9ad47faf40235e0ac

    • SHA512

      55f8b781f9d028fdae670a8f50027c58a154b85a7df593e3ad2e3dff2afa120e64d2c944a4791016a6088f2965253452036f66f274ae5e3deeed74aefdb10087

    • SSDEEP

      24576:TznkfANYNiY/Ek1weoY/KKwibe9Oo9c7eq0O/xHdj4qghmbqlbeGJ8n/zVOdi+rF:fkovhwWlberodi+k3JfPpGH

    Score
    3/10
    • Target

      dzh2/hypdown.dll

    • Size

      152KB

    • MD5

      bdfdb69ec2ccad97c2ed1fd71fa10cef

    • SHA1

      b56ae9066c5cd8cc2ed1d1493b891a53cbbe13ce

    • SHA256

      231e5f291e1804ae8e1954db785714e07a428f39be63895d68a3c14dfb964f9f

    • SHA512

      cd44c54c9b2c0ae3e2dd07922af19554cf5d5db568ec9456674e913b0e8e67fefa2db21d3cd153b8af2d79d021fd0e4f4d070efb7170ba4e239fb5f0d339bbe2

    • SSDEEP

      3072:KrVkvcm97mtAOw8i8vHGktbEydTQhUngtaNeHgNO6K9ep4rkddK/G0eAOw7Rqdcj:KrUcm8TogH3dTQh/RmvHODJea7Qdc

    Score
    3/10
    • Target

      dzh2/mfc100.dll

    • Size

      4.1MB

    • MD5

      07bccdcc337d393d7db0b2f8fe200b3f

    • SHA1

      5a02b227cb0a22a8e7884cd138c3e8568d083d94

    • SHA256

      bf38dda13b938b49a4df72b6477342373ee6e151be12c25cb0c17662fcb4bcd4

    • SHA512

      e5637727a549cf7b88f13474097a71200f0dfa511ecd55c5a42e5f53e9f86ce8b7ce763448830fd073e232876f7537bad96f2ced8d3159558778460264d07639

    • SSDEEP

      98304:BZP0PvxMJfTcXPSo0akd+BPSLC4IEy+XNy136jCfsqLhDIJJGN8mFLOAkGkzdnEe:BZP2iIE80qLrHFLOyomFHKnPAG

    Score
    3/10
    • Target

      dzh2/msvcp100.dll

    • Size

      411KB

    • MD5

      03e9314004f504a14a61c3d364b62f66

    • SHA1

      0aa3caac24fdf9d9d4c618e2bbf0a063036cd55d

    • SHA256

      a3ba6421991241bea9c8334b62c3088f8f131ab906c3cc52113945d05016a35f

    • SHA512

      2fcff4439d2759d93c57d49b24f28ae89b7698e284e76ac65fe2b50bdefc23a8cc3c83891d671de4e4c0f036cef810856de79ac2b028aa89a895bf35abff8c8d

    • SSDEEP

      12288:iHEqYsrMWIqz473PTiPoH/aGhUgiW6QR7t5qv3Ooc8UHkC2eKq87:iH9YsIWIW4rPTiPofaDv3Ooc8UHkC2e8

    Score
    3/10
    • Target

      dzh2/msvcr100.dll

    • Size

      752KB

    • MD5

      67ec459e42d3081dd8fd34356f7cafc1

    • SHA1

      1738050616169d5b17b5adac3ff0370b8c642734

    • SHA256

      1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067

    • SHA512

      9ed1c106df217e0b4e4fbd1f4275486ceba1d8a225d6c7e47b854b0b5e6158135b81be926f51db0ad5c624f9bd1d09282332cf064680dc9f7d287073b9686d33

    • SSDEEP

      12288:fQmCy3NeRjkpQmj3oaMtQqjoygfXq3kon9IlbgaOxQdVJJ6j5EBKX8hR5:ImCy3VQs9MtLjTgfa3kon9FaOdEz5

    Score
    3/10
    • Target

      dzh2/msxml6.msi

    • Size

      1.5MB

    • MD5

      e006184dc51b2bb06e8aa8d2827a5c44

    • SHA1

      d33a1c7d6f3920880859679033de2edc8a842a7d

    • SHA256

      847d1f98de1961c098b5094638b68a43348d7e4a66893eb9f1c34318fdd99c0b

    • SHA512

      9db6df23899bdf2679196ce6e0a9bf89d9e4fe3e6cebb94cbe1bdebcc3e6ba6b5dbf8c73b761a95cfaf145da8ca7398d316b91f11eadcfeefa041074364d8983

    • SSDEEP

      24576:vH4ygTQiXNnvLEICy3oleKX5IflPIU+gf+8lZpyIiE:vH4oSNzEeCpMIxgfnpzx

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Target

      dzh2/reg.bat

    • Size

      35B

    • MD5

      35c9cce1c163f3e903ba97aabd461ef8

    • SHA1

      657da55aa16dd47d08686b5c49853d9bbd182142

    • SHA256

      75786fd26fd9c4af1461e1aa7f56255be3ecab53960785461c85aead0c2e2c4d

    • SHA512

      833f0c22ab2fd2267e70194b66a6ee4c61c093d2cc62edfd9de01baee4881e4e0521b20171d24c2762423ce12fe2a997885aa1d114233810f5a7c708b1b40520

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

aspackv2
Score
7/10

behavioral1

discovery
Score
3/10

behavioral2

discovery
Score
3/10

behavioral3

Score
1/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

discoverypersistenceprivilege_escalation
Score
6/10

behavioral30

discoverypersistenceprivilege_escalation
Score
6/10

behavioral31

Score
1/10

behavioral32

Score
1/10