General

  • Target

    c35b3b6eaccc5e4912c1555080dc76cb_JaffaCakes118

  • Size

    14.1MB

  • Sample

    241204-trlt7awmdk

  • MD5

    c35b3b6eaccc5e4912c1555080dc76cb

  • SHA1

    c1a2b32895b0d7ea25927d350e87bc6537d7685e

  • SHA256

    c79f2f6cd70358a2df2382bcb191aa6f22ba0d17d547e1e2c4350d0546c9be24

  • SHA512

    2b1c031915ab714a2bfa8d6e1c6e28fd35ca6650e776ce585d5196261bbb5347994f48009cf39f2cde48dd7cbd2b8baf90d530ec52da5ae51251e422789baf64

  • SSDEEP

    393216:2vxV/QEoCv8ESxOmi6XmaGnPTOna6mefoehwnDBBDO:uV/QEbAX4rOna3myvD

Malware Config

Targets

    • Target

      c35b3b6eaccc5e4912c1555080dc76cb_JaffaCakes118

    • Size

      14.1MB

    • MD5

      c35b3b6eaccc5e4912c1555080dc76cb

    • SHA1

      c1a2b32895b0d7ea25927d350e87bc6537d7685e

    • SHA256

      c79f2f6cd70358a2df2382bcb191aa6f22ba0d17d547e1e2c4350d0546c9be24

    • SHA512

      2b1c031915ab714a2bfa8d6e1c6e28fd35ca6650e776ce585d5196261bbb5347994f48009cf39f2cde48dd7cbd2b8baf90d530ec52da5ae51251e422789baf64

    • SSDEEP

      393216:2vxV/QEoCv8ESxOmi6XmaGnPTOna6mefoehwnDBBDO:uV/QEbAX4rOna3myvD

    Score
    7/10
    • Loads dropped DLL

    • Target

      $PLUGINSDIR/Dialer.dll

    • Size

      3KB

    • MD5

      18adbaf253b4483e59a94be06a9135e9

    • SHA1

      e096e87c93c80077d9726a585e52af2d46fa61ec

    • SHA256

      62f01d82e12633f1aa677a6c8c2e34316ab422d240179d8bac8ce6582f84f6f4

    • SHA512

      2ec8ef2486f631e63ab357420535eca64f7d7c369988967fe46adf58a6f12944de385b8002436b1ddc1e88cbc6968c6981caa0bb10168a073644fd9c2ec87f83

    Score
    3/10
    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      714e0ecd29f9ec555f350f38672726c7

    • SHA1

      555b1492e782d7a30f280f2aecb64c642c1aaad3

    • SHA256

      21fea4cf18de8e25d0ffa3375699150fcd04e6d470358696f2dffdd3fc09d7f3

    • SHA512

      ced5814f25b688d1ede5a1395bcca69e1a0cba260104f156dc03de6ebb2015f6d832fed86ac234c36a10a75be33f489a63c8bd6111e3aaf4b078af1d94b00312

    • SSDEEP

      192:qcOqQ13v5z+dHeMR2QwHu5S9i/yULWWBZYJCSJyejiK72dwF7dBKEw:qcW13v5SdHeMRRKkwseji+BV

    Score
    3/10
    • Target

      $PLUGINSDIR/StartMenu.dll

    • Size

      7KB

    • MD5

      28052e87fc73e2aad1db2db35eba62e7

    • SHA1

      72e4c599b45605e36aa5fe7b39caf1eba531328f

    • SHA256

      ca0b34b6d8ea4638f620f250539301164b6a300f679b96e22a0b1f03f5e56440

    • SHA512

      7759923e6c29a43dedee73ae0540d47b33a2861d6f3c0520deb90d068978494dbf01dde2974413699b2008306dbd753bdefdb5a78d4745d064ad6a5a3163fed2

    • SSDEEP

      96:VgiqVPb3X8K8Kdr3gEq6nNdMk6Qiw290+q6LDtJ1tK3hhEl7y:VgiqVPgK8K9eIdE9B/tWhg7

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      960a5c48e25cf2bca332e74e11d825c9

    • SHA1

      da35c6816ace5daf4c6c1d57b93b09a82ecdc876

    • SHA256

      484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2

    • SHA512

      cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da

    • SSDEEP

      192:jVL7iZJX76BiqsO7+UZEw+RlthVEoC0O3XB:g7ssOpZs/hS3X

    Score
    3/10
    • Target

      $PLUGINSDIR/nsisdl.dll

    • Size

      14KB

    • MD5

      a5a4cee2eb89d2687c05ef74299f0dba

    • SHA1

      b9bff5987be422887f2f402357b47db2288a1a42

    • SHA256

      cb82268b778703db75961cddef33a695a674f0dfd28b7e710b198ef2d26d3963

    • SHA512

      f485267c6239f84d294ed4b0a82f317081e6e2e0c5613bd012bbd496b9ebccb8aca6944e80f84af51d17ac13f4d83480c34edfe37a3a9508ce0e67fc9f0b96f0

    • SSDEEP

      384:yck76gi51kE5aYOMLDC4UnDp9B0Jc5HNw2xE:yck76gibLCMLDLCx04HNVxE

    Score
    3/10
    • Target

      CI3.ifn

    • Size

      2.4MB

    • MD5

      7fc7d17fe99e96b403224b6d0363f6e8

    • SHA1

      a892e59ccb3b95ad8e50ab8bcfa9925b92c219fe

    • SHA256

      15c5e0826a4ec78ae00ccff64a3a63e365a6dfb2cd3efa87608e88ab45ec19cb

    • SHA512

      9c3cfdbb3b93b61d9d38e65c9a1ab1da5bcbe6f428a6eebae53ea70fa1076c5996e9085a231cabe5c5cc1ca366880901f9c1f15a8cb8fcdc5f811f49323ffe8c

    • SSDEEP

      49152:unEwQWnvUTHKW6NUUOnfPd5wydwdqWiK+l4/qB:unEAkKW6CUAfPSdZiK5/Q

    • Banload

      Banload variants download malicious files, then install and execute the files.

    • Banload family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Target

      GLWorker.exe

    • Size

      1.8MB

    • MD5

      cd5c3746a0c9c36e4fa7c60f780b53c3

    • SHA1

      38b818925e8687b3a03a5c04e277bd4c9067136f

    • SHA256

      2fd882b6b2204bde9322d770a48e8bfdabc17d879840abee9952876c76591bd8

    • SHA512

      1094185d4e506f1da33ad437845332f42d5d82e9af06a2620502c5b7d23a25e08df0e7511c5c2b2a17aa7f4344ba48dfbbec70029b2580bf3b6d840bec18b002

    • SSDEEP

      49152:IzroXxa1qMtyV1MtyfJTkbzvTrOnfPd5wydw8p:IzroXxa1qX8RbzLrAfPS8p

    • Banload

      Banload variants download malicious files, then install and execute the files.

    • Banload family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Target

      Uninstall.exe

    • Size

      93KB

    • MD5

      09028d06b307f49555dffb76dc82c880

    • SHA1

      8f187451912fa4b5e0e3de3406d1d426e48f3fc1

    • SHA256

      0b0b36f894a702ac55405422733ccb22506c68e29848ae7eac9f0a4ce8cc597a

    • SHA512

      505f537225eefd85f94c0807b7452c1df41c32f6d79203a2e9a5cc166385605176a68217808e505389e08fb8a61211728643ab4acea381e06dc23145c257c94f

    • SSDEEP

      1536:zCaIoX1oYOcbTMV88TXJLE/oRdvislP2jLE+Db6FPhjtxQsOk63dcBuX6gSzR/7e:zCaZ2Yrb0VTXJY/oqsl6D0ZWX3we6Z9a

    Score
    7/10
    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      714e0ecd29f9ec555f350f38672726c7

    • SHA1

      555b1492e782d7a30f280f2aecb64c642c1aaad3

    • SHA256

      21fea4cf18de8e25d0ffa3375699150fcd04e6d470358696f2dffdd3fc09d7f3

    • SHA512

      ced5814f25b688d1ede5a1395bcca69e1a0cba260104f156dc03de6ebb2015f6d832fed86ac234c36a10a75be33f489a63c8bd6111e3aaf4b078af1d94b00312

    • SSDEEP

      192:qcOqQ13v5z+dHeMR2QwHu5S9i/yULWWBZYJCSJyejiK72dwF7dBKEw:qcW13v5SdHeMRRKkwseji+BV

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      960a5c48e25cf2bca332e74e11d825c9

    • SHA1

      da35c6816ace5daf4c6c1d57b93b09a82ecdc876

    • SHA256

      484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2

    • SHA512

      cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da

    • SSDEEP

      192:jVL7iZJX76BiqsO7+UZEw+RlthVEoC0O3XB:g7ssOpZs/hS3X

    Score
    3/10
    • Target

      bass.dll

    • Size

      90KB

    • MD5

      048e4659465b2f39511cf2e81a7e5a3b

    • SHA1

      f447e872bb8d0878d9a708ff661be523361464dd

    • SHA256

      fda6a046ccaa6bbb1a5f7c75e9ff7d936aaf841d1fbced495141604dcac081a8

    • SHA512

      24cbd4dbe0fb6288611317f91de0c67d4c0012935a61361bdacaac679ed677477a2c7b4a9f3ca050b2b2a92fb188e874bc81b0f18462198ae2817c9df6cf71c2

    • SSDEEP

      1536:DClBV+haFHIrvX3EyeswkxJd342m3OQ3m/FlXZOelGqNYQrEEqpeqsyFkXzLx4l7:et+UForv3ELkNpm3Ok2ZAwGSYsE9peqt

    Score
    3/10
    • Target

      readme.htm

    • Size

      9KB

    • MD5

      5b96088417f22f5e29a2e4085001c336

    • SHA1

      3e65d8e17273abfdde2d03d01d112e0672db4cc0

    • SHA256

      8505c9dcfb645ebb69674413fd343ae032b17655b870aa0ec05527fb0725e21e

    • SHA512

      31cf772129525a9a31502715ffdc3b48144a294bb54e092a943de0d6218e31e873687e025572502c518fb733f90747a8967a2d0022f5af3ba166b1d34626c7df

    • SSDEEP

      96:SM7bUxV3bpKQj6ZVcZPBPMDhi7aJr0QDBcjrfB/7fZN+D9oP0Bq+XEZuZSbuJgr:Sz+ZViPBChi7aOZE9oFZZv

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discovery
Score
7/10

behavioral2

discovery
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

banloaddiscoverydownloaderdropperevasiontrojan
Score
10/10

behavioral14

banloaddiscoverydownloaderdropperevasiontrojan
Score
10/10

behavioral15

banloaddiscoverydownloaderdropperevasiontrojan
Score
10/10

behavioral16

banloaddiscoverydownloaderdropperevasiontrojan
Score
10/10

behavioral17

discovery
Score
7/10

behavioral18

discovery
Score
7/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10