be4616d11b24ad5d37e4e5987e933bd35d656e6505f5a8e75ee5588f1ef33bb1

Sharing

Copy URL

Twitter E-mail

General

Target

f154c92cb4e9af2c71399ad3a290a0a7_JaffaCakes118
Size

676KB
Sample

241214-3z6zrszmfn
MD5

f154c92cb4e9af2c71399ad3a290a0a7
SHA1

748cb5e98296ffbe5d4ec1a6fb51f0ec2bf6cb72
SHA256

be4616d11b24ad5d37e4e5987e933bd35d656e6505f5a8e75ee5588f1ef33bb1
SHA512

60d84362036b121bd49879851ef350d66c501fe5884a87f685e4e8cc7b24c0120ccaf623c0688aaf3cbd5671f7197b569556cc6b767d0e6e26f1de3d8a29c4f4
SSDEEP

12288:tL0NCNEq8/g/KsQxjJU9TP1+MqNXH5axDWaJQsH3ClZFvSpTI70:tYNCNEq8/KKsQB2FAMqNX5gWaesHSlZM

Score

10^/10

Malware Config

Targets

- Target
  
  f154c92cb4e9af2c71399ad3a290a0a7_JaffaCakes118
- Size
  
  676KB
- MD5
  
  f154c92cb4e9af2c71399ad3a290a0a7
- SHA1
  
  748cb5e98296ffbe5d4ec1a6fb51f0ec2bf6cb72
- SHA256
  
  be4616d11b24ad5d37e4e5987e933bd35d656e6505f5a8e75ee5588f1ef33bb1
- SHA512
  
  60d84362036b121bd49879851ef350d66c501fe5884a87f685e4e8cc7b24c0120ccaf623c0688aaf3cbd5671f7197b569556cc6b767d0e6e26f1de3d8a29c4f4
- SSDEEP
  
  12288:tL0NCNEq8/g/KsQxjJU9TP1+MqNXH5axDWaJQsH3ClZFvSpTI70:tYNCNEq8/KKsQB2FAMqNX5gWaesHSlZM
Score

7^/10

discovery persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/AccessControl.dll
- Size
  
  10KB
- MD5
  
  055f4f9260e07fc83f71877cbb7f4fad
- SHA1
  
  a245131af1a182de99bd74af9ff1fab17977a72f
- SHA256
  
  4209588362785b690d08d15cd982b8d1c62c348767ca19114234b21d5df74ddc
- SHA512
  
  a8e82dc4435ed938f090f43df953ddad9b0075f16218c09890c996299420162d64b1dbfbf613af37769ae796717eec78204dc786b757e8b1d13d423d4ee82e26
- SSDEEP
  
  192:8SEWBGgiJM4LN+xq56XdNcNz/NWdlJmlyOcROQ:8SEPgii9KTzyt
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/inetc.dll
- Size
  
  20KB
- MD5
  
  134b93f8bd1f82cd2f1b06c878580703
- SHA1
  
  29cdbce7a2caf1f7e4d2a139c42336d490074665
- SHA256
  
  45153adf50541316468e2b189a0f8127be9fb29e2f920e7eeaa6aceb438db8c4
- SHA512
  
  f970c38debb6631dab7369e2bc96237f16a8fd328d9d35a2b54cb688e1807f62cc6d63230afe89ce5c3945097ae4466872c72929a9623adde3ee57bddf54b692
- SSDEEP
  
  384:EBQCxl9oGPZsw1v6yBIgktbBYeTeXMK5HQ/0lR+Tya4LV0Ac9khYLMkIX0+GBxgU:goGFghBZTeXMK6cVa4L
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  avsuite.exe
- Size
  
  1.2MB
- MD5
  
  8a4d47afda64a151cfa636723fd50526
- SHA1
  
  1741acf900fe7a330aa575a62c4fa86c7866f6b3
- SHA256
  
  ba3b714cf4c1682f58add63ece7f1d6339389364af30dcd7b37bb062466fb05b
- SHA512
  
  8dbe42ff3b2393ec199fe8ed1877887f5ad0f46b0e24aa62e404879230394015807e48f6583eee7a91a825f396cb8fa396469c105b0adac3a1fc7a73d2a58ed4
- SSDEEP
  
  24576:nmN35j9y+ZU7XsIKgxuZ7RR3oTEG8hysS/v1POcu:mN3jy+xIK17ITEQmcu
Score

10^/10

discovery evasion trojan
- Windows security bypass
  evasion trojan
- Windows security modification
  evasion trojan
behavioral7 behavioral8
- Target
  
  htmlayout.dll
- Size
  
  1B
- MD5
  
  cfcd208495d565ef66e7dff9f98764da
- SHA1
  
  b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
- SHA256
  
  5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
- SHA512
  
  31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99
Score

1^/10
behavioral10 behavioral9
- Target
  
  uninstall.exe
- Size
  
  41KB
- MD5
  
  f2656f62f52556cbaa8fe63cc51c5d73
- SHA1
  
  e1cc49f855bb98996ab49caac77cd015569ac024
- SHA256
  
  2e100548df26b77c4bf3a930023daf36173a04b8242fd7d0f7132e352931e4d2
- SHA512
  
  e766a0734178530268671432fdcddf22d9913f1eabe964af48d7630dd0a3a8fb9613ea7b3f6ffe9fb3568889d954d2f20c865a0163344cdb55e7419402a0dd1d
- SSDEEP
  
  768:6HJd0TpH2+bQ2dUWVX9Hfv1JMWmtLEJOyuBxG0D3mjfS3XJdJRnSlC9ZnOlb2:6pgpHzb9dZVX9fHMvG0D3XJYlC+Q
Score

7^/10

discovery
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/AccessControl.dll
- Size
  
  10KB
- MD5
  
  055f4f9260e07fc83f71877cbb7f4fad
- SHA1
  
  a245131af1a182de99bd74af9ff1fab17977a72f
- SHA256
  
  4209588362785b690d08d15cd982b8d1c62c348767ca19114234b21d5df74ddc
- SHA512
  
  a8e82dc4435ed938f090f43df953ddad9b0075f16218c09890c996299420162d64b1dbfbf613af37769ae796717eec78204dc786b757e8b1d13d423d4ee82e26
- SSDEEP
  
  192:8SEWBGgiJM4LN+xq56XdNcNz/NWdlJmlyOcROQ:8SEPgii9KTzyt
Score

3^/10

discovery
behavioral13 behavioral14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Windows security bypass

Windows security modification

Deletes itself

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14