Overview

overview

10

Static

static

7

9f0688568d...18.exe

windows7-x64

7

9f0688568d...18.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

GLWorker.exe

windows7-x64

10

GLWorker.exe

windows10-2004-x64

10

LuxorAR.exe

windows7-x64

10

LuxorAR.exe

windows10-2004-x64

10

Read_Me.html

windows7-x64

1

Read_Me.html

windows10-2004-x64

1

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

core.dll

windows7-x64

3

core.dll

windows10-2004-x64

3

crash.dll

windows7-x64

5

crash.dll

windows10-2004-x64

5

dsetup.dll

windows7-x64

3

dsetup.dll

windows10-2004-x64

3

file.dll

windows7-x64

3

file.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9f0688568d98ab1b4f0a51dea14d1ac1_JaffaCakes118

  • Size

    12.3MB

  • Sample

    240611-wbbqdsvhnp

  • MD5

    9f0688568d98ab1b4f0a51dea14d1ac1

  • SHA1

    2a4650dacb4a735d75206f76baa2204c7d7542ba

  • SHA256

    ffc673f964fb067cdbb7998e307f8811e6cc161392dccf6273d03cadfb4e7917

  • SHA512

    b83b2cf014a864037c156433e1084685c67f74366af8948fc25417ce93270281a8fb24998cd4b251ba8cdaadce6c234e31211b1d846c44fb885191e062a2e130

  • SSDEEP

    393216:fz0FvHEp1JD+PqDs9tM6Lj3+ivPLm4r6OV7uR:fYFvH6XneM6Lj3EF

Score
10/10
banloaddownloaderdropperevasiontrojanupx

Malware Config

Targets

    • Target

      9f0688568d98ab1b4f0a51dea14d1ac1_JaffaCakes118

    • Size

      12.3MB

    • MD5

      9f0688568d98ab1b4f0a51dea14d1ac1

    • SHA1

      2a4650dacb4a735d75206f76baa2204c7d7542ba

    • SHA256

      ffc673f964fb067cdbb7998e307f8811e6cc161392dccf6273d03cadfb4e7917

    • SHA512

      b83b2cf014a864037c156433e1084685c67f74366af8948fc25417ce93270281a8fb24998cd4b251ba8cdaadce6c234e31211b1d846c44fb885191e062a2e130

    • SSDEEP

      393216:fz0FvHEp1JD+PqDs9tM6Lj3+ivPLm4r6OV7uR:fYFvH6XneM6Lj3EF

    Score
    7/10

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/Dialer.dll

    • Size

      3KB

    • MD5

      18adbaf253b4483e59a94be06a9135e9

    • SHA1

      e096e87c93c80077d9726a585e52af2d46fa61ec

    • SHA256

      62f01d82e12633f1aa677a6c8c2e34316ab422d240179d8bac8ce6582f84f6f4

    • SHA512

      2ec8ef2486f631e63ab357420535eca64f7d7c369988967fe46adf58a6f12944de385b8002436b1ddc1e88cbc6968c6981caa0bb10168a073644fd9c2ec87f83

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      714e0ecd29f9ec555f350f38672726c7

    • SHA1

      555b1492e782d7a30f280f2aecb64c642c1aaad3

    • SHA256

      21fea4cf18de8e25d0ffa3375699150fcd04e6d470358696f2dffdd3fc09d7f3

    • SHA512

      ced5814f25b688d1ede5a1395bcca69e1a0cba260104f156dc03de6ebb2015f6d832fed86ac234c36a10a75be33f489a63c8bd6111e3aaf4b078af1d94b00312

    • SSDEEP

      192:qcOqQ13v5z+dHeMR2QwHu5S9i/yULWWBZYJCSJyejiK72dwF7dBKEw:qcW13v5SdHeMRRKkwseji+BV

    Score
    3/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/StartMenu.dll

    • Size

      7KB

    • MD5

      28052e87fc73e2aad1db2db35eba62e7

    • SHA1

      72e4c599b45605e36aa5fe7b39caf1eba531328f

    • SHA256

      ca0b34b6d8ea4638f620f250539301164b6a300f679b96e22a0b1f03f5e56440

    • SHA512

      7759923e6c29a43dedee73ae0540d47b33a2861d6f3c0520deb90d068978494dbf01dde2974413699b2008306dbd753bdefdb5a78d4745d064ad6a5a3163fed2

    • SSDEEP

      96:VgiqVPb3X8K8Kdr3gEq6nNdMk6Qiw290+q6LDtJ1tK3hhEl7y:VgiqVPgK8K9eIdE9B/tWhg7

    Score
    3/10
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      960a5c48e25cf2bca332e74e11d825c9

    • SHA1

      da35c6816ace5daf4c6c1d57b93b09a82ecdc876

    • SHA256

      484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2

    • SHA512

      cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da

    • SSDEEP

      192:jVL7iZJX76BiqsO7+UZEw+RlthVEoC0O3XB:g7ssOpZs/hS3X

    Score
    3/10
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/nsisdl.dll

    • Size

      14KB

    • MD5

      a5a4cee2eb89d2687c05ef74299f0dba

    • SHA1

      b9bff5987be422887f2f402357b47db2288a1a42

    • SHA256

      cb82268b778703db75961cddef33a695a674f0dfd28b7e710b198ef2d26d3963

    • SHA512

      f485267c6239f84d294ed4b0a82f317081e6e2e0c5613bd012bbd496b9ebccb8aca6944e80f84af51d17ac13f4d83480c34edfe37a3a9508ce0e67fc9f0b96f0

    • SSDEEP

      384:yck76gi51kE5aYOMLDC4UnDp9B0Jc5HNw2xE:yck76gibLCMLDLCx04HNVxE

    Score
    3/10
    behavioral11behavioral12

    • Target

      GLWorker.exe

    • Size

      1.8MB

    • MD5

      08af668061d4f89813d103c5d00b0f11

    • SHA1

      a2bfb6753f5808159c128300bacfefc967c471de

    • SHA256

      954f1d96fde795d5f9912d6a43c2a2f47e284fc56f4657b63ede14a67e5a512f

    • SHA512

      19df0130aec210c1b1dc87541b70040fa0f2bab128fedc5a72594b830cfbe16e3a8dbdc9e59645684b3f5ac935fcbaf682ec751c021f8e47bd17f58730daca4a

    • SSDEEP

      49152:JzroXxa1qMtyV1MtofJTsJgtI9OnfPd5wydwBQ:JzroXxa1qX8XJge9AfPSBQ

    Score
    10/10
    banloaddownloaderdropperevasiontrojan

    • Banload

      Banload variants download malicious files, then install and execute the files.

      trojandropperdownloaderbanload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    behavioral13behavioral14

    • Target

      LuxorAR.ifn

    • Size

      1.8MB

    • MD5

      82330e8f15a93ffeab090fa8ba927ff4

    • SHA1

      e35551e0429bdd1d59bee264910d0b10ef7fa9d2

    • SHA256

      0727c4f7d2fbce25d26d5c56c2818831b252453b3d5e2b248e16c773dceb51d1

    • SHA512

      b7c6fdb0090a55c8f9239f44b9318e4ec961fe4a10beeb13f9f2a859d5cc172c9594790a9f9054e916b3b75c154d6c649c1f223add44dbacce5d2fe370b20ddd

    • SSDEEP

      24576:Z8tqYI1zdiL6J4OajbDcf+TG0KT6dultNmspPOlEOSUf/HboW5wydwPXGalpC:KqliL7kf+Te+e7muOnfPd5wydw/GalE

    Score
    10/10
    banloaddownloaderdropperevasiontrojanupx

    • Banload

      Banload variants download malicious files, then install and execute the files.

      trojandropperdownloaderbanload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral15behavioral16

    • Target

      Read_Me.html

    • Size

      41KB

    • MD5

      b73ea6a4f5460a97244ca9c834b8c9e9

    • SHA1

      f2b41aa0747ba3ad8a61f331f8acee0c2e8abb75

    • SHA256

      557979039b153ef19b45d6c405cb099922ebc4fe8dff8c4332aef11aed130af6

    • SHA512

      92b0df76e5eec5bba5c983e859447994cbdbe059fe0ebc9547826ccfca1a893846fb6b534dbc26ef2e5a8c3d99e02203a5541234dc685d7348c595d9a95632f1

    • SSDEEP

      768:hCqMou2vYoRUXTE7pdclzSwnqF7JKnYY8r74pg82WZT4fnBWF3eJ5+HaI5HaHJd8:rxBeE9zJnoF36Pu7J4E

    Score
    1/10
    behavioral17behavioral18

    • Target

      Uninstall.exe

    • Size

      104KB

    • MD5

      8e24e81ec36f0af96be7690081ede13d

    • SHA1

      e33106e7e8d1abf7b2ec77799b5d46129149525b

    • SHA256

      7492a2a9ae55c125a8534c849479fd9e46024526f22d7bdd11e43ebe4debd2cc

    • SHA512

      c8ac2dbc293631a68c3d6f1de4dd49992825302cdfa53b45d87ef9063706dad43aa50d7e646b9a9157e2d2bc68dd8160c8913597df2f1fa381125ace10a02114

    • SSDEEP

      3072:LCaZ2Yrb0VTXJYJmfnX3+aLYZWX3we6Z97:LCIo2sfnX3PYZwwe6Z97

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral19behavioral20

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      714e0ecd29f9ec555f350f38672726c7

    • SHA1

      555b1492e782d7a30f280f2aecb64c642c1aaad3

    • SHA256

      21fea4cf18de8e25d0ffa3375699150fcd04e6d470358696f2dffdd3fc09d7f3

    • SHA512

      ced5814f25b688d1ede5a1395bcca69e1a0cba260104f156dc03de6ebb2015f6d832fed86ac234c36a10a75be33f489a63c8bd6111e3aaf4b078af1d94b00312

    • SSDEEP

      192:qcOqQ13v5z+dHeMR2QwHu5S9i/yULWWBZYJCSJyejiK72dwF7dBKEw:qcW13v5SdHeMRRKkwseji+BV

    Score
    3/10
    behavioral21behavioral22

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      960a5c48e25cf2bca332e74e11d825c9

    • SHA1

      da35c6816ace5daf4c6c1d57b93b09a82ecdc876

    • SHA256

      484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2

    • SHA512

      cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da

    • SSDEEP

      192:jVL7iZJX76BiqsO7+UZEw+RlthVEoC0O3XB:g7ssOpZs/hS3X

    Score
    3/10
    behavioral23behavioral24

    • Target

      core.dll

    • Size

      56KB

    • MD5

      9888f4f608d1fbd5cb440fd12ac846c6

    • SHA1

      6e9d68202df8a8a1ef23d7b626e28a92d4cba11b

    • SHA256

      678df0973f3132e65345aa4443c27ad9d59c10997cfe96489725d4659532974a

    • SHA512

      6189e53d19ae7266cc76782a5dd235547a9e4b9cf469d0d21056882e00cb824df5744f92c9ade98ff3e7f24de7b56675f90b9a85043511dcd6ec04a16ba8cf51

    • SSDEEP

      768:VprFS20OyoOjhEROHiyJVbDMVkqEA5hSo0nC/eFD:VpI20O/OuOCyJV8GqEA5enC/ID

    Score
    3/10
    behavioral25behavioral26

    • Target

      crash.dll

    • Size

      88KB

    • MD5

      569f0737f7c397c64ac97b0c5867caee

    • SHA1

      571cd81dc71cd7fb08843df7865bd447017ddebc

    • SHA256

      61264f22f15d8fc81395f8d5b02cd14b1f9fe4729677bc5649f9515951ea0fd6

    • SHA512

      e5d51d0b00fe12ceca5b269b1cf82074c10012cd3a811a968bbc04bb0c99fc96ec896fd1698b5156996f42a954a7d0edc60f8e3328a4eb14c8a08a7c12a9732f

    • SSDEEP

      1536:LMoVm4jFmop00m7WR6VTTQcSEB1I5BoLbwGjrbXsb4DAv:LMoVdmoQ7WwFQjFUVrjsEDAv

    Score
    5/10

    • Drops file in System32 directory

    behavioral27behavioral28

    • Target

      dsetup.dll

    • Size

      34KB

    • MD5

      4f5f399a970a921f883975a2228a1c8c

    • SHA1

      f2c39bde79a6d91f8e35dd4eee5ebed4573c5615

    • SHA256

      0fdfff9a5db0bd4b16a9663a6616308c511a21e3bec0bbed60ddfa2597c73acf

    • SHA512

      7a03587c77eaad433fb49694b9cabbc0bda8e8554a97ee3ec63ca09dd7df37cae0031c1b9b52ab4d76d45fd847adf5a7680bb0dc803166ce4fb4cfc12aa017ef

    • SSDEEP

      768:7M0v0mWosSeNwRQy1E5MYDgZBC7Q3+jPJmEDUWe:7PdRzeNwp25MY8nC83+LJmEDTe

    Score
    3/10
    behavioral29behavioral30

    • Target

      file.dll

    • Size

      28KB

    • MD5

      c833ed61fc0656c6334b317e63122c2f

    • SHA1

      97178b932f97ef9c1c9525466dfd6639cc704e5f

    • SHA256

      82e02a026b3cdd5f37ce5f02a178f71abdf7f631279d73266b3d2ad895437bbc

    • SHA512

      bf413638beb8c79835adeca56e5d9d6416b98df5efe753089f608c591457d9704f47f6ccecbc5478a2adb5e99500270aaee3ac1595b007032c07bc2215e19250

    • SSDEEP

      384:4yxFATdh8tkiy8o4BsiZuZfhHNOS7j+k31MDok3:pxShYyvSUhQQj+w1M1

    Score
    3/10
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

5
T1082

Query Registry

5
T1012

Virtualization/Sandbox Evasion

2
T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

upx
Score
7/10

behavioral1

Score
7/10

behavioral2

Score
7/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

banloaddownloaderdropperevasiontrojan
Score
10/10

behavioral14

banloaddownloaderdropperevasiontrojan
Score
10/10

behavioral15

banloaddownloaderdropperevasiontrojanupx
Score
10/10

behavioral16

banloaddownloaderdropperevasiontrojanupx
Score
10/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
7/10

behavioral20

Score
7/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

Score
5/10

behavioral28

Score
5/10

behavioral29

Score
3/10

behavioral30

Score
3/10

behavioral31

Score
3/10

behavioral32

Score
3/10