850c3f5563bd2b0e47e36e1fc87b30abbd8d32c150ce78eb2192027c9645cdf8

Sharing

Copy URL

Twitter E-mail

General

Target

1aa6ab57058b1fa13bf2ce33358d43f3_JaffaCakes118
Size

1.3MB
Sample

240701-kntk7asblf
MD5

1aa6ab57058b1fa13bf2ce33358d43f3
SHA1

e77a38a245e01aedaf6784aba758129b5ca87292
SHA256

850c3f5563bd2b0e47e36e1fc87b30abbd8d32c150ce78eb2192027c9645cdf8
SHA512

32e39f0f53c7ff8000209f35790a1afb507f5a5e6944257df7062d48c52d24639b7242dc29be65fbcb65fbe1575dff4d326c9fdae55536070cf8f5490de3ac6f
SSDEEP

24576:XUMRWYm2TZdAi+1otkg2FEUzgjze/XHLqaKVg/bbKiCQANeK3qqS:E5YmQZdAiv2NgjzGXrEMbKiCQJK3zS

Score

8^/10

Malware Config

Targets

- Target
  
  1aa6ab57058b1fa13bf2ce33358d43f3_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  1aa6ab57058b1fa13bf2ce33358d43f3
- SHA1
  
  e77a38a245e01aedaf6784aba758129b5ca87292
- SHA256
  
  850c3f5563bd2b0e47e36e1fc87b30abbd8d32c150ce78eb2192027c9645cdf8
- SHA512
  
  32e39f0f53c7ff8000209f35790a1afb507f5a5e6944257df7062d48c52d24639b7242dc29be65fbcb65fbe1575dff4d326c9fdae55536070cf8f5490de3ac6f
- SSDEEP
  
  24576:XUMRWYm2TZdAi+1otkg2FEUzgjze/XHLqaKVg/bbKiCQANeK3qqS:E5YmQZdAiv2NgjzGXrEMbKiCQJK3zS
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/INSTALLOPTIONS.DLL
- Size
  
  12KB
- MD5
  
  1e8f2fefe3ce893b117b26948b8978cb
- SHA1
  
  59cfc6c3f5716e91609e54ca80ae8b06c93ef8ab
- SHA256
  
  8203ae1589a50e6ff012e5d27bdd4f8ed7506077ca9b052827f5e90aaeb98519
- SHA512
  
  b3c36e1aa5d3ee5f482f4175a7d6fe10cf2bf3bd3423ab4266d11c4181cfbc7e3f66a30855034a8ec026a4d5987598f0116e98519b7445d9e5687bcbab2c0e5c
- SSDEEP
  
  192:qzixixDOHhG9db9rd+oSVPECMlh3I8tqDyng7hwbbHF1QuCb:qOx0DOHqrdwTY6+ng72bbMum
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/STARTMENU.DLL
- Size
  
  6KB
- MD5
  
  5c6271fb9e292a5f970abc96e5b0182e
- SHA1
  
  95f9b6d87c142cb42882cb3ca38d1fd424ee5bc3
- SHA256
  
  0fd71473abf9bdb824772875c915ba4864af50666cb41782ea26db11f4ded7ae
- SHA512
  
  32ff24ede0d0ae99411e4780af0d9f774190cac5e965eca98a0003e772324f1d90ed9b27d2d4f700634aec29b906822f8c37640c840e8ed07adb35dafaf25a00
- SSDEEP
  
  96:HxLJdRZk8OkmE+WHw0FMXF6CWhFxKpKsVQhEfP0:HxLjPk8OT30FFAaCP0
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/SYSTEM.DLL
- Size
  
  10KB
- MD5
  
  10c44246d99a1c2e5f5e6b52b111a63d
- SHA1
  
  0f41da79c3e789f4ae38738e3a5d73c538f8af4f
- SHA256
  
  7a24883bdbf08ce90938094b6ab6f09a842af10b18b8ae4d70da2e6b806490b8
- SHA512
  
  e5b0fa27cd02a67be5eb9c63646621d3e9ccfada98659c50dee8310a58ce12e1a6a059788b85f0f440067ed7e281a0e1a526b9403993b9000f91a51bfbb50da3
- SSDEEP
  
  192:rOSsJI/rqmIDNLU0dq51EgAiNbubv6rLZ:lHQQ0d01Egbq76r
Score

3^/10
behavioral7 behavioral8
- Target
  
  $TEMP/Fox-Temp/IEHELPER.EXE
- Size
  
  396KB
- MD5
  
  5775e2117e17fa8eced6d8cd78a2f6b2
- SHA1
  
  edee86707276f80a660f57dd1c6d8be26a1030fc
- SHA256
  
  3ebcb4e76a1719ea1d2a68e5e87d19fb83347f005850144364227b48b2ecf0ed
- SHA512
  
  70d967e78235be7f5a64fa52c2cd68511945353f217bf5043cc860e061d63dd701a2d43bfe795880cfd209e83cb5e1d85ef01b2bb65e0a34a1187bb6fe25c967
- SSDEEP
  
  6144:dhF2fYrOWU2uMHIcEoya8hqfrUOAiV0C58rnkHKKRij3ics/khzzTPvfPDjLLiN2:3URWU2uXHtUoxix6KOzXPLLiNp7HE
Score

8^/10

adware discovery persistence stealer
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral10 behavioral9
- Target
  
  SWF2MP3.CHM
- Size
  
  250KB
- MD5
  
  ef6cf00574bf5ecd2fbbd574f205e650
- SHA1
  
  0c66655f3d4d2f974561a168c63e169f518945a3
- SHA256
  
  9a6b284b7084f544e82865b711a27d092ed5ab3453892a341a50d05de2c6fe9c
- SHA512
  
  6007034cfe17dfdc112f53f98ef3731b1738ad56ffa7996db85dc4904fde5cebe711e0db641ed42094902aa5a32fdebc80f8f0af1b17e8fc45eb4aacb76aac02
- SSDEEP
  
  6144:5AgxJthku1GbWNn4FAKpRaPt7t3cQ87wGljLj2Aj:PDhdMW6A44vcQAwW/Pj
Score

1^/10
behavioral11 behavioral12
- Target
  
  SWF2MP3.EXE
- Size
  
  264KB
- MD5
  
  8be4bd8d7ca73646339626f7a4f3a960
- SHA1
  
  a4fe8585d3a9b1ac118b0a1fa8a83551f086b2a4
- SHA256
  
  5ac4fbb96ec0b0a348c5e27709d87532a5f3a2fd89b9848beb6add9a3b7974c4
- SHA512
  
  03621e53a6cbd10093638408b1ce98dc150a7c8055cd7d453965f3947d37a049da9a4cb8c4e2efe5f5a2aaafd5226ad78c8402cd8f29a818a0ddac2a0e00efc3
- SSDEEP
  
  6144:K4Eepht6dqvz282sI8RlPVwwCViPf0lGreL9:KGaWy84S5Vw60lZZ
Score

1^/10
behavioral13 behavioral14
- Target
  
  SWF2MP3.URL
- Size
  
  57B
- MD5
  
  d760a7ca35dea22d7d55761a66950510
- SHA1
  
  eb33a2fa02d6c64c7f57f65b44194facee19fd15
- SHA256
  
  ac82c5bedcf80febbfa588f6ae6dc6164ffdc9ef7f5d571102f6a3519927fc46
- SHA512
  
  5d7813425ed4e671849bc5dcf63d2c67faae75240a7fd21528a03c1dba5281c44ce5c545dd267b0a52e61a84221cff1cbdee0fba62d63e5b5123cc310a02e972
Score

6^/10

evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral15 behavioral16
- Target
  
  ºº»¯Ïà¹ØÎÊÌâ·´À¡.URL
- Size
  
  337B
- MD5
  
  f7b5d279fdaca0d76a3cd13b4cdda081
- SHA1
  
  1be2ce4f4a02800c6320043c59404d24b997f51a
- SHA256
  
  0bbf6ec991832b6ca1b14f2a8f0c020aa3aa5fa671c05b1aba01e54967ba3970
- SHA512
  
  a01518fb50f58648df1b9657fa171dc06391cac3766f46bde327b81e185f300b8790a567afd74d401a64730fa710dab2a80c42fd351eed7991ed145d9cf4beb4
Score

5^/10
- Drops file in System32 directory
behavioral17 behavioral18
- Target
  
  ºüÀêÉÙÒ¯ºº»¯×÷Æ·ÁÐ±í.URL
- Size
  
  124B
- MD5
  
  3921901cec0a996ed699c495cfccb0d0
- SHA1
  
  a67efb49015aea91aaf820c11166fdce96cb4143
- SHA256
  
  ba128384f81e1d9ae1e50f8245f242e1399b322a849891a915f81be26f3af0ad
- SHA512
  
  f5f1cfb8a48d357282a238e92a3dd137246346f9bf57812fe2abde0f8d35c7aca6131d9e75117da6645b8611d2b69708ed2188304e81e2c084e01943a71ec77c
Score

6^/10

evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral19 behavioral20
- Target
  
  Ð¶ÔØÈí¼þ.EXE
- Size
  
  43KB
- MD5
  
  68f437d78032e4b61408894391730f98
- SHA1
  
  9b12d66de3f64ca8a43015ab29d704857ed84021
- SHA256
  
  5e05ec149573e6dd7bfe2012b0bb44566e572e2dd6344a254d59f5153a28f5c9
- SHA512
  
  15468ec89f1926be9b668c56791b428ad8e438074981f02e722b4fe18c1cef1f2cf33b3fe0d3006c331bc7f96f37cc164f3d204ccb2c58876ee07be5df3e3593
- SSDEEP
  
  768:u4PgXuTkSBmVeRP+z2wYfxG7lWHE/nUF2kLpcqSFuHtLHkJI629ao7BnUDR42K:9PgXwpm4RmzZwCnUF2ICqdkJI6aBIR4L
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral21 behavioral22

MITRE ATT&CK Matrix ATT&CK v13

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Drops file in Drivers directory

Sets service image path in registry

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Installs/modifies Browser Helper Object

Drops file in System32 directory

Checks whether UAC is enabled

Drops file in System32 directory

Checks whether UAC is enabled

Deletes itself

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22