Overview
overview
10Static
static
7262bdf94b0...18.exe
windows7-x64
10262bdf94b0...18.exe
windows10-2004-x64
10Ares.exe
windows7-x64
7Ares.exe
windows10-2004-x64
7AsyncEx.dll
windows7-x64
1AsyncEx.dll
windows10-2004-x64
1MP3Source.dll
windows7-x64
7MP3Source.dll
windows10-2004-x64
7Uninstall.exe
windows7-x64
10Uninstall.exe
windows10-2004-x64
10bass.dll
windows7-x64
1bass.dll
windows10-2004-x64
1chatServer.exe
windows7-x64
1chatServer.exe
windows10-2004-x64
1data/Homepage.url
windows7-x64
6data/Homepage.url
windows10-2004-x64
3libfaad2.dll
windows7-x64
1libfaad2.dll
windows10-2004-x64
3General
-
Target
262bdf94b004bd09ce58437f12493cd9_JaffaCakes118
-
Size
2.5MB
-
Sample
240704-zn6m3s1amd
-
MD5
262bdf94b004bd09ce58437f12493cd9
-
SHA1
7177b4bdbbcf4b17c0bc90975da9ee026f3de547
-
SHA256
2779f07d01247b9294a1db290ca70ce53700438839c8cb61b33c95012ccee83d
-
SHA512
21f88c2dba0d22ad17185c7afbffe65d979cccc08b8ab7a8cb673d7582eaa11c34ef9352f612b4144c31a23e911d04dc24b6a24207f378b89cf9460d6914e20d
-
SSDEEP
49152:vpIiXFW9352hc5vrU8nFWWQ+prv3nTHncbLRlewau1dEHYqnEDY:bXFW9J2hcxrUS0Z+pz3rcb1DuvaY
Behavioral task
behavioral1
Sample
262bdf94b004bd09ce58437f12493cd9_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
262bdf94b004bd09ce58437f12493cd9_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral3
Sample
Ares.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Ares.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
AsyncEx.dll
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
AsyncEx.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
MP3Source.dll
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
MP3Source.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral9
Sample
Uninstall.exe
Resource
win7-20240611-en
Behavioral task
behavioral10
Sample
Uninstall.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral11
Sample
bass.dll
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
bass.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral13
Sample
chatServer.exe
Resource
win7-20240508-en
Behavioral task
behavioral14
Sample
chatServer.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
data/Homepage.url
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
data/Homepage.url
Resource
win10v2004-20240704-en
Behavioral task
behavioral17
Sample
libfaad2.dll
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
libfaad2.dll
Resource
win10v2004-20240704-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
262bdf94b004bd09ce58437f12493cd9_JaffaCakes118
-
Size
2.5MB
-
MD5
262bdf94b004bd09ce58437f12493cd9
-
SHA1
7177b4bdbbcf4b17c0bc90975da9ee026f3de547
-
SHA256
2779f07d01247b9294a1db290ca70ce53700438839c8cb61b33c95012ccee83d
-
SHA512
21f88c2dba0d22ad17185c7afbffe65d979cccc08b8ab7a8cb673d7582eaa11c34ef9352f612b4144c31a23e911d04dc24b6a24207f378b89cf9460d6914e20d
-
SSDEEP
49152:vpIiXFW9352hc5vrU8nFWWQ+prv3nTHncbLRlewau1dEHYqnEDY:bXFW9J2hcxrUS0Z+pz3rcb1DuvaY
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
-
-
Target
Ares.exe
-
Size
992KB
-
MD5
69e967f3ff9e3df41f4228440fbd43ae
-
SHA1
6c447b64f036f39eb3d248cf16991b32633d51ad
-
SHA256
b6d3e5449b22d3f3e2f8120c3746fd65785909348ded63c2a2f8d77376b48bff
-
SHA512
cf351a619b26503ffb66e7667d9425f31bbe5ce472a45de828b9b841aca2da913972a467da0620c6c59ee0f6230dc598b79f92239dad30f7bf43c9bf8dbaa18f
-
SSDEEP
24576:Z4PWjFqcs26aptG/g0q0UuncjMb9ZfZP3rCVUnMoZRnLVqKAfgA:ZW26ajJ0UuncjKZfJrCSn7nZqKQt
Score7/10-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
-
-
Target
AsyncEx.ax
-
Size
196KB
-
MD5
c250246a8020efc9d905e32aea98d8a4
-
SHA1
bd82927d03992a4d5ab390c21249ec150270984c
-
SHA256
46ce1a2667580265807eb9a7576303ecf02defb4cbb93ecc9ca5825ada267cf0
-
SHA512
fc4979d766e542293a92ec520ebeb2ca48999b28d6731faaad2297e33dff701f351d6782d7c374d3aad8e10040b240573a4a09641610384271531a36a5130991
-
SSDEEP
6144:fNBDDkAa1rlGC6sxTC9OCybJuyQqk6P8hZm:fLkAaV04dCwCybJu1OPw
Score1/10 -
-
-
Target
MP3Source.ax
-
Size
60KB
-
MD5
14fda53fbef501023ac193544cfcc9d9
-
SHA1
dedf954a0e444022b77d085b731c7146804d78d5
-
SHA256
f57a5122275ddc67f56d45608fb3b1c41a25b10899bd1e46bb9f04f02f7fc424
-
SHA512
5bea4300b522e290cb0499944529921658c0d9f39fc4e2e2fa0ac31c6410b9834d430e5ce8f4afd1e20bc7cf16ec59460dcdb4bed7b770656a9bd7698c718b7f
-
SSDEEP
1536:nV3d1U+bcXzRh9p8KPLrzmipy7RS1dw01xk:nJHbcXzRh8KPrmh1Sbw01O
Score7/10 -
-
-
Target
Uninstall.exe
-
Size
129KB
-
MD5
e8e3a158223c63f08ac763a1c9567627
-
SHA1
c4c3e3fd403e6f1053284cfa8e73a256ac4af7fd
-
SHA256
acb1fac4042e427309a0ae8d872d788de9a6033250e28652f98758d43efe2c34
-
SHA512
755b027a1715a029025862547effbcf30e34792c4c8cb9ba7faa8b8adea66f0cc802f5935efc827af32020ecfd43bf63456301438ff033a8e8d73a6354e9c46e
-
SSDEEP
3072:4kjA04dDGkJjqKswMPcgj1EA208+fYNaTBvh3t:485KhMkOOAHfEYBvh3t
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
-
-
Target
bass.dll
-
Size
93KB
-
MD5
38473d7a84ab44517dec3d9327764cc9
-
SHA1
3603232bd6b557bf6b3a8b10a8a274162b3e0d7f
-
SHA256
b4567acb45f3329ba6931c514a0df01386f6f89521cf228735111cea336685c6
-
SHA512
a22a534ed288d1a2abbed36028586f1ab78f649fadf05aaf81d773614e033a8b6c61855349dac0fa156e21ccfc8b9e2f199e55e9f63adca5f3506d311288bee1
-
SSDEEP
1536:6PZtcJMOPJkKmCyFomUDmAOLiRGQsgJix3BO5Rp9Wls9artatTNqQ6kjjrTysLRh:m+JtPJdiZft+RG/M3RpKTrQtRqBOrTyk
Score1/10 -
-
-
Target
chatServer.exe
-
Size
389KB
-
MD5
eb7319da35fff406c2afd912f8268f4c
-
SHA1
c910576a71600fda8148b89f04447bbbc3a2d2a5
-
SHA256
ec318dd5992b4d3f23ffe11c2bdded5fe4d28615dc4750f8faf7afa7aa324322
-
SHA512
b92864f1b474d21c8de5fe1d28e6858d6ab7e4caa4d025e22c6bebba229cee63d7e4a81f62becf2240427eebfdea594d2904f4f5056e8db9ef866ca09f0e24eb
-
SSDEEP
6144:xxtikHm/dn3i04xwo27y3N8nfldTRieNmfiXW4YTyjZrACjb12jg02:EkH+IwMg9RieO/+lhjBy12
Score1/10 -
-
-
Target
data/Homepage.url
-
Size
249B
-
MD5
450d1c4cd8852d5ffa7f922f6c7cbaa7
-
SHA1
fe2e5a5447592fd2349fc417584f9ac11795c613
-
SHA256
b86da025026b626f63cb2d32608c1b905b59496e8c2b30b87eed1e2eaf0eb0b8
-
SHA512
ca6d51664b9dbcfdc4c7cbf0dcd9278b116958477b3e42046925ecb2630ac897ec52274019bb84b630fd0cfc4684ea0cfbb1bed53ce02db08282054d128a5560
-
-
-
Target
libfaad2.dll
-
Size
169KB
-
MD5
fd5abedf547602eaa107ddbeba50cdc7
-
SHA1
7adbd9cb65605eb3e43afc4c93a2adc025f36342
-
SHA256
e1fdc49b2a3f23fac94e1a1978f226c8cf7d4d7ca0297745a6d543ab1d53a471
-
SHA512
bcd1a7069d8728ef5417d23f105963eaadf3ead07ca59bd2d281bdeae559fcef923865d0b26a500a401d290cd8a527dc9c35ebe0033109ced99138e4d0d87417
-
SSDEEP
3072:4q0lyEEbqWiYKTPgeRiLiXzox75a+yYscJfDQNr4BfD4yrz:GlyEEbd8DgeYi+5HJfOMBfcyrz
Score3/10 -
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Abuse Elevation Control Mechanism
2Bypass User Account Control
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
12Impair Defenses
8Disable or Modify Tools
6Disable or Modify System Firewall
2Abuse Elevation Control Mechanism
2Bypass User Account Control
2