Overview

overview

7

Static

static

7

04f9f565b8...18.exe

windows7-x64

3

04f9f565b8...18.exe

windows10-2004-x64

3

$PLUGINSDI...ls.dll

windows7-x64

7

$PLUGINSDI...ls.dll

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...rt.dll

windows7-x64

3

$PLUGINSDI...rt.dll

windows10-2004-x64

3

html/background.html

windows7-x64

1

html/background.html

windows10-2004-x64

1

html/popup.html

windows7-x64

1

html/popup.html

windows10-2004-x64

1

js/background.js

windows7-x64

1

js/background.js

windows10-2004-x64

1

js/ico_auto_parse.js

windows7-x64

1

js/ico_auto_parse.js

windows10-2004-x64

1

js/popup.js

windows7-x64

1

js/popup.js

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    04f9f565b8b346851e98008d80dbbbb8_JaffaCakes118

  • Size

    6.2MB

  • Sample

    240428-me2ljsdg9y

  • MD5

    04f9f565b8b346851e98008d80dbbbb8

  • SHA1

    d85185e6da437ed7a70b87c819f40c0c033767b6

  • SHA256

    e0f258ba9a364a416db255a45030e50d331cd52f86705e6bb3412a0ce3ec1fb8

  • SHA512

    c8f2a9bc197eafc08f58bf72e1f79243323f7c81ac3fd4c3b7fd1774958c33b38a4ffe858a649d35c938d6b4ee35a5739574008a17ba41bce7fad062737688f3

  • SSDEEP

    98304:cN7+eb90Vt+jPCI4z1QUiWBdRVNx5I964HCrx1qVqOH+ZhI3C123rs+XiPq7t7+A:cN7+Bt+e5+WjR7864HciVF33j3x5NWy

Score
7/10
spywarestealervmprotect

Malware Config

Targets

    • Target

      04f9f565b8b346851e98008d80dbbbb8_JaffaCakes118

    • Size

      6.2MB

    • MD5

      04f9f565b8b346851e98008d80dbbbb8

    • SHA1

      d85185e6da437ed7a70b87c819f40c0c033767b6

    • SHA256

      e0f258ba9a364a416db255a45030e50d331cd52f86705e6bb3412a0ce3ec1fb8

    • SHA512

      c8f2a9bc197eafc08f58bf72e1f79243323f7c81ac3fd4c3b7fd1774958c33b38a4ffe858a649d35c938d6b4ee35a5739574008a17ba41bce7fad062737688f3

    • SSDEEP

      98304:cN7+eb90Vt+jPCI4z1QUiWBdRVNx5I964HCrx1qVqOH+ZhI3C123rs+XiPq7t7+A:cN7+Bt+e5+WjR7864HciVF33j3x5NWy

    Score
    3/10
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/NSISExtInstallerTools.dll

    • Size

      5.9MB

    • MD5

      0183423b320664e9612f437f098f5d18

    • SHA1

      04b916cd6909f1bdc6dfe9d04a05db6b400d7da6

    • SHA256

      ab623298028472884ce6a5a9cd29d48ca795cea66f269f61da0cd322e903ed09

    • SHA512

      ce089b87122d57cd990c642f2137b5b8fc0f2fd11582755883ec912ed87029e73c06242b8920af5f95c497e527f375b8a9abdbdbec087ccb08e345b6f7f81828

    • SSDEEP

      98304:xpiSFHtPrEbA9zBBXbkgZcuXBgbR0EzezEnUNl3zA9Ib6C1a4F+MR:1F5rxbjrXKdZizEUDzTb6qaU

    Score
    7/10
    spywarestealervmprotect

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      960a5c48e25cf2bca332e74e11d825c9

    • SHA1

      da35c6816ace5daf4c6c1d57b93b09a82ecdc876

    • SHA256

      484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2

    • SHA512

      cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da

    • SSDEEP

      192:jVL7iZJX76BiqsO7+UZEw+RlthVEoC0O3XB:g7ssOpZs/hS3X

    Score
    3/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      8ced0b79f7b9033d0795aab3be6d627c

    • SHA1

      90c2043ffccd068f407c624c50ac7b795db1e132

    • SHA256

      495bddc0be6e18e981db82fab9d1de55c7e269ab4ec3ff43035193bc017a307b

    • SHA512

      e38f63a342729f5ff6d0db607d7877b65c33ed19e2b5a97dd868ece8c2a3e829d4153624943444be2f0de885496161d54c1da9594bdc0a5a0bcc8b727e2facb0

    • SSDEEP

      96:3Rp41CMj95rKhkfL5RkEdKkcxM2DjDf3GEEE9v5E9av+Yx4indY7ndS27gA:3RujesS4HREEK5MYxDdqn420

    Score
    3/10
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/nsRestart.dll

    • Size

      7KB

    • MD5

      615f430edfe6526484f30540b88aceb2

    • SHA1

      3403bd03c5e9dddca22ce906af207a7daa8958ba

    • SHA256

      0747a9cda38b093f1281cb2d31a2565cc8d8e1cea87e6ecd888b278ae349b4a2

    • SHA512

      1f291200bcf1e5031a2d11a719b6c39faa75000d9a295502f2ad36429a49f89ccd541b4d87fcb994727d6ceb03577d4a111fdaa2694c4429f772f4b1d3a8b1a3

    • SSDEEP

      96:DZFEa3jYvR7aMnPIeQIUXNuWZLqng2BuwOLinPYqpN14t:TEaYRJfUXNTZLqnfBEenwqpX4t

    Score
    3/10
    behavioral10behavioral9

    • Target

      html/background.html

    • Size

      152B

    • MD5

      5f928d4ade4a291d9c37d777ec4a1d41

    • SHA1

      3afa3be547c27e775c339e2623e1c496d6d56920

    • SHA256

      359326ec4d329102135d53f8ec04967850020ef78a1032e732470283ce2811be

    • SHA512

      6fa64097f993bb12eacf667cef6dc6a310df94e29febef892d42f5dc35ff00d3a158983eb0884f33921b7b5b072034dce9b8eb697a4fdc5b2a41f23cfa4cc3a9

    Score
    1/10
    behavioral11behavioral12

    • Target

      html/popup.html

    • Size

      872B

    • MD5

      94d601499f91578c1a627afb56c2b1a4

    • SHA1

      beef5c0cad75f18645b54994e69df2b5f8ccd776

    • SHA256

      95bdde200b8920cbf2178e3fb0a61f7b8da513ccfe8725f66d4cc9086dd059ad

    • SHA512

      9fbbd2ab7262813f328cbf5a13ade60f57fd415107b99d5e596c8007abf29391de4732b3a3442158d215ead81918f36f49a469d1eeb615f31f8a6176cd194a70

    Score
    1/10
    behavioral13behavioral14

    • Target

      js/background.js

    • Size

      1KB

    • MD5

      2de34dab819e412057f04e471923c2d6

    • SHA1

      b007dfdf5217671c1e90eeef8c3865ffcd5aa63b

    • SHA256

      8cb589c8b14075ee997ba295196bd220fb4be985b6e326c4d1bc0127beef9859

    • SHA512

      41948b7e676487c048bc434c9d1908d0bbf26b3fc06632a04c39c8082e7032cb7a5df0df827e21b35b77414b582b706b98e68e280a4d949d8be8b5c2c96a253e

    Score
    1/10
    behavioral15behavioral16

    • Target

      js/ico_auto_parse.js

    • Size

      2KB

    • MD5

      11750642c098aee9a734900444c3e1f3

    • SHA1

      b9e0725520d41fc8af06fdb0b82dd26ce6ab892d

    • SHA256

      c08f9e029d5e7a21cdc5eb35fc6fe32d1c710f815fda296bc5f917c9dcc11562

    • SHA512

      37e7a41c520c4eac85fea2ae8b6aa1478ce807a4db8f59fef3e788172f21ab50a34f218b833cfe7b33e57a5f807f4347a2e94d9bc38d58d3bd6e1a289ae3273c

    Score
    1/10
    behavioral17behavioral18

    • Target

      js/popup.js

    • Size

      1KB

    • MD5

      250aa9b47ff4d8c2ca57c301377dae6d

    • SHA1

      8bbe703baca8643ec1f4499a40909b47eef85b24

    • SHA256

      2febdc38a2c3ef6777bd4295afed938567659478f1c0aaca6d49aff55215f6d8

    • SHA512

      6e31b834bd160bedf792dde78d9c208d8711accc9e2ed68ab4598108a70dab94ae59dac8a85756fcfd27373d18d8fa945fa7aa1eb543ade79cbe34a681489e5c

    Score
    1/10
    behavioral19behavioral20

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks