e51f9872e031dd69462f26faed5110b29bc317656ee69fab57cff1021b014f7d

Sharing

Copy URL

Twitter E-mail

General

Target

0445c1864f0dafab0a5ecd40484f1178_JaffaCakes118
Size

1.4MB
Sample

240328-ned1xsbb4y
MD5

0445c1864f0dafab0a5ecd40484f1178
SHA1

e2c6439bf4f7ca2f46ff233d4f15c0da6d6f3df6
SHA256

e51f9872e031dd69462f26faed5110b29bc317656ee69fab57cff1021b014f7d
SHA512

eb23ab161bc90ebbe2a67f2842d7ada742d6dc67d773e08c58643c3b87b4787f87e1d773c7c45319d39f32e4cfb74e9ae50fcb199c7d03d5132f7ded179378e1
SSDEEP

24576:5bQY9DylG6qTQalnQPC8Zcx2j9k6MwYA6u2oH9cKYbhS+88SEDJD:5bQYgtq0aQqB2O6Mwwu2G9+bYMD

Score

7^/10

Malware Config

Targets

- Target
  
  Proxy Grabber by Mathian/Proxy Grabber by Mathian/AngleSharp.dll
- Size
  
  1.2MB
- MD5
  
  bf331ab2e9bb06d900929de29c659ae8
- SHA1
  
  de373addb4f889e950e875766028471937d91055
- SHA256
  
  0b6d37c6113914decb8ae2142dee7cf476206036806821ac6dc63d69269f827b
- SHA512
  
  8bb0cbea3ae1e064e3bba2eb6fd07a3eaceaf70b95de925622f35705c118977c36c17c47d6a1986e474f7962066390a693cfc5e0365bf1b4e573bd55229c01d9
- SSDEEP
  
  12288:O4jGmiyY0D4qSCFgfNSlKPLCPI9Um8VccZZs0/4bh57RQ10oDpT:O4jGmxvSCF9KmPI9Um8VccZZs73oh
Score

1^/10
behavioral1 behavioral2
- Target
  
  Proxy Grabber by Mathian/Proxy Grabber by Mathian/Microsoft.Dynamic.dll
- Size
  
  871KB
- MD5
  
  aba389a299beb16cc04337ec76c8a965
- SHA1
  
  017f804fe5543b4d8ac38d98e61d822996ab48c3
- SHA256
  
  4f7425cb08cc9bca6fca4bfc08d22b6d9716c507f306f40ae7134b878d909a21
- SHA512
  
  6f842b25ac28d60b7a2e370efb254b3694a22b6431433abe99adce94e8c4c36582df35887ff738ae9b180c44d82f4d0fcd046bfb29ee1638191f02f113f6e7d3
- SSDEEP
  
  12288:poMpPbcvs8rFLaon7ztIuMvn47TPVGNLzjmX:+Mdcvs8rFLao7JI1/GVYzC
Score

1^/10
behavioral3 behavioral4
- Target
  
  Proxy Grabber by Mathian/Proxy Grabber by Mathian/Proxy Grabber by Mathian Developer.exe
- Size
  
  246KB
- MD5
  
  d073428ed496be35b6ec207e6395dffb
- SHA1
  
  425829295fc203ef8ee036a00b6c380acd95078f
- SHA256
  
  b8bcaefa4f1a500db12252c6ab7f1eae4733e8f54bf5e65b7f47abef949c3200
- SHA512
  
  e37efcc7a3a5b90f79e9797dd8f8d0aafc507fc3526a28b41346f4be6821668169154f4b8e297b289493ff2fc52b3a26dd5782123f48b152ddabd3895c79905c
- SSDEEP
  
  6144:Pb6g4ipqFpgRMeQHjIkq7DdXNwBHr1lk/:GBiAFsMe6IkUpOpBy
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral5 behavioral6
- Target
  
  Proxy Grabber by Mathian/Proxy Grabber by Mathian/data/AngleSharp.dll
- Size
  
  1.2MB
- MD5
  
  bf331ab2e9bb06d900929de29c659ae8
- SHA1
  
  de373addb4f889e950e875766028471937d91055
- SHA256
  
  0b6d37c6113914decb8ae2142dee7cf476206036806821ac6dc63d69269f827b
- SHA512
  
  8bb0cbea3ae1e064e3bba2eb6fd07a3eaceaf70b95de925622f35705c118977c36c17c47d6a1986e474f7962066390a693cfc5e0365bf1b4e573bd55229c01d9
- SSDEEP
  
  12288:O4jGmiyY0D4qSCFgfNSlKPLCPI9Um8VccZZs0/4bh57RQ10oDpT:O4jGmxvSCF9KmPI9Um8VccZZs73oh
Score

1^/10
behavioral7 behavioral8
- Target
  
  Proxy Grabber by Mathian/Proxy Grabber by Mathian/data/Microsoft Windows Protocol Monitor.exe
- Size
  
  9KB
- MD5
  
  61fce223872024b0ecb0bb2a7ffb7c47
- SHA1
  
  f893d620f9d843c8bdb86a0375f856508a6ce136
- SHA256
  
  4b5069b9708a8e97b17af6aa96cf2112877a675b4dbc1f6dbc2601b494b35d11
- SHA512
  
  8926a5f7d6aa862351044d79a634decda989b50ad422ba3e9a97c573ff618a8314607a7afe093925f56d87861eefb31d3820d9e02b1cf2847c0e6072880ac192
- SSDEEP
  
  96:EhFCaDIf/qRxXCaNKP0ZlI4yd89OEC60LZu2UIOwpotu0ljXg2+Pph2UA2vc2gWs:GdIf/Qgac0jI4CEZp0LVUhljXYplwWy
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral10 behavioral9
- Target
  
  Proxy Grabber by Mathian/Proxy Grabber by Mathian/data/Microsoft Windows Protocol Services Host.exe
- Size
  
  10KB
- MD5
  
  7e4ec49968cdfeb455c1f56c5a944287
- SHA1
  
  01a9bc140345909f970e4ef6f7c4efd0ebc0fe09
- SHA256
  
  c68300968c576203725e09edf1ac9b069b903ee06a4321c8c8fe5582898c10e4
- SHA512
  
  61823c4fcb0e3bbab44286215b702a0306984083f4b55347a82671b6393e67522c91269686d910b229781470db79ce4b46a1336a6e6afb077b8fb6f9d9c5094f
- SSDEEP
  
  192:qMy+2mU01aBVHwlPGgnJ7eLHWmY4UpeWdAzc6WO:qMj2maBlNgnYHs/Qc6W
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral11 behavioral12
- Target
  
  Proxy Grabber by Mathian/Proxy Grabber by Mathian/data/Microsoft.Dynamic.dll
- Size
  
  871KB
- MD5
  
  aba389a299beb16cc04337ec76c8a965
- SHA1
  
  017f804fe5543b4d8ac38d98e61d822996ab48c3
- SHA256
  
  4f7425cb08cc9bca6fca4bfc08d22b6d9716c507f306f40ae7134b878d909a21
- SHA512
  
  6f842b25ac28d60b7a2e370efb254b3694a22b6431433abe99adce94e8c4c36582df35887ff738ae9b180c44d82f4d0fcd046bfb29ee1638191f02f113f6e7d3
- SSDEEP
  
  12288:poMpPbcvs8rFLaon7ztIuMvn47TPVGNLzjmX:+Mdcvs8rFLao7JI1/GVYzC
Score

1^/10
behavioral13 behavioral14
- Target
  
  Proxy Grabber by Mathian/Proxy Grabber by Mathian/data/dev32.exe
- Size
  
  24KB
- MD5
  
  4b7d403df47e260095e3f4ccbde28fd5
- SHA1
  
  b7bff5418b00c2fc6f5cece43f0301a0dbcb6fe6
- SHA256
  
  8a4961ab49c3a2c7d4869959f552f8f4b566ce1b6cd1b5017ad522e892fa5126
- SHA512
  
  4bbfff167b69a54e07d305b637365cc975a6839783857ca7fd3ac824bdd3acb5ac5b817e93ba04bac1e79965315b360e15692256afca97ef3e8807f62711af1a
- SSDEEP
  
  384:Srxf3XD+0rtGJVSpSJlusYC6XuppppQTf6ZDYIfNL/WvG+AHcz7beOfb:SrxfD+0rtwYhuppppQTYDBIIi7beE
Score

1^/10
behavioral15 behavioral16
- Target
  
  Proxy Grabber by Mathian/Proxy Grabber by Mathian/data/mfc100cht.dll
- Size
  
  36KB
- MD5
  
  61a56eb574daa6ceab692f98be3e5bb6
- SHA1
  
  b52aa36e1a2594fe0ac97ee0b867df822d223b76
- SHA256
  
  928f0528706576c2f7211e98462e87e03bfc14eb7a84ca3531f45ce1d9f080a3
- SHA512
  
  0b787be453e7d55b810e3075ab96e9f07a7f4a10d34c9082f17c26db0578a7199ddfccf1749c87c97541f9484908e59b1a237361b92123f98880dc5835173124
- SSDEEP
  
  384:m1cPmgt96DteT9X2IEI41W4WA1G/7kn4TJgUqJgM3KbgkE3H+iihZ2+10vq0GftC:muufpTVI4P+7kn4TJVM3i/EhK2iex
Score

1^/10
behavioral17 behavioral18
- Target
  
  Proxy Grabber by Mathian/Proxy Grabber by Mathian/mfc100cht.dll
- Size
  
  36KB
- MD5
  
  61a56eb574daa6ceab692f98be3e5bb6
- SHA1
  
  b52aa36e1a2594fe0ac97ee0b867df822d223b76
- SHA256
  
  928f0528706576c2f7211e98462e87e03bfc14eb7a84ca3531f45ce1d9f080a3
- SHA512
  
  0b787be453e7d55b810e3075ab96e9f07a7f4a10d34c9082f17c26db0578a7199ddfccf1749c87c97541f9484908e59b1a237361b92123f98880dc5835173124
- SSDEEP
  
  384:m1cPmgt96DteT9X2IEI41W4WA1G/7kn4TJgUqJgM3KbgkE3H+iihZ2+10vq0GftC:muufpTVI4P+7kn4TJVM3i/EhK2iex
Score

1^/10
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Drops startup file

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20