General

  • Target

    e60c7397f68fbaf54e71ea6bf645d959_JaffaCakes118

  • Size

    668KB

  • Sample

    240407-2wva5ahb86

  • MD5

    e60c7397f68fbaf54e71ea6bf645d959

  • SHA1

    ebc0c70ee7189b041ab242eecab089b38aa357d9

  • SHA256

    23641b1b717d089e09858d42a5b0627e239bb54980b81574fc5767793c6f8341

  • SHA512

    a3102d37d93af407e3f4bed6743ab5d98a3a6eedee310238005af0ef61791e8f59474ffcab35846319f750239cbdd744032c03139bfb8ec4813c225eafb30b7a

  • SSDEEP

    12288:xSWBINtJ8rSLE+rX9XZWJ8bSLEqzcs2o4Rjbtz/tJAE1UL:xWNz82LEgXZK8mLE4P4V5zAL

Malware Config

Targets

    • Target

      e60c7397f68fbaf54e71ea6bf645d959_JaffaCakes118

    • Size

      668KB

    • MD5

      e60c7397f68fbaf54e71ea6bf645d959

    • SHA1

      ebc0c70ee7189b041ab242eecab089b38aa357d9

    • SHA256

      23641b1b717d089e09858d42a5b0627e239bb54980b81574fc5767793c6f8341

    • SHA512

      a3102d37d93af407e3f4bed6743ab5d98a3a6eedee310238005af0ef61791e8f59474ffcab35846319f750239cbdd744032c03139bfb8ec4813c225eafb30b7a

    • SSDEEP

      12288:xSWBINtJ8rSLE+rX9XZWJ8bSLEqzcs2o4Rjbtz/tJAE1UL:xWNz82LEgXZK8mLE4P4V5zAL

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Target

      $PLUGINSDIR/AnimGif.dll

    • Size

      9KB

    • MD5

      200b6570553d00a76de8a5a6c9587f07

    • SHA1

      08ca76a84cba8483ab34285d07909e08bdbf4a67

    • SHA256

      8fb060b77728fbe347e294d1174a732db7cf9c99b187f8f332662c87683fd0a3

    • SHA512

      01ab8aa80d7d5d3083f2e3016aab5dad29c0bbba18b225a5dde51b3bc6fa4c8c1278aec17d76bc5ee2b9ccb8532c22d79845162f752bba6ee12341b4d64304e8

    • SSDEEP

      192:gOHvLYKKad68vn0YQRbqLGWSMRH00yQTbxDdHw:bvLXKa0OqRqS1MRH00HJdH

    Score
    3/10
    • Target

      $PLUGINSDIR/Anuncios.dll

    • Size

      39KB

    • MD5

      642543739542a79b1cd8576c70add738

    • SHA1

      998a7cea2239f9925cd3796c5006edf532fab1c3

    • SHA256

      4798cc15822262fd061c3a178874afa1e5535b911eb3094fc5bbf2e365866e8b

    • SHA512

      08d7a118468056b76923694787ee2f88ab4d0e91a25b6195eaa1ccabb26c3834747a00591aa10e88d8f265eddfcb1365d20fb0a55eabb28e86ea76621516cd39

    • SSDEEP

      768:iTrcSh2AD8wOZWzF9YhvhgtWmnTED8X/vxiTQxq:AoO4bwnYhZCxNx2A

    Score
    3/10
    • Target

      $PLUGINSDIR/BgWorker.dll

    • Size

      2KB

    • MD5

      33ec04738007e665059cf40bc0f0c22b

    • SHA1

      4196759a922e333d9b17bda5369f14c33cd5e3bc

    • SHA256

      50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be

    • SHA512

      2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef

    Score
    3/10
    • Target

      $PLUGINSDIR/ButtonEvent.dll

    • Size

      4KB

    • MD5

      55788069d3fa4e1daf80f3339fa86fe2

    • SHA1

      d64e05c1879a92d5a8f9ff2fd2f1a53e1a53ae96

    • SHA256

      d6e429a063adf637f4d19d4e2eb094d9ff27382b21a1f6dccf9284afb5ff8c7f

    • SHA512

      d3b1eec76e571b657df444c59c48cad73a58d1a10ff463ce9f3acd07acce17d589c3396ad5bdb94da585da08d422d863ffe1de11f64298329455f6d8ee320616

    • SSDEEP

      96:hrA2+5HGZFYJf9D8IjDflDCoMzncsGSmE:hE2+5mMJfJ8v1zFGSm

    Score
    3/10
    • Target

      $PLUGINSDIR/ExecDos.dll

    • Size

      5KB

    • MD5

      ebcf9f71d804abab3c2e5ce4c17dc22e

    • SHA1

      17d13084e75cbfa5fbfdd0025e9a0ee5772ae765

    • SHA256

      d387b725afbd2a6f9b44999278d21025fae55b391e45f7751b88dfb13511a993

    • SHA512

      5576396c2d885c039668d7f401eeee583eb4de39e8497c3aaec32d47f4417a522fe6786c111d50a5fba7570f50e84144ef3a8aea42677d170e79114343c3a4a1

    • SSDEEP

      48:qNpugCjmWaZ+rnHAUiP9JLw/RHFtly5vorpSpSi7+5HCAx31Oglt6Zlrz9QH96AD:r0W1nHAfPPORHnooAU3xYglt6WwE

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/ThreadTimer.dll

    • Size

      3KB

    • MD5

      c43953f463c22e048e45b402d190e77d

    • SHA1

      b4a5e6567bed3c783af030df9418f91a7bac3040

    • SHA256

      4e2a7c511e0f2ef46ac9002e0666f058ea5a4657371f086e2e4797393ee2fbf2

    • SHA512

      18facd89f3dc55826b7aa0c02b8fdf3a1e6741850e4d9c264fb095e9da7956f6a4d331655ef00862948397d1a3f99d15243d03ef09c145a39c3b9a0c2ef4c974

    Score
    3/10
    • Target

      $PLUGINSDIR/ToolkitOffers.dll

    • Size

      245KB

    • MD5

      3c6a9490f32cf8aca12252188874dade

    • SHA1

      4df69fe59c10f2cd6de472e5fc05eed5a489998b

    • SHA256

      89ebab8d0675d7b79a3d0a455ec55d0b87aa0804cfd092e30f3d1142f0ce1109

    • SHA512

      e8ce3378bb4cfb95cbe5ea0ad83fbf8e129cdfa0e724346b789c3f43c76b8a81d85b1c1b1c1c3fe7de0bf2b00e3c8fe485b2d784d8bbaf2221faa2ce20aa6be5

    • SSDEEP

      3072:hb0VmAw9fh4OZGsz7dFG3plCyUSSOpITbI/o29OzU+VYeEuaQWkMx0mBo:hb0ont+PXCypeQgyDZQWbnBo

    Score
    3/10
    • Target

      $PLUGINSDIR/nsArray.dll

    • Size

      6KB

    • MD5

      f8462e9d1d7fd39789afca89ab6d6046

    • SHA1

      7e9a518e15b7490245d2bef11a73f209c8d8d59b

    • SHA256

      48941e9f5c92a33f1e60a7a844d562dd77ce736fd31b5503c980b49679dfe85e

    • SHA512

      57dee2253abd7d17d53811d5e95237f9434288518fb043645524a517786db2d8a91df86a6da732c620f12ad0e7ea30a923b8d5f3de386c65bd3ff240bc0dff69

    • SSDEEP

      96:TjGBPJ762z6gjutipI+h7jz5ozZt/aYfA7EfXxLfAZi:/ix7ibUpIS+Xa1wX2Zi

    Score
    7/10
    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      c10e04dd4ad4277d5adc951bb331c777

    • SHA1

      b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

    • SHA256

      e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

    • SHA512

      853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

    • SSDEEP

      96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420

    Score
    3/10
    • Target

      $PLUGINSDIR/sarainetc2.dll

    • Size

      172KB

    • MD5

      4ef7a82508258875ca4e684fb216a3cb

    • SHA1

      aadf65260945eb2bf7ec07d622aa609757b44cfc

    • SHA256

      8cfa8ac6ce078a961e33771d69dd4ce10fbc2e8e84cc4fec7afbe20a40d9a6aa

    • SHA512

      9cc57392faba3b8da7c6aa4c71b39d0fcd8d0b5871ce839647acf917d396de5ea6d1c9be6ab4457460751f8d40748e84e323c651371e89a9beb2f0a50cf6cc06

    • SSDEEP

      3072:MW2YXDpNYCy32SHyE1k7skVOiIJz6Kp+rBF:MW2YTIJzk7skVjIY

    Score
    3/10
    • Target

      $PLUGINSDIR/version.dll

    • Size

      6KB

    • MD5

      ebc5bb904cdac1c67ada3fa733229966

    • SHA1

      3c6abfa0ddef7f3289f38326077a5041389b15d2

    • SHA256

      3eba921ef649b71f98d9378dee8105b38d2464c9ccde37a694e4a0cd77d22a75

    • SHA512

      fa71afcc166093fbd076a84f10d055f5a686618711d053ab60d8bd060e78cb2fdc15fa35f363822c9913413251c718d01ddd6432ab128816d98f9aabf5612c9f

    • SSDEEP

      96:nPtMckE1e91BopVyXwUhn3f1I0vOKeoqO4d8QvS9:n1MMuOUhdI0c04yV9

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $TEMP/instloffer.exe

    • Size

      164KB

    • MD5

      a0f05f4703af66e89f3cbde7aed8a719

    • SHA1

      549e703a1c4e7ce7b05f49fbd7d1d38c5d959e05

    • SHA256

      7133696bfa5556914a68547d0f719c9bcb521c7ad72bf7d579faa9c5e8a76650

    • SHA512

      b781b2d04ce514395f4df376e2013f750695653ceda70100202b1819e8de0134a57a502f0c2037aab65e176b3024533c26a08ec4d5b9e6466f0d5c1286578311

    • SSDEEP

      3072:+gXdZt9P6D3XJ8kpwHIDLqJO4cJSNhh67Ywksl/LSLEDTOBuDOOG:+e34ukiHtJO9ZBSLE+jN

    Score
    3/10
    • Target

      $TEMP/license.rtf

    • Size

      15KB

    • MD5

      99917b934514b67ddd06924a946af785

    • SHA1

      033d04e7bb31cb5af832009f95666954dfe7b1ce

    • SHA256

      34f4ff37f1f1a5157b420eada86cc5b0af5c95118eb38c0b71c9273b22ff2294

    • SHA512

      402b913d3594461f67a27fdfc4f4632f5db7db8bda0591b01e4e2b4dbc701f2f4ecf10eee8559820f14478def4f5f33b0eb083fa8273a43c243d2aba191b0c2d

    • SSDEEP

      192:doyiN15CHjJn5PWkt1I71jz/G1n3mSxvOrTa//OTdcofTNvdVn+Xx9uN:OyUw+oIFze1n3phma/23dUB+

    Score
    4/10

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

discoveryspywarestealerupx
Score
7/10

behavioral2

discoveryspywarestealerupx
Score
7/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

upx
Score
7/10

behavioral20

upx
Score
7/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

upx
Score
7/10

behavioral26

upx
Score
7/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
4/10

behavioral30

Score
1/10