09f74ca0de08a2181671b49c9f399fdcfbcc8d21f08d216bbdbbb4501104f57a | Triage

Sharing

General

Target

e9bedfa5624c03bc97f4b483b65d8fdf_JaffaCakes118
Size

1.5MB
Sample

240409-l5cvfaff21
MD5

e9bedfa5624c03bc97f4b483b65d8fdf
SHA1

2c3247266cf332285df6da5817e2b28f88a9f3de
SHA256

09f74ca0de08a2181671b49c9f399fdcfbcc8d21f08d216bbdbbb4501104f57a
SHA512

324bf29a17275e66da725a4a935e96f9b9a1ee5ee6f13453c61915f7f09c58540dfe7b95e8f062a4d5272f04e2487662f4020af2e56425538486ee1bf30200af
SSDEEP

24576:xnQms4iJjg5Q7wa/Dv1GHafqeh2LtKLV9zvKO8B2cIHAH9I9gNMrIs0tuo4x527B:xnqsRa/Dv4EWIzzvKO8PwgNMrStuF52t

Score

7^/10

spyware stealer upx

Malware Config

Targets

- Target
  
  e9bedfa5624c03bc97f4b483b65d8fdf_JaffaCakes118
- Size
  
  1.5MB
- MD5
  
  e9bedfa5624c03bc97f4b483b65d8fdf
- SHA1
  
  2c3247266cf332285df6da5817e2b28f88a9f3de
- SHA256
  
  09f74ca0de08a2181671b49c9f399fdcfbcc8d21f08d216bbdbbb4501104f57a
- SHA512
  
  324bf29a17275e66da725a4a935e96f9b9a1ee5ee6f13453c61915f7f09c58540dfe7b95e8f062a4d5272f04e2487662f4020af2e56425538486ee1bf30200af
- SSDEEP
  
  24576:xnQms4iJjg5Q7wa/Dv1GHafqeh2LtKLV9zvKO8B2cIHAH9I9gNMrIs0tuo4x527B:xnqsRa/Dv4EWIzzvKO8PwgNMrStuF52t
Score

7^/10

spyware stealer upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $TEMP/TeamViewer/Version4/TeamViewer_.exe
- Size
  
  1.4MB
- MD5
  
  acf29765d8cf2b26ecb3f8c373a1e6e7
- SHA1
  
  13c10b8f6cb01afece13c7428ee87c2c86e62064
- SHA256
  
  d0a6b4abf0cc538015de5ea61b8f812bfa115f3457c1c698cd8620aab25f8f7c
- SHA512
  
  fa210e9092b996b3ab4ecd93081a637b28b2c3f17434a0e85acfaff9904e84bf7f2aacad418af4211b84626cefe0bf4defba850081abb7631f0721fd10791635
- SSDEEP
  
  24576:0nQms4iJjg5Q7wa/Dv1GHafqeh2LtKLV9zvKO8B2cIHAH9I9gNMrIs0tuo4x527/:0nqsRa/Dv4EWIzzvKO8PwgNMrStuF52b
Score

7^/10

spyware stealer upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/GetVersion.dll
- Size
  
  5KB
- MD5
  
  c6910d6e78c2e5f9d57d0bc6d8f6b736
- SHA1
  
  a395099062298b3f3c015359b227ca02a72c6e2c
- SHA256
  
  b2c32af2b0d75dfd08ae4e1ad7c5897957240b32bf7a16855d6a46512d272b9b
- SHA512
  
  4cd45b887ce5b7fecfd863cae83817465d7378cc9f5b50f5762d5f209c55a37257d94e91dea4c91c66f2c5bf22cdc1f5545eeef52a090f05cceeedf59bbd2a10
- SSDEEP
  
  48:SQQhmkBkC+LRYvRPyIPm/QtO1l3NSphgPNy6C3xNsbj51SBNE46AQubLQlI:eRBkTLSvRtC5SpSM6MxOnSBi46AQuP
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  14KB
- MD5
  
  36bd5fe93cba28f56faa83b84833d33f
- SHA1
  
  f45d3207fb707c6a768cb5799fcc04da13503b79
- SHA256
  
  6da03a7b9dc18a940c910903c31b09934bfcac582aabbb2fe081e540098b1d54
- SHA512
  
  0dd06cb7d521980fca53bb4c3def3670b847291236dcf2c802b41b94c69e17e43cc16c8672b5af4f2c00d2732e3685e80171ca579cef9f0b44c4fee56caba58e
- SSDEEP
  
  192:T4lsN55M8r67wmsvJI5a299sfoG8I+WhPB3RY+h/G3DNl/qYcVp/12hgszA:TysdM80dCI5a2LsQ5IlPNRY00AlAfU
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  cfbae93f361e2b430743e423709a483f
- SHA1
  
  9d31546592a9e6817025cc5026fee769e9a6c015
- SHA256
  
  0f4aac375087f0a5df393d7463bd462193008922136a2aba8619736223ba7add
- SHA512
  
  485bc9c83087a1a6f48a5508ee390384c2db93b9d50c295280337dad78b47f65aaa0caea8d6d23ef25f86b73cd2e724cb88a738f6b53037e47225c6522f912b3
- SSDEEP
  
  192:MO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1a1gMO:9KAFERdlxhGRYUzqZa1
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  13KB
- MD5
  
  7191bf2f751c79e50386b87c458ed2da
- SHA1
  
  30df71f1945f0ece8d396042dba84d92f84dbfb6
- SHA256
  
  45de80c4ef75ac01fdfca02a0c05c090311cb65b0f52b61e2307494d643466df
- SHA512
  
  121143369c5edd732a513c884fa90d0ffc03f3966c46f8feccad09591295890de61dec7872e6fd6cd03ae132287bd1dad44d74b45fc8e623a0fa4a647510ca91
- SSDEEP
  
  192:dlKA1Fiy+JjtWyPPW/O3w3hzwGRDvTR5QKZMAWSp2o0R:WA1n+HXoO38bVvTDZMAWSpuR
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  0ce863c82162be08cdd779900428cff1
- SHA1
  
  fc835c7afa7d669f238e3e1179c5e01c3b39ad83
- SHA256
  
  f2cea895705cb88e54eb1b2e3546b4de31af8e02e47ade0b1025ba52cffbe5bd
- SHA512
  
  6799626839e344ad9985a5a5542aca7fde0afe799bcfbcd5631410f4f8de4f45c3e383dbcc30d9e171a92cea4d45f6fd28e1381cc208d7adc383d5beb0110f62
Score

3^/10
behavioral13 behavioral14
- Target
  
  $TEMP/TeamViewer/Version4/SAS.exe
- Size
  
  53KB
- MD5
  
  bf3bcd752bdabfa1f1e84b7462738103
- SHA1
  
  34cb8ea7d47467cace271e03b7869f37b0ecb30a
- SHA256
  
  90fe790e189c384f2ab82958057f91fdf40888c2ed3c0471bd7b85d5b36c7810
- SHA512
  
  6d5362c4d354319845f4522e0d1132c32a6779efc4c013c8c7bd489fddf39cbb5dfb72b135487b660d156d7774e5be4acc03c3fcecdb6dabcfad12630a3f5955
- SSDEEP
  
  768:bA3C0RkYbVJEhDPCVbvv1l9OlKX8v8XAibCxHRgPjchVCK5EOahtZLXbdHa:c3CSb3E12VOp8Qi2xCP3KjytZ/dHa
Score

1^/10
behavioral15 behavioral16
- Target
  
  $TEMP/TeamViewer/Version4/TV.dll
- Size
  
  64KB
- MD5
  
  4b030749eef3498b8efbaf2877a59fb5
- SHA1
  
  70d65a57582fa7145bcf7198e0751e5a3bfffcc5
- SHA256
  
  ee4f367a4074fa13d15eb17ae9e140d38b249959a29d6e4146c0577df2fed01b
- SHA512
  
  9a265c06a377bbcaba9b6b0e2752657701fd1fb82613d7ba520e4739108951d0059e1c8d7533a3e94928e5971a9d2fc575d3adc67f4ac768f844c63a5e11e8c7
- SSDEEP
  
  768:DwneoYqWGp6ja9akpdyRsi7Z3/HVtcM2:DJ+sIaIyP7FNtcM2
Score

3^/10
behavioral17 behavioral18
- Target
  
  $TEMP/TeamViewer/Version4/TeamViewer.exe
- Size
  
  3.4MB
- MD5
  
  2e027f3b572c218c64d6a511b14a4187
- SHA1
  
  eeb9ac3cbd08834c7ae71c79fb3d77c98f174d80
- SHA256
  
  efc1c03fe3e38079ac2c12f86ba6fdcc4889a22738539e82293f9f008d60a101
- SHA512
  
  4f05f6232bf5f13a545022de1a097755d17a4d3414cf1a97d854cacb4e57ad8835778d638541632ef23730bb43dbe4b4d521cc042617aabc0f14a01b58becaf5
- SSDEEP
  
  49152:yVSl5yAhOffG+diT/IfiX7CcLxYVfRi3PNNu+axk/jNjovY7icVJJD46C/ots:CAhOf0c/yxYBRi3T7yvY/A6CP
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral19 behavioral20
- Target
  
  $TEMP/TeamViewer/Version4/TeamViewer_Service.exe
- Size
  
  181KB
- MD5
  
  82ea3814431d24fbc692f27ea67e176b
- SHA1
  
  0d0f1ee84a381728c65569e5ea3822b0c67fff3a
- SHA256
  
  9581cadfc5715729787b65d025d7fdeebaa9893b987a0dd3aeeb3db310ff9827
- SHA512
  
  d0c0a55506f1ae11e115d03b7ed76f918ce545e9e3efd11fa27a846182148e6031988a1056dde72dea921e732c9bd35d4b99a8192a40d87ff196c522f6d7a285
- SSDEEP
  
  1536:4EkQAbDmJCIemdRpF0l5cW1QJhXPB2dUoWeTj1UG+avo2Cv9wm/6PTulmI05W4qT:ecR/t/oWeTj11Y05W4NtTfA
Score

1^/10
behavioral21 behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

spywarestealerupx

behavioral2

spywarestealerupx

behavioral3

spywarestealerupx

behavioral4

spywarestealerupx

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22