General

  • Target

    f227c340fed1251fa5810360d979e11f_JaffaCakes118

  • Size

    3.3MB

  • Sample

    240415-3bgd7sba42

  • MD5

    f227c340fed1251fa5810360d979e11f

  • SHA1

    b45806f85a8efa8aa923a09b28b26ee1fcfd97ba

  • SHA256

    7d9250cd0475be93ee3de2f6d5976ea5b697c42fd90bee60175ab615146f1158

  • SHA512

    bd721dbe20c21dbb0b40af30e6f1a7674545dee336a0b04c837aef066d3a1053c4049a3f3a2f4513beef5bc4d22001bee956e5e0cf9aff2023a1aba1a7a70e5f

  • SSDEEP

    98304:OA5tlev5ZMT27VgPoF3msZUIk7r+qJiIMui9sh9l:OA5jiaP83msZLk7rd9

Malware Config

Targets

    • Target

      f227c340fed1251fa5810360d979e11f_JaffaCakes118

    • Size

      3.3MB

    • MD5

      f227c340fed1251fa5810360d979e11f

    • SHA1

      b45806f85a8efa8aa923a09b28b26ee1fcfd97ba

    • SHA256

      7d9250cd0475be93ee3de2f6d5976ea5b697c42fd90bee60175ab615146f1158

    • SHA512

      bd721dbe20c21dbb0b40af30e6f1a7674545dee336a0b04c837aef066d3a1053c4049a3f3a2f4513beef5bc4d22001bee956e5e0cf9aff2023a1aba1a7a70e5f

    • SSDEEP

      98304:OA5tlev5ZMT27VgPoF3msZUIk7r+qJiIMui9sh9l:OA5jiaP83msZLk7rd9

    Score
    7/10
    • Loads dropped DLL

    • Target

      $PLUGINSDIR/ExecDos.dll

    • Size

      5KB

    • MD5

      a7cd6206240484c8436c66afb12bdfbf

    • SHA1

      0bb3e24a7eb0a9e5a8eae06b1c6e7551a7ec9919

    • SHA256

      69ac56d2fdf3c71b766d3cc49b33b36f1287cc2503310811017467dfcb455926

    • SHA512

      b9ee7803301e50a8ec20ab3f87eb9e509ea24d11a69e90005f30c1666acc4ed0a208bd56e372e2e5c6a6d901d45f04a12427303d74761983593d10b344c79904

    • SSDEEP

      48:6jOBtU/BXN8kUByyy/Aklkcrkyg7Vg5RibGoTCTo0gqVeeaeQqzM5rv774YRljmB:y/DMy4ncrkyg7tbpQFLUEYRxe

    Score
    3/10
    • Target

      $PLUGINSDIR/LangDLL.dll

    • Size

      5KB

    • MD5

      9384f4007c492d4fa040924f31c00166

    • SHA1

      aba37faef30d7c445584c688a0b5638f5db31c7b

    • SHA256

      60a964095af1be79f6a99b22212fefe2d16f5a0afd7e707d14394e4143e3f4f5

    • SHA512

      68f158887e24302673227adffc688fd3edabf097d7f5410f983e06c6b9c7344ca1d8a45c7fa05553adcc5987993df3a298763477168d4842e554c4eb93b9aaaf

    • SSDEEP

      48:iV6pAvmNC6iMPUptxEZK65x/AmvycNSmwVsOYJyvrpXptp/JvR0Jlof5d2:2811GED5ZTvycNSmwVsTJuftpZR0Sd2

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      7579ade7ae1747a31960a228ce02e666

    • SHA1

      8ec8571a296737e819dcf86353a43fcf8ec63351

    • SHA256

      564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

    • SHA512

      a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

    Score
    3/10
    • Target

      $PLUGINSDIR/g/PRFB-Chrome.exe

    • Size

      569KB

    • MD5

      e7e73ebcd63a21abff82f946d7216be1

    • SHA1

      09763441c0cd7eac0199a0f546f667e4cfc7eb0b

    • SHA256

      dfda459984d2daf5e81905e75b01f84604bb3388f655ae70b0c61c9bb28b1320

    • SHA512

      1ef7d1c6bb4979752b382bf7549e4fff9d3bdef203a5600d1ef798ba443508ab6b1ad1428c9233556297ec24c955542dab4e9652a5d1169302cc11507714a6cf

    • SSDEEP

      12288:6mt6wVOkXAQjfbE2YCyz+/UcYyOk3jFZcngtv9e+l:pt6yOIo2xy6MlTkuCle+l

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $TEMP/googleupdatesetup.exe

    • Size

      549KB

    • MD5

      01e1716a03b513f6538e022dd0ec6ea5

    • SHA1

      9bbbf3b31340f4b049fd97ccfd34b2a03ac4ec39

    • SHA256

      d31b7c8cf3207b19e18e899523a3d7caabf8fd1ac5cca38a4bada87516333091

    • SHA512

      ccf065518cab5f34001f61f2e7f5350862c75b1b8cab7a8697712bbf4fb28789496229422a7cddaa68befb7d93afab3c37e799d4b267c300d56333f5a15cada6

    • SSDEEP

      12288:LxTKk7QjSbE2xSyz+FUFYkOu3jgQcngtK7++T:lbY20y6qeVuqCCNT

    Score
    1/10
    • Target

      $PLUGINSDIR/g/PRFB-IEToolbar.exe

    • Size

      261KB

    • MD5

      0317731c895f6280262515f5fa739ae3

    • SHA1

      cb5834416618d6112afecc016e10f35eb5043507

    • SHA256

      f153974256596e473c74d9d4139daa49fd078879e69001056e99ab353d06927b

    • SHA512

      4b17d37c638349c54ec3f10b1bd7901fabac4e69a49641a89bcfc1826a1d3f520593a785092bab4e68845b8997af8c2bd889485a06e84284d67fa4ca32b360c2

    • SSDEEP

      6144:Pmt6MnbXt2svZLLIb/TbVPXe8DyF8dT6OVk17gJT6uWEeG:Pmt6kbXt2+ZLkbBPefskNgJT6BG

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      $TEMP/GoogleToolbarInstaller_stub_signed.exe

    • Size

      229KB

    • MD5

      39d998e29dc9277c8762070901e69a32

    • SHA1

      ebd09f3ec33b4e56ebc3eccc0107689d4c5a2bca

    • SHA256

      ad68cfbbd2765be47b430cb0b3b527ade826e43c2ed6681ce6b9b5b44c8f18ff

    • SHA512

      cec7b2dad52ea5015c1a7b819fc1c3287325711b43dee50827f90b9f890dd4d34acacfa1fb65e3f0e62835dfaf0b1c93cde84274c78caf76e1cded8e327d7834

    • SSDEEP

      6144:M3wpq8sDsLLIb/TKVPXe8D0F8dT63VkiHFBGeWIY4AfJrrUZ:M3ssDsLkbiPenXkMNWIYzxrgZ

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      $PLUGINSDIR/g/gcapi_dll.dll

    • Size

      62KB

    • MD5

      f6400e8bdca118c6b5170c172fcbc06e

    • SHA1

      992d2d0ee1f1621dd6fc0452d26ffcb65c30a95f

    • SHA256

      c66dedc708c1ff94b16c46951570887f528e542bbb3e5574ba314fbb736a9cb4

    • SHA512

      15fb3eb080e91284709d759b9b051051f64f47850b2a108d7c8f9b334237a630573c5c96eaee2a70b635ce74eabeb46c53178f1986e985819140d8fe88b3f143

    • SSDEEP

      768:ozZ68lZ3rnZg8akat6Nn4gHyMsBkX1wM1zROnIaxHHyQPHKOEkmmX:oIorha56BrHNsCwqzRKIaVSQfdEkme

    Score
    3/10
    • Target

      $PLUGINSDIR/g/gtapi_signed.dll

    • Size

      71KB

    • MD5

      61bc40d1fad9e0faa9a07219b90ba0e4

    • SHA1

      5b5c3badedba915707000d2047eaf13f27b8925e

    • SHA256

      89e157a4f61d7d18180cb7f901c0095da3b7a5cc5a9fd58d710099e5f0ee505a

    • SHA512

      fa341aa975c471082b4b6c380f794d1e9ab3939382972cfb9e1dbb3491f68296ad1cedc8f03736921c8e133f62432997de29642e223c2a97f1cab5ce91d68af9

    • SSDEEP

      1536:/J6IYeD05jIx9A1jV0PAy/DTPJocNmk8SwD3QVS9JBhp9:/JL3m0l/JocNmowD3QVS9Jx9

    Score
    1/10
    • Target

      $PLUGINSDIR/g/gtb/toolbar.html

    • Size

      1KB

    • MD5

      710e195c62e071083ac9670370128ae0

    • SHA1

      03bb8f527234594e8013ee858e00541f4e28eeb7

    • SHA256

      684a5f12b74a6e6bdecf8b91c4d6db418fd1a056063d8d681afeab2f38590788

    • SHA512

      7a61eafeca722e36d28afdcc659db8ec7bd5457fa910b47e93cc82527be68e27b96edde63ec8d6ba3d332598b0894d51a64592cf576f4a6fcb8e963aa7ecc1b1

    Score
    1/10
    • Target

      $PLUGINSDIR/g/pfLC.exe

    • Size

      37KB

    • MD5

      f0884f1aced37d66c4b8431c17073de2

    • SHA1

      83491e15aa082b710ca0f4a4c577e82ca83b5b3c

    • SHA256

      3884331e8b828b6a2f3d1ea0a9b806f3455c4f5c054e76fe033878241f68d21a

    • SHA512

      abeebe9820974c483e3dd4730563b842413d9c206e588590561d2633827a8af6c7e17427776a52d00d8df6bd6a7ba9efeba03c402254b27edd2af6880fcd3df7

    • SSDEEP

      384:IACB1SxmqTDe7wtSaLoMX+Y9KxhzANnDzR+HuVyM8fXRFCky4qSByjDdTDOubgrU:WB1qyNaLovhzqnD2uMcky4riDN6Pi++5

    Score
    1/10
    • Target

      $PLUGINSDIR/inetc.dll

    • Size

      20KB

    • MD5

      8d8fdad7e153d6b82913f6fdc407d12c

    • SHA1

      aabbeed33cd5221e4cb22aab6e48310df94facfd

    • SHA256

      e727c8bba6686c4814602f2bc089af4b4cf3498d1dbe1a08d8c4732da5ba046b

    • SHA512

      42bc0ce1aca63904c34025307fd4b1d9f480ae47e42e7dfa48bbbf8286d947de2989435ad7a748951291307949217afeebcd31d10a1356c9366d3187085773a2

    • SSDEEP

      384:0B/JF+HUI+LzlKSYWwgdHEINlWya4LL0Ac9khYLMkIX0+GBxgW+x:WFo72lvYWwgy8Fa4LX

    Score
    3/10
    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      c10e04dd4ad4277d5adc951bb331c777

    • SHA1

      b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

    • SHA256

      e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

    • SHA512

      853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

    • SSDEEP

      96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420

    Score
    3/10
    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      acc2b699edfea5bf5aae45aba3a41e96

    • SHA1

      d2accf4d494e43ceb2cff69abe4dd17147d29cc2

    • SHA256

      168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

    • SHA512

      e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

    • SSDEEP

      96:M7GUb+YNfwgcr8zyKwZ5S4JxN8BS0ef9/3VI9d0qqyVgNk32E:eKgfwgcr8zylsB49Ud0qJVgNX

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
7/10

behavioral2

Score
7/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
7/10

behavioral12

Score
7/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

adwarediscoverypersistencestealer
Score
7/10

behavioral16

adwarediscoverypersistencestealer
Score
7/10

behavioral17

adwarediscoverypersistencestealer
Score
7/10

behavioral18

adwarediscoverypersistencestealer
Score
7/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
3/10

behavioral30

Score
3/10

behavioral31

Score
3/10

behavioral32

Score
3/10