7886e911d79668ca934c87d8612f3722fe9be00efa23785940f836d4f37b5373 | Triage

Sharing

General

Target

f1d4115609ebdba98586dbcadd5cfd27_JaffaCakes118
Size

587KB
Sample

240415-yx8ncshc8t
MD5

f1d4115609ebdba98586dbcadd5cfd27
SHA1

f3900de98053c1cd44e6df41867fda507814daba
SHA256

7886e911d79668ca934c87d8612f3722fe9be00efa23785940f836d4f37b5373
SHA512

f9c137ca7455b20558d350c73d2633e89e40c45c9b07d52fff531f67d47efa8ea95d5810a545437e7473e8a907262b8dc15e38340702b91035152c8974b79af0
SSDEEP

12288:JMTbLIlQhBaUFP9QVKjHtzp7F2tpeOEnNsViTeyJgu:eXLe4zFPzBl7F2P6N4iv

Score

7^/10

adware discovery evasion stealer trojan

Malware Config

Targets

- Target
  
  f1d4115609ebdba98586dbcadd5cfd27_JaffaCakes118
- Size
  
  587KB
- MD5
  
  f1d4115609ebdba98586dbcadd5cfd27
- SHA1
  
  f3900de98053c1cd44e6df41867fda507814daba
- SHA256
  
  7886e911d79668ca934c87d8612f3722fe9be00efa23785940f836d4f37b5373
- SHA512
  
  f9c137ca7455b20558d350c73d2633e89e40c45c9b07d52fff531f67d47efa8ea95d5810a545437e7473e8a907262b8dc15e38340702b91035152c8974b79af0
- SSDEEP
  
  12288:JMTbLIlQhBaUFP9QVKjHtzp7F2tpeOEnNsViTeyJgu:eXLe4zFPzBl7F2P6N4iv
Score

7^/10

adware discovery stealer
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/newadvsplash.dll
- Size
  
  8KB
- MD5
  
  7ee14dff57fb6e6c644b318d16768f4c
- SHA1
  
  9a5d5b31ab56ab01e9b0bd76c51b8b4605a8ccce
- SHA256
  
  53377d0710f551182edbab4150935425948535d11b92bf08a1c2dcf989723bd7
- SHA512
  
  0565ff2bdbdf044c5f90bd45475d478b48cdbd5e19569976291b1bdd703e61355410c65f29f2c9213faf56251beb16d342c8625288dad6afc670717b9636d51f
- SSDEEP
  
  96:qD5UDaGxZH52QhtZafDP9BTS9nPg83UniV/zRzGEl1DMl1zN6LmeYt4dO:W5UDaGxZH5T0j+9nl3BzG0IZ6LqN
Score

1^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  4KB
- MD5
  
  8f4ac52cb2f7143f29f114add12452ad
- SHA1
  
  29dc25f5d69bf129d608b83821c8ec8ab8c8edb3
- SHA256
  
  b214d73aea95191f7363ad93cdc12b6fbd50a3a54b0aa891b3d45bc4b7b2aa04
- SHA512
  
  2f9e2c7450557c2b88a12d3a3b4ab999c9f2a4df0d39dcd795b307b89855387bc96fc6d4fb51de8f33de0780e08a3b15fdad43daeaf7373cca71b01d7afdaf0c
- SSDEEP
  
  48:6sG7qYBUYBFxhRwYCI0owYlOdkPm4LYZ5sRXEv26vqAa4GEVu:HhYBUYBL0Toa7+Q5sKG4GEV
Score

3^/10
behavioral7 behavioral8
- Target
  
  $TEMP/~nsis/Cloud-Web_nad_2_86.dll
- Size
  
  551KB
- MD5
  
  ed69beb49380916ea57113b0a0c924fc
- SHA1
  
  2ab7472804ef54e168b31614c25a45e322eb43e7
- SHA256
  
  b5de4af37fdb5723161b48306857e1bf4b95df7b46403499012c35c86cf0170d
- SHA512
  
  bb3b5cce79d7576917e039e4476f7a75fe8ec64681e3c9267f1aa295e6888a92852ca45318a2fec8b350fbc962f766dddaa75c13b6e0c6bf760a3bc479a1fbdb
- SSDEEP
  
  12288:KskCLQe6u9zayEyag8laUVnXqfKTbsNKX0g6M0QJifbkP:7/L9TQNaUpJTX0g6M0QJijkP
Score

3^/10
behavioral10 behavioral9
- Target
  
  Cloud-Web_2_86.dl_
- Size
  
  123KB
- MD5
  
  f5e11bef483ed3b0c2436099a61b090b
- SHA1
  
  fbf8fb0a380d69ab83365a0f9dfb9d6aa89ca0c8
- SHA256
  
  02ff072273315997902c1aaa97d111d99e75bc4624e9b2a3f801d469d9a6bf3f
- SHA512
  
  9d7ebcc4e7a6cc3049b90a30d9ab1c7dc23307c4050b79b4de7cb407130424a49222e9ceefd09016f74e7306b87f164c6d91b8adb9367b01eefe91005b24f5f9
- SSDEEP
  
  3072:hNG0ZeC/azzmWxd/mZQA31L46eqtJGrCclno:PtzyKYJmmA7eRr4
Score

6^/10

adware stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral11 behavioral12
- Target
  
  Cloud-Web_2_86.dll
- Size
  
  123KB
- MD5
  
  f5e11bef483ed3b0c2436099a61b090b
- SHA1
  
  fbf8fb0a380d69ab83365a0f9dfb9d6aa89ca0c8
- SHA256
  
  02ff072273315997902c1aaa97d111d99e75bc4624e9b2a3f801d469d9a6bf3f
- SHA512
  
  9d7ebcc4e7a6cc3049b90a30d9ab1c7dc23307c4050b79b4de7cb407130424a49222e9ceefd09016f74e7306b87f164c6d91b8adb9367b01eefe91005b24f5f9
- SSDEEP
  
  3072:hNG0ZeC/azzmWxd/mZQA31L46eqtJGrCclno:PtzyKYJmmA7eRr4
Score

6^/10

adware stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral13 behavioral14
- Target
  
  Cloud-Web_mime_2_86.dl_
- Size
  
  210KB
- MD5
  
  e03152320af546785839f21cefd28ce1
- SHA1
  
  7264e5753bb5313b9ceb69d05c15e000ed938559
- SHA256
  
  6807aee8007988c5409a947a526c187c66e349886399541454800ce2a99c2442
- SHA512
  
  93681775e96cb80b8cc4b89c788902f5070497c5a0120c0ba965c14e651ab3726387bc0d3f8feeaf315ae45bd7bf40bf37f1e2fd379b89bc812c9dd2fdfefb5e
- SSDEEP
  
  3072:6a8sgv0ObRPWecmwdM808YQ1AyygLLdMFktjDVe7IFy4P0ngbSKNrXRenv:6Cgv0q0ecmf806ayyIL+Fujx4Iw4AuFG
Score

1^/10
behavioral15 behavioral16
- Target
  
  Cloud-Web_mime_2_86.dll
- Size
  
  210KB
- MD5
  
  e03152320af546785839f21cefd28ce1
- SHA1
  
  7264e5753bb5313b9ceb69d05c15e000ed938559
- SHA256
  
  6807aee8007988c5409a947a526c187c66e349886399541454800ce2a99c2442
- SHA512
  
  93681775e96cb80b8cc4b89c788902f5070497c5a0120c0ba965c14e651ab3726387bc0d3f8feeaf315ae45bd7bf40bf37f1e2fd379b89bc812c9dd2fdfefb5e
- SSDEEP
  
  3072:6a8sgv0ObRPWecmwdM808YQ1AyygLLdMFktjDVe7IFy4P0ngbSKNrXRenv:6Cgv0q0ecmf806ayyIL+Fujx4Iw4AuFG
Score

1^/10
behavioral17 behavioral18
- Target
  
  Cloud-Web_nad_2_86.dl_
- Size
  
  551KB
- MD5
  
  ed69beb49380916ea57113b0a0c924fc
- SHA1
  
  2ab7472804ef54e168b31614c25a45e322eb43e7
- SHA256
  
  b5de4af37fdb5723161b48306857e1bf4b95df7b46403499012c35c86cf0170d
- SHA512
  
  bb3b5cce79d7576917e039e4476f7a75fe8ec64681e3c9267f1aa295e6888a92852ca45318a2fec8b350fbc962f766dddaa75c13b6e0c6bf760a3bc479a1fbdb
- SSDEEP
  
  12288:KskCLQe6u9zayEyag8laUVnXqfKTbsNKX0g6M0QJifbkP:7/L9TQNaUpJTX0g6M0QJijkP
Score

3^/10
behavioral19 behavioral20
- Target
  
  Cloud-Web_nad_2_86.dll
- Size
  
  551KB
- MD5
  
  ed69beb49380916ea57113b0a0c924fc
- SHA1
  
  2ab7472804ef54e168b31614c25a45e322eb43e7
- SHA256
  
  b5de4af37fdb5723161b48306857e1bf4b95df7b46403499012c35c86cf0170d
- SHA512
  
  bb3b5cce79d7576917e039e4476f7a75fe8ec64681e3c9267f1aa295e6888a92852ca45318a2fec8b350fbc962f766dddaa75c13b6e0c6bf760a3bc479a1fbdb
- SSDEEP
  
  12288:KskCLQe6u9zayEyag8laUVnXqfKTbsNKX0g6M0QJifbkP:7/L9TQNaUpJTX0g6M0QJijkP
Score

3^/10
behavioral21 behavioral22
- Target
  
  Cloud-Web_run.ex_
- Size
  
  127KB
- MD5
  
  f58b43fe184e6e6617b543d6e328db4b
- SHA1
  
  5c3c21cbcfe750102766d4e3a0d2023080900948
- SHA256
  
  fa1d28539f809a9333959b0ce12625e0b1282f8eab2effb9743f907f4a9cdd2b
- SHA512
  
  20ee54ea0e4a6473aa3171eff5f18141fca5145c562cf7b72283ceacf3f796352d07b9cb22f7ad46268df0cc1916a4b02a3dce862c58e4cfab87e16c36bf1059
- SSDEEP
  
  1536:qscQrAHEUo+d49J2uSF0/cyqsMYdLY3wvfpGEnL:vA3eB/cyqsMYo3EnL
Score

6^/10

evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral23 behavioral24
- Target
  
  Cloud-Web_run.exe
- Size
  
  127KB
- MD5
  
  f58b43fe184e6e6617b543d6e328db4b
- SHA1
  
  5c3c21cbcfe750102766d4e3a0d2023080900948
- SHA256
  
  fa1d28539f809a9333959b0ce12625e0b1282f8eab2effb9743f907f4a9cdd2b
- SHA512
  
  20ee54ea0e4a6473aa3171eff5f18141fca5145c562cf7b72283ceacf3f796352d07b9cb22f7ad46268df0cc1916a4b02a3dce862c58e4cfab87e16c36bf1059
- SSDEEP
  
  1536:qscQrAHEUo+d49J2uSF0/cyqsMYdLY3wvfpGEnL:vA3eB/cyqsMYo3EnL
Score

6^/10

evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral25 behavioral26
- Target
  
  Cloud-Web_tb_2_86.dl_
- Size
  
  127KB
- MD5
  
  fba59862b8e2d049b64c10af254f93a9
- SHA1
  
  712e432e17c744063995d45195b4a918c72f4790
- SHA256
  
  a1685530939b91cd4ab1d34a72bada8d41ef708754d829a1c24e6ab4b0e4b530
- SHA512
  
  cda0082126615957c1572142502a278fe5e80fed8bdc2bf674011039dbfa07066e7768355c8dcbeba316f917ce081ba7c2923f7534c2ab99ea606cdd61781086
- SSDEEP
  
  3072:KcsRZq+GIN/GR/7gkdIIZMZDNtYi/psYSxs9Dq7ni:FH9geR/7wIuVmxs92W
Score

1^/10
behavioral27 behavioral28
- Target
  
  Cloud-Web_tb_2_86.dll
- Size
  
  127KB
- MD5
  
  fba59862b8e2d049b64c10af254f93a9
- SHA1
  
  712e432e17c744063995d45195b4a918c72f4790
- SHA256
  
  a1685530939b91cd4ab1d34a72bada8d41ef708754d829a1c24e6ab4b0e4b530
- SHA512
  
  cda0082126615957c1572142502a278fe5e80fed8bdc2bf674011039dbfa07066e7768355c8dcbeba316f917ce081ba7c2923f7534c2ab99ea606cdd61781086
- SSDEEP
  
  3072:KcsRZq+GIN/GR/7gkdIIZMZDNtYi/psYSxs9Dq7ni:FH9geR/7wIuVmxs92W
Score

1^/10
behavioral29 behavioral30
- Target
  
  cloudidsvc.ex_
- Size
  
  107KB
- MD5
  
  a839f8672617d05b4c2937b99e925ee7
- SHA1
  
  fd47813200d810ae7751f1e18e09bc162fc7b3fb
- SHA256
  
  799bc692e8eeb52f466aa52e3207be5dff2ad83e761402b8877227bbfad6cc15
- SHA512
  
  d1f4a23eab71a87cbf079e3d5b4eb9bc2cea94a2f40ce40ee5dd4097873ff32b598d315d3426ad6a755b9d6a7c6d6bc430b8f173d84535ead8776479c4f6f727
- SSDEEP
  
  3072:zdHnGCX1bqufhEjoed++1KOc5oGJs1t9wBnv:zdHGQqK9edD1KJo91e
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

adwarediscoverystealer

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32