c25cd6bb506f002f65949babed6f069714481bbb50fca128beb7cd643e20c651 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f6a24fe7c0fe4913cf3cd9ce4e4fa57f_JaffaCakes118
Size

2.3MB
Sample

240417-1k6z4sgb7y
MD5

f6a24fe7c0fe4913cf3cd9ce4e4fa57f
SHA1

4e222117b52269823fe3848018b421d259a2d10e
SHA256

c25cd6bb506f002f65949babed6f069714481bbb50fca128beb7cd643e20c651
SHA512

c9a8013ef006220a415c4090cbefcebed095232ffb53e43c32ab3dcbc59df96c4b45ce27d08973fbdad57e6d494afe0ebfb4a46afb6bc4fd2ac506037b6868b4
SSDEEP

24576:asqO/zmpzo7MF8mCoXHIEwvmljLxk6cFZuow8SR8GAOFivoEv5PaJf0jMr3I+Vo0:aTmRMjU6EWX8GAbY10jyYR61FwSQFe

Score

7^/10

collection discovery evasion spyware stealer themida

Malware Config

Targets

- Target
  
  MPRSetup.exe
- Size
  
  1.7MB
- MD5
  
  33e57f16361e7c34a4d29e4fef35253c
- SHA1
  
  b9311feb3487104a8cf73328607dfe38245d7a7c
- SHA256
  
  700200edff72042e06e1dd20429d1b307a4d018b2413eeb6ec57c9489f47aab1
- SHA512
  
  50fdddac3059e33da36e190b21ed897e2f1b94e2b422f807e55407d3a9895fa073d7c5dd59777d8ff7c816456424357e1ea554371101b38cc882bfa0d3e84b7d
- SSDEEP
  
  49152:M2CNN9RntdjFLQp+YO9AoPOhW27zs5yKzXXSX0i5aZdnU+oN:CN9bfLQb1oPOhNF2XXSEi5aZdnU+o
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  79be350c8381293abb045bbd2a7b5f0a
- SHA1
  
  0b4e6d482cae461e36c2b47661ef586545162e23
- SHA256
  
  3091623495d6e81bc0aa9182a55b0f93d3b2238102a44fd66943e46ed7eeaf51
- SHA512
  
  1d39bc13f2825bb4aee5832bc5c60603b62b3475e0075028a146981764e6796e68fdd752627f37f8bb198dcfce5a62efb6a6283366fc4874a8915008aa0a4c28
- SSDEEP
  
  192:/6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTSK72dwF7dBdcQOz:/6JaVh4I5rpPbTS+BdhO
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  2c08daee8c2b1bb8a2f6e5ba27022699
- SHA1
  
  0103d528067531830053cbd7a0f6fe9ef4c8ee81
- SHA256
  
  9abc4122846abda7a3233e3ea8b363046e2a57ca625bb6239c4ddd55b8584352
- SHA512
  
  44f57802c208bd9559956393df3f3f4839703401bb21a9a35caf336f28da37bc45ac76071e304563708d3e470cb704222d478e441111762378cd07da5e6040b4
- SSDEEP
  
  48:Sn8Q/z+vUML8eYXICmlmGYKHz0JSpXSxwo6mpwzcR3RqG8aEJ/ABofgMGKO:yz+MM4eqmvz0JScx56mpwzAhWVGV
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  cb814a4c1dee60973379e6c3c9386777
- SHA1
  
  34cfe1505f1d366f097ec1bc1e45702d545d9fa5
- SHA256
  
  eaaac5d639a5371c27af960463380db9c6aa7c4656fc2523b6743436c72ecc18
- SHA512
  
  be562bb4b4b00bc2343bde83b9c4f5bf7e2938c7af0ee069c2dabe8ad5681676efb05482ec0531faf6c19f7771e8b118ceda7dbc2b28c14d375875d1046ca244
- SSDEEP
  
  96:Z+kBC0x22epxPEvC4FkWE+in1/FMvsCGRfRFqCB5tOGhEl5VN:Z+0epxPE1r8/FtmCDtdg5v
Score

3^/10
behavioral7 behavioral8
- Target
  
  HookLib.dll
- Size
  
  16KB
- MD5
  
  c2932dbcf8ec2ec342a3c1e6b8e70265
- SHA1
  
  22e18e06be187ba33a792a60702e9ab16c529633
- SHA256
  
  f97150824b1c6b4540017222e05ff08537c816e8ec073061a60d9701e68ded17
- SHA512
  
  76997a6ff5820246db5bdd45a4c2da84a29178bb257fbcd839b3c712d502cc7ff84389b2ae805757f6d205bc5c24538b6f998a51ba1244c25a27da71d8bd225b
- SSDEEP
  
  192:n/s61A/0LiQxqfKD6VkagfWhiQ7SMrZcl96qQPfkOVYM49KEkQjcWnOWz:kx0iQxqslQmr9KPMzV4EkAzPz
Score

1^/10
behavioral10 behavioral9
- Target
  
  MPR.exe
- Size
  
  2.2MB
- MD5
  
  798a168da729cc68e6eaffbcf5968048
- SHA1
  
  330c40e93b2288a1725bc0795c61024f2bc11b0e
- SHA256
  
  3016e51ec2d3b1860953ffa9bbb4e26e6c3ae0fba5cdd73b47b0b0d03cad9b47
- SHA512
  
  c3ccba82c52fe7035cfd929930b2da357cfe1834df9b522879b4b82c38adcd92e26f297654d9561013dd51d289a13bcaa79dd8c92c463c6cb5bb07d91826e7a6
- SSDEEP
  
  49152:DH4rF2RwIX00kwniGJqT5+GPHttyvSrDn9JsV:DHwIeI+iErjb6
Score

7^/10

collection discovery evasion spyware stealer themida
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral11 behavioral12
- Target
  
  UpdateChecker.exe
- Size
  
  489KB
- MD5
  
  b74c2fc9bb7388d52bfe6bb1daca991f
- SHA1
  
  8d1ce1334866c41258e35684eed03ed95ef38be3
- SHA256
  
  cc8a220a4b9bc672c7e6ab11ebebb0bca5a27e591bb7dde687d7f57e02b21280
- SHA512
  
  f3d74b874dc1029c22b956e2f1eee401fa6b005b7097c844ea80a05e43772bb87242664af1a3231f8cf627ae43b8a1d8b13e71a8b6f3939d97fed92cf2f03791
- SSDEEP
  
  6144:6OHcYhp+ZaryJB8IElAnC61yGHhDB0eHnhStfYmVWevQ+5aAcc/2TgLzljauc7hl:XHcYhcZb6ojIklB0BfRVjv/2TgnYum
Score

1^/10
behavioral13 behavioral14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

collectiondiscoveryevasionspywarestealerthemida

behavioral12

behavioral13

behavioral14