773dcb1e82bd6b653c8e3072ce8b182346c57440e58c412d08ff98b80cd4067f

Sharing

Copy URL

Twitter E-mail

General

Target

f7d5fe021610b26e2d3a9cdd877d3d78_JaffaCakes118
Size

2.6MB
Sample

240418-mvz3nacb3x
MD5

f7d5fe021610b26e2d3a9cdd877d3d78
SHA1

59ac39a0bb3d4e5386c9b3292acc2382aa9d0574
SHA256

773dcb1e82bd6b653c8e3072ce8b182346c57440e58c412d08ff98b80cd4067f
SHA512

0f78630178f58529122cc657ca409c726916b029da6106dc97638d152121fcad4832b2189c112e1d7c8d02a98adc38b1a7530d1106793ec45774109173d3ee01
SSDEEP

49152:D9PPGaKWCLac78P/XOUDOs4y9eAImg0cP0C9V/2:5GaJCuW8HOpsRsAC0Cz/2

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  f7d5fe021610b26e2d3a9cdd877d3d78_JaffaCakes118
- Size
  
  2.6MB
- MD5
  
  f7d5fe021610b26e2d3a9cdd877d3d78
- SHA1
  
  59ac39a0bb3d4e5386c9b3292acc2382aa9d0574
- SHA256
  
  773dcb1e82bd6b653c8e3072ce8b182346c57440e58c412d08ff98b80cd4067f
- SHA512
  
  0f78630178f58529122cc657ca409c726916b029da6106dc97638d152121fcad4832b2189c112e1d7c8d02a98adc38b1a7530d1106793ec45774109173d3ee01
- SSDEEP
  
  49152:D9PPGaKWCLac78P/XOUDOs4y9eAImg0cP0C9V/2:5GaJCuW8HOpsRsAC0Cz/2
Score

3^/10
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  14KB
- MD5
  
  254f13dfd61c5b7d2119eb2550491e1d
- SHA1
  
  5083f6804ee3475f3698ab9e68611b0128e22fd6
- SHA256
  
  fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28
- SHA512
  
  fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7
- SSDEEP
  
  192:t5ZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRYgsfA:fBo/680dCI5adOjFOg9//p27uNw2bo
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/ReadCustomerData.dll
- Size
  
  64KB
- MD5
  
  703598aa5ff97f512112cd766543a2f1
- SHA1
  
  0bfb74b03227ee8510e153785edd76625404ab55
- SHA256
  
  5f76752e83789bb8184070d618d83f43c2f565cc7fad2c4266e44339223ba69b
- SHA512
  
  3eff4670a3c97ec931eb1240d22a943ad6b19ea07ce781dabcc656ae2049d36c42b8f5bf3ce59366057ea3ece8913e83da3ec98c2c1434edf144dd9d4731fe58
- SSDEEP
  
  768:TWaFM5hBUVVsDPytWyIBvsdfk3Nhs8o6S5uymhRv1OInQ/bTLZmTtxHWQ:CvnuV+TcWGIPOChRwIQ/XLQtxH
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  00a0194c20ee912257df53bfe258ee4a
- SHA1
  
  d7b4e319bc5119024690dc8230b9cc919b1b86b2
- SHA256
  
  dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
- SHA512
  
  3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/TvGetVersion.dll
- Size
  
  50KB
- MD5
  
  7d4cdffd78fa41a10e00cdfb899990d3
- SHA1
  
  51c445cc7933a92efe285b11d5a8a80dc69d1be1
- SHA256
  
  b5e3a463393887c08219366ac3efd60e8b4991df874586702950de2baa83104d
- SHA512
  
  8044c3a25957f68d7b7fd9d925c26f6726af9b29ad54eaf4b1eb1a3027f6f07670c678ef3dd2958130634cc49406b2d2378e20a35a43b8821fcd4355551122f7
- SSDEEP
  
  768:0VkG68qeXUmypSIRcu7Tx7Ss1xS+KCDpR/vO4nnZr11t5JgX:0Vm4Um4W4dLKopR/PnZft5
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsis7z.dll
- Size
  
  176KB
- MD5
  
  06ff2b95b8e123d32487b0cb73409031
- SHA1
  
  8cb3f584112db4e74cea4ed02d4ce0b3a5373bfa
- SHA256
  
  0dedad042a306da32784c3ce79bfac0475b827e416c17e1a1dfdb461151f4271
- SHA512
  
  174e7599ba87bc45111ce340d7563771353df71988d6b9094d8bdeab4b45ec730cbd2e6bf3943ad66daa02d7f1f1eac0020b987109fabed96b2e0def8d0602c6
- SSDEEP
  
  3072:rfSCQ4FYoKhEHvf4aytolZ8MMNjXtWXTkibb7zHetRYFJ8:HFYosEH3UtoX8fUtXPOm
Score

3^/10
behavioral11 behavioral12
- Target
  
  TeamViewer.exe
- Size
  
  6.7MB
- MD5
  
  af9674ebad5c3234eb84e70ef63264fa
- SHA1
  
  c88e75a808b8f3d3ee10d6b3cd7720aec5314999
- SHA256
  
  e6e9548ff7f0d45d6f0c02f367486d840270b52c4aafe2b963b0553d33b9bafe
- SHA512
  
  b022560565a560cf8da955dcbc8ac9c0e598b9f1ca03f2f5885258c9e5ce21f63bc658c691e8ce753d0d2dc3f7cf970ebb8c2938a486b00e4502c8c2d6082df8
- SSDEEP
  
  98304:RK1vrxE+c9ePZgjheTCLwWAgcSukgEeDEi4iEUu361a54V1+Hl/p8zj5xtMid:uhvZ5ZxD4Uu30aODzj5xtMa
Score

7^/10

spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral13 behavioral14
- Target
  
  TeamViewer_Desktop.exe
- Size
  
  2.1MB
- MD5
  
  0abedc25d8c9ed7a61ab7040cc691385
- SHA1
  
  00f3a75bb5ccf0aa0b7f3c50753b7221863d2489
- SHA256
  
  34e69413106257786a1d02d9016d39028ffae309316607f5f716639bb589ed8f
- SHA512
  
  5807b936733aba867f69de74af73a9a66c96b22bc7bc69b0aadce1aaf75cd45a26980bdd36d912c31e283f34cb5259ff8282f6c8887e63d59b382c07ae0392f2
- SSDEEP
  
  49152:dgoK7vi+iwCT5xbIm18YdjcOpJs1ats9Ha+Gf:S7Dczn1Fdj7JsMiu
Score

3^/10
behavioral15 behavioral16
- Target
  
  TeamViewer_Resource_de.dll
- Size
  
  1.2MB
- MD5
  
  90de73de3a2ea9440da3c16412479220
- SHA1
  
  d79f9fe7cecac2a4996eb4dd1a1f768ddad44ec3
- SHA256
  
  cd20c290f6cf6dfae987f5f07386c73efb56eb4805696818c292c868b294deb0
- SHA512
  
  c17ff8d3f6bc0670dbd4cbc947e13a4e0b945b46f5ce3a8c620b09f4b9a85fa71b4fa40eb425bb2d3a74435d97cc5b699561c500d4e384018ff1df384f26db95
- SSDEEP
  
  12288:Q2hmfaa/lRMxerSaye0dHVGFlSyhUcTm8i1aWjDtTfu:QumfnJrSayGF6Vi
Score

1^/10
behavioral17 behavioral18
- Target
  
  TeamViewer_Service.exe
- Size
  
  2.3MB
- MD5
  
  29ec98bc26852b920243667aaf18fbf6
- SHA1
  
  e116a85404d9a89aac8406f16d004ab10afe4f2d
- SHA256
  
  407683aaf7450a133ece802a8f80a92d6f36beb21055cf75b867f068eb459e8c
- SHA512
  
  256bba4b27cf46d2dafb36134ac1abb768515618da68804e8a6ef090619cc913da95c6b6fcc108c2b40b296036bf62a4bae15f52f78f6aeeb748c4c21ace4f5e
- SSDEEP
  
  49152:q+lFwkW1imFT/4+ykiHIKbIUu3QjWPc1ZU0/yPiIS0CwM:/HW1i074dkiHIPUu3QjP5/7bh
Score

1^/10
behavioral19 behavioral20
- Target
  
  tv_w32.dll
- Size
  
  48KB
- MD5
  
  feb7527d884057e53845297722ef1dfa
- SHA1
  
  b44e6049798aa4a0e7081072b23faeba1fc044ca
- SHA256
  
  0e6c56ee94617219bf89febf2aaab53ba99def0931b3146875079642bbc67f0e
- SHA512
  
  424b53605fc92761b73e92fe375d70f8d8d9e240ffeead9f700d0e83019eab67d73aaa0c88f1f606e8ccf4ca02d4279bd5cd53c1268aaf569c5ae4379b63a275
- SSDEEP
  
  768:lhnbNOCWYFawkf5soDYunk220HOtUM3CgV6QiFp7Tsk5AeLM:fBSsunocCUDgV6jfsk5AeI
Score

1^/10
behavioral21 behavioral22
- Target
  
  tv_w32.exe
- Size
  
  105KB
- MD5
  
  625393ef6d05592dcc229e681cf3109c
- SHA1
  
  9a116b7295adea0f257802d781e6e9628e66cd3e
- SHA256
  
  a9c497e2db6c339c08dea0c09a1bcc4269b6da0aad237b372d1a4916bf4065a9
- SHA512
  
  5f043b90ffc1b0ffe6f7e76e0ab0c629e2e00e6499c64a5aa660550b55a4bda530c7a64c7cdbb96bc2d7dc7e0697f7bec3d18f8c4a4e4ad17e6a786a4a024925
- SSDEEP
  
  1536:V7zajn/aH9011y9Hrjba1JOIzJGY78iyrMycIDUxr4fDnChLLCJY1+4Z4htelJP:V7zQqpwxhKhtelh
Score

1^/10
behavioral23 behavioral24
- Target
  
  tv_x64.dll
- Size
  
  51KB
- MD5
  
  e21f6ac9d96538ebc078bac67db51401
- SHA1
  
  01a8a23c63290872fa24772fcbbeed288831df2d
- SHA256
  
  ea27c2297ad340a8cd6950ba7394d00184458cfd95b23a68234990d9a965c23a
- SHA512
  
  619e83cd7069e8ee49c845f12d12ad5c41b0b5f3f3d989f5d0bde0bd91946a6ad9aecbd412dd020e69af23d0646e384f3328687d4ba19a719ca6446a4eada20b
- SSDEEP
  
  768:ddbXkYJwW1DSveW1oI8iGkDDTn/AzimuQ9tybxJYQIlV3lLg:ddbnJj1OvDv/0zJtybfIXlc
Score

1^/10
behavioral25 behavioral26
- Target
  
  tv_x64.exe
- Size
  
  140KB
- MD5
  
  ab50674a87e2b07fb3cf56a054a4b763
- SHA1
  
  6400bb876b77ca5c03a00e27af4306474154c28c
- SHA256
  
  d4075a3a2ac3eb5b23eb6c759db127a1e06e02aeec6105df13cf027e1073d879
- SHA512
  
  eb57a3f14c43dafd2e2a94c5e0d7fa02e5070de775f8f3f713ff4c69d6f89f2cd7276d260fc2fecb598f51256f5b6b09c995b594cf9d7b399fe14174b6653939
- SSDEEP
  
  3072:k5IdtXcNDSKAm5cwCFG1Js0fNB6yQxjkQGTUVryhC+LW+rPW2:kxDSPPHFG1JswQx41U3+rD
Score

1^/10
behavioral27 behavioral28
- Target
  
  x64/TVMonitor.sys
- Size
  
  15KB
- MD5
  
  95314c3a08589471983c2c8173f23cda
- SHA1
  
  a84b8b7c7c08f4642655e2f1df9161b8d3b0b665
- SHA256
  
  05d30728d7204aba2437259ecf929a94e6573f7621baf35d76eba26f5489a6cf
- SHA512
  
  200c9af5a7ac032bcbde1830001f2c7cf4e9dd02b964a6bbdf7fe5e4bd29cd152a4fbea3bac53defa9f321e0417af3d170900ab3de390fcfc1d411237d238c06
- SSDEEP
  
  384:PxWDUVvF0r2UHKZCmYFJulYJLWOtbeFV6jlV:k0vFGXH7XuAL/beFVmP
Score

1^/10
behavioral29 behavioral30
- Target
  
  x86/TVMonitor.sys
- Size
  
  12KB
- MD5
  
  111a023266532c621ee69ae96e47081e
- SHA1
  
  4f1dde3508a85fa4beda1d8110e98db248be1af1
- SHA256
  
  d933340af838d94f25c74f9d46a74de3b45f29b896afa49a03676bab8cd400cf
- SHA512
  
  bf6252a52ad61bafb8b86589b4436069d4bc277b91a89e90c4b237e3e49a7388bc8e1d5d29a1790f4505de2a52eb26e0bef112e946f7505f0641b3ebd5643354
- SSDEEP
  
  192:7hkFKqiEedsBgI/yowJL/aMjGwP7QM3PXD+ebMdHFVZgjlJMVc83:Vkcqod5CYJLWOtbeFV6jK
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Reads user/profile data of web browsers

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32