4448019d0da3a30a50a1e65e3e950b09515c55f333b2c1cf60f9e5b6287c58d3

Sharing

Copy URL

Twitter E-mail

General

Target

00ff5c71713737e62086c88cfc0c04ed_JaffaCakes118
Size

15.5MB
Sample

240426-r2cm6aee6v
MD5

00ff5c71713737e62086c88cfc0c04ed
SHA1

c95ab1bb70d115519445dc2ef4a652717453f771
SHA256

4448019d0da3a30a50a1e65e3e950b09515c55f333b2c1cf60f9e5b6287c58d3
SHA512

3b2726b670b63c9874c8a5a24486aaee3fddd2ace2f1fec83729a4fb7482e2e35b03b2923aaf04ff6c1f6b0223ef77dfda7f0b1b44035be7655299aa6d69c26a
SSDEEP

393216:USrIZzRe1YSJ1KEio2epADxhMFcmA1eVf:USWZSJ1KEh24IBs

Score

7^/10

Malware Config

Targets

- Target
  
  00ff5c71713737e62086c88cfc0c04ed_JaffaCakes118
- Size
  
  15.5MB
- MD5
  
  00ff5c71713737e62086c88cfc0c04ed
- SHA1
  
  c95ab1bb70d115519445dc2ef4a652717453f771
- SHA256
  
  4448019d0da3a30a50a1e65e3e950b09515c55f333b2c1cf60f9e5b6287c58d3
- SHA512
  
  3b2726b670b63c9874c8a5a24486aaee3fddd2ace2f1fec83729a4fb7482e2e35b03b2923aaf04ff6c1f6b0223ef77dfda7f0b1b44035be7655299aa6d69c26a
- SSDEEP
  
  393216:USrIZzRe1YSJ1KEio2epADxhMFcmA1eVf:USWZSJ1KEh24IBs
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  325b008aec81e5aaa57096f05d4212b5
- SHA1
  
  27a2d89747a20305b6518438eff5b9f57f7df5c3
- SHA256
  
  c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
- SHA512
  
  18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
- SSDEEP
  
  192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  9384f4007c492d4fa040924f31c00166
- SHA1
  
  aba37faef30d7c445584c688a0b5638f5db31c7b
- SHA256
  
  60a964095af1be79f6a99b22212fefe2d16f5a0afd7e707d14394e4143e3f4f5
- SHA512
  
  68f158887e24302673227adffc688fd3edabf097d7f5410f983e06c6b9c7344ca1d8a45c7fa05553adcc5987993df3a298763477168d4842e554c4eb93b9aaaf
- SSDEEP
  
  48:iV6pAvmNC6iMPUptxEZK65x/AmvycNSmwVsOYJyvrpXptp/JvR0Jlof5d2:2811GED5ZTvycNSmwVsTJuftpZR0Sd2
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/processwork.dll
- Size
  
  231KB
- MD5
  
  0a4fa7a9ba969a805eb0603c7cfe3378
- SHA1
  
  0f018a8d5b42c6ce8bf34b4a6422861c327af88c
- SHA256
  
  27329ea7002d9ce81c8e28e97a5c761922097b33cedeada4db30d2b9d505007c
- SHA512
  
  e13e29712457d5e6351bfd69cba6320795d8b2fd1a047923814f8699f7188ec730ec7f0d946fdff66c8b430fef011415ed045b6ea56e4cc0b1d010171ab88178
- SSDEEP
  
  3072:n/93Fm9hfGIGjk1qc55CDoGowH6Fb/CcXwuCoty1IKYOlIa+zUk9sfqQAPfujRzS:/94yj9c55CDorNqot43ndqQpzjIKW
Score

1^/10
behavioral7 behavioral8
- Target
  
  Addin/npTongbuAddin.dll
- Size
  
  64KB
- MD5
  
  20f76a9a47c0ddc38c85505c004e311b
- SHA1
  
  e57cd89b59824307c3f4fd06d8b18d2aa17c124c
- SHA256
  
  ddb0b302d6fb1291b8d6fc72163f9f3b1ef33fa1768a38e86859747318a67fd9
- SHA512
  
  be602d0f9911de5af1e41530b5335fce0ed5ff72dcc254c94ca4fceb126df70a376c066baba2b0ceb9c5ece6a863c2c28bfb042a6a92c491396c2d40a28c6b3d
- SSDEEP
  
  768:Qs4hbPUK8O9HLv0d37zi9hbfVkLhuCilrRSI7y1rNbthtqph6kgx4XOgNzl3:l4PvC/idkN70RZ7GFthUpYbxuOgNzl
Score

1^/10
behavioral10 behavioral9
- Target
  
  Addin/tbIEAddin.dll
- Size
  
  72KB
- MD5
  
  bae453b9ec58c089066aa316d2c6c38e
- SHA1
  
  b8f0c04adeab06f8ddd18429b9b09e341e19234e
- SHA256
  
  7f87f707d9caa79960e7d1ba3cde821a54168f16733f1b0ea45d08980ffc1f1f
- SHA512
  
  5c6a8a5e7622be3b9e213341b35ccf55941dc155552b46c7dce39de5146de85ebb21734de4c5b68c8304aeee621dcf537c260c94e9ff9d47a55d7457295a0605
- SSDEEP
  
  1536:cLbTn9MKotCWfeI9rCSkNyjIxkqOA14dbHN:wT9Mdvfe4xkojIxdOA14dbH
Score

6^/10

adware stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral11 behavioral12
- Target
  
  Biz.dll
- Size
  
  12B
- MD5
  
  558c57eeefad37cb88b6b53351f1d49a
- SHA1
  
  449464413b51e1dc11f4576c24a562b57497823e
- SHA256
  
  29a863ff0c37439502dba59b562f935de0a0babe05700d3970c8dad4521a0462
- SHA512
  
  d3ae9fe32e13ce248f095c99a90d031637ebfc4c34d3cb30849c63acccdb67eed5b27841414500c3f32b7e59af72bf0316979885c0f3a429239f164d7b20f18b
Score

1^/10
behavioral13 behavioral14
- Target
  
  Codes/ffmpeg.exe
- Size
  
  2.8MB
- MD5
  
  0bfb6cb6f957e89ab2ae65b410cf9f64
- SHA1
  
  70b69205072f0d2cd586738b39572910463510cc
- SHA256
  
  7c5edec7615a71bdd22b6a6add273e910bc7364cb266e7cfd2d5a753216218e0
- SHA512
  
  723b90c4fc9b273e269a1295249e612677aa17aa7cb7e0a281d298b2bfb368fd65860267107d0e7cc6f8475607bf50c96762bfd760b6bd9f75bf571fc10eec07
- SSDEEP
  
  49152:GPQakj9g+C5WYul343x++o0BveKrCo3BhC7rAT5IfZ/q:GOjUvAgro0QKrCA6ATu
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral15 behavioral16
- Target
  
  CoreUpdate.dll
- Size
  
  194KB
- MD5
  
  39da630e2b7fa4e938d3eae268f039a5
- SHA1
  
  4d0a33a7e446e63356217d01eda2a436047fc87d
- SHA256
  
  246a0bcedabc9139c1d0678916cd24a992b570564a072c68c6da1d73ed917e83
- SHA512
  
  122013d52ea6ad44b516f0aa937286d90e1f2d8ca53f2061d5e29ad013d4ba52a5c29b94a6ad9a5babf76b2488f6ea4d87ef0cca6708e4b2278f05fc7ab6b7c9
- SSDEEP
  
  3072:8MOnS9qwZ9bl7IRlFPgk/otuynvNAmiDVOcGfHVymasmSBG8YxyrgTTyqJ0i:vD79bl8RTghtuydEVTwnasy8YxVy
Score

1^/10
behavioral17 behavioral18
- Target
  
  Feedback.exe
- Size
  
  137KB
- MD5
  
  022a47b03a19b09bdaf19a2613763f6c
- SHA1
  
  fe519afe027197d2f0b1ac7562c7b33a6e8d9824
- SHA256
  
  59fbf84043993c61f1d179077a2660e71bb4e8708f5e1b61e9ce67221f0cc8b7
- SHA512
  
  9ca36d53b239ebcff9e192f37a8a7c49018547a4b104d1084bb9101bd8cb7a857c8e8cff119ac9696eec4cdc9115b80f79f7c0e4a9c10350f7eae6db357dfd68
- SSDEEP
  
  3072:KWLxMxTsPT9MUgA29l31H4stAeVAVlFAajMN5+z+:K0PTaUGjRVA3F94N5d
Score

1^/10
behavioral19 behavioral20
- Target
  
  Hash72.dll
- Size
  
  387KB
- MD5
  
  70aad37d50f6f21c42266a98b7e665d6
- SHA1
  
  346cd54035e37f8c74d38542e301d7c05c4318b4
- SHA256
  
  fff0098e9976a2a26a49a54cb133ae6acd29f98660314af9190d9edc6917acc0
- SHA512
  
  21224488400a124f65cd147185d851e41e8089c31c9a80512cb66c077679cf2011d6b35315d1bd638e2c56d0bc36cc117c6062a3838402d446e485c7a4481c01
- SSDEEP
  
  6144:WPJbFOniW8UGjgpUnLO6AdFbFiiMNdg7ZXyRgZr0TED5RXH3x4rXtgrQtbguHKa:gb6qUaLOHkiryCrVRXHh6iMiDa
Score

3^/10
behavioral21 behavioral22
- Target
  
  Helper.exe
- Size
  
  205KB
- MD5
  
  2c624aab3f380cb7f3b5580aa1e9c701
- SHA1
  
  65f5d1a1cd47ee2f923d9c252ce88789e402d919
- SHA256
  
  b111139420f9fcc985cde45d27bb8a9fda964ee47caa42941933733b0c40677f
- SHA512
  
  44c0bafa278b309da74aea0ac8487248ef6b4b810f87daff14417d70db9682af544980dbd62b3746008aa997d59e95dd8121196bc1737fe7bb40f2e54378cf4f
- SSDEEP
  
  3072:htUZKhr+ygp2muzMcMrlYMiCKKnOlo2ebDWGVuNf63pnizm4hB:htWKhr+yQu0CMJAWPFCc4X
Score

1^/10
behavioral23 behavioral24
- Target
  
  History.rtf
- Size
  
  131KB
- MD5
  
  e8e671e01e93e6b82c48bcbb54e43dc3
- SHA1
  
  93bf01525b7bab2e8cf5ee50d0c314958c99eca6
- SHA256
  
  bc10e26b587674f4ed54ba812cb2934b72aa36c4b636e6806e2f60273037bbe4
- SHA512
  
  222e9d01cc96095ef3e03346194c6d73417a39a053828f044b15b16467430896820721c60a6d1af377b90b73e11bc0c769480a1cab1e63a3825821a0ec189c22
- SSDEEP
  
  1536:P5a9a3WaTTueozuO2YzPLr/q7mQgZcvkZ:BXKPcM
Score

4^/10
behavioral25 behavioral26
- Target
  
  ICSharpCode.SharpZipLib.dll
- Size
  
  196KB
- MD5
  
  94cd5e551a8b1aa0fe3bed7a3462b2f9
- SHA1
  
  391c682194f02ca878c0933ab2d2cb4e10d29089
- SHA256
  
  26c0e11a509daa73b24aa3d51e16750cc886593d996d9b0847fe76cda5e7c5f3
- SHA512
  
  9ec6a3ded9041ba7a71b46fa828185fc169e3787f043fe665a7947454f3c75d45f4b44452ba174aa64441371c28c83e4beaf3817fbc60f6ed5bb403c860fed5b
- SSDEEP
  
  3072:2FhWkJ4yT3UIRBFt9A3N3Jx0tTc3F7v15VZ2fta3mS//VgI79XzDwFRAHjf4FnXL:2FhyynbFt9AtRzpX7
Score

1^/10
behavioral27 behavioral28
- Target
  
  Launcher.exe
- Size
  
  82KB
- MD5
  
  90973538aa55b7dd7c862ca5006721cf
- SHA1
  
  323f9264f46d799796959214d467b3d9a3c1d1b8
- SHA256
  
  495b80e0d4e3cb497c303caf95894ed47a37ef97b1bafe8af86b6bcf5bd88533
- SHA512
  
  6e521eb6498eee22ce0ee1e23c010a7258a9b9f9e628a74a9becacbed9aa8cb70858bbe30e9ec9180e65e4bcae8147e08a44b196d9405591b2e68817396e14a5
- SSDEEP
  
  1536:Cq2IWyFTjkPfBCscOc+KapogbzP4KADPuYtuShzgT3cxyCyXJTC+hbed7:C9IVcPfMOc1apt/P4KcGyuShzgbcUCyE
Score

7^/10

upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral29 behavioral30
- Target
  
  PkgInstaller.exe
- Size
  
  6.1MB
- MD5
  
  cc4addcc97e7810dbfafe4a7d03498e1
- SHA1
  
  4f32d7fb5ae1afa08cce61e73aa2483f1e038354
- SHA256
  
  9042407b92115a02ada91e09d1bf4bf4b69b5a528a9c2f2a12d182ea80e4ff26
- SHA512
  
  987f35ba3f7bf9494d4bd6a7296c4df4f055897c9b3b2befbb3581065ce55beb9a2c081aa57153102699d4b216a5d1a4185b133aaf13248981c39df8f6fe5cab
- SSDEEP
  
  196608:InDFWyQyKesXF8iGdwzOnLeS2O/ZShH43eijWSG+7HwKeoHrhE:oWyvKesXGiGdwzOnLeS2O/ZShH43eijw
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Installs/modifies Browser Helper Object

UPX packed file

Checks computer location settings

UPX packed file

Enumerates connected drives

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32