ec60beee43104003bc410371ae1ef8e846e17ff5733556dbd8e7acae68058200

Sharing

Copy URL

Twitter E-mail

General

Target

01181a8e0bc4def08284efb5ac9f840a_JaffaCakes118
Size

2.4MB
Sample

240426-s1rw5afe4y
MD5

01181a8e0bc4def08284efb5ac9f840a
SHA1

68c761c2ccda1836051e20c5cf50b99efe6d3b77
SHA256

ec60beee43104003bc410371ae1ef8e846e17ff5733556dbd8e7acae68058200
SHA512

ede6e43c5e4dd56a68a15c06717241464ad9091ca30bd8092f9b10146156a1ae1b761b40bf20acd28a8be3038da7511d6fe3b21c6bb1f7e5d7794f667ff53f44
SSDEEP

49152:TZZuTCbQ4pPiwlugX+JmaSNzY/9rqYv4/QQB6xcz9fT++Y9H7FCD:dZ+Cbgwl1+J3K09O/dB6GxTKFg

Score

8^/10

Malware Config

Targets

- Target
  
  01181a8e0bc4def08284efb5ac9f840a_JaffaCakes118
- Size
  
  2.4MB
- MD5
  
  01181a8e0bc4def08284efb5ac9f840a
- SHA1
  
  68c761c2ccda1836051e20c5cf50b99efe6d3b77
- SHA256
  
  ec60beee43104003bc410371ae1ef8e846e17ff5733556dbd8e7acae68058200
- SHA512
  
  ede6e43c5e4dd56a68a15c06717241464ad9091ca30bd8092f9b10146156a1ae1b761b40bf20acd28a8be3038da7511d6fe3b21c6bb1f7e5d7794f667ff53f44
- SSDEEP
  
  49152:TZZuTCbQ4pPiwlugX+JmaSNzY/9rqYv4/QQB6xcz9fT++Y9H7FCD:dZ+Cbgwl1+J3K09O/dB6GxTKFg
Score

8^/10

discovery evasion spyware stealer
- Drops file in Drivers directory
- Stops running service(s)
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $0/SoftwareUpdate.exe
- Size
  
  896KB
- MD5
  
  5efa3a66b87d70a06dd95e03879702c7
- SHA1
  
  4d452010762f7e3669f33405e97273f2f325e499
- SHA256
  
  ce6a8bb9070ee46c5a02c825103d61caccca221edcb590297316055733b7d1f2
- SHA512
  
  8a7bbe63abd86468ec5eb3c6f431ce44efc0ca05dafd37797954c46281a1f126e05683d0aeabb4e12239ca42370be826be6299e99fe3ea8d3e5826b50896acbc
- SSDEEP
  
  24576:QmVjKhoVoRDmX8yuUXHhIHwtNPdiWVa6dYuKQOhgjPy:QUCw8yuSHIePdiWkbQOhyq
Score

1^/10
behavioral3 behavioral4
- Target
  
  add-certs.cmd
- Size
  
  3KB
- MD5
  
  5ac423d78077c6ec8d99974dd9681d11
- SHA1
  
  0d91d80de298fb008f522ed95842932bb92f6099
- SHA256
  
  664e3b7b27995e01fd31dff1699b39b995c0e9efebaefa16247669eafce08e08
- SHA512
  
  dce34c3dc7bb2cec567be2e12c0362be260c59b940efc869a2421f647af9ce847c4793c86f5a155206c2d41c40ee07144b81992f629ba8d9d2644834effdbda9
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral5 behavioral6
- Target
  
  bin/certutil.exe
- Size
  
  112KB
- MD5
  
  f8da06687fb47ca2c355c38ca2766262
- SHA1
  
  4b6bc2776a07cef559e2d9260ee7e3873d2b25d9
- SHA256
  
  64ad18f4d9bef01b86e39ca1e774dfa37db46bc8267453c418dd7f723d6d014c
- SHA512
  
  128605c51fd15599d69a2713f461605f069a71387ce176bd5afcc65c04a4ca240056b4c1e63846b7e02c29ecd2d163f7ca3b502d881c319203e2110c6fc05862
- SSDEEP
  
  3072:vLHYLWUjUOh73h/NvurB+mLBdQPUjRqv0hp:IWUjUO+XBdQPwAv0X
Score

1^/10
behavioral7 behavioral8
- Target
  
  bin/freebl3.dll
- Size
  
  314KB
- MD5
  
  f474dd91bb12f230209ec3163ce7e6c4
- SHA1
  
  04ff682e527a1c132f73bd836b7880dfa1128528
- SHA256
  
  f63b2cab4b77ac63a1beca66872a991e1f8233f2c513d42460dbf28c733b138c
- SHA512
  
  01f1feaacda301b013f5e097fa5816b0075b7389ee0522e8fe350802093f6cdfe6ade24ff2a0350896b333e44a77901bbcead85f8cf98bfa91fb110c18adbfee
- SSDEEP
  
  6144:rYq6WFCT7yIFyGre4gqvkeZEcoE9OhFPs3ivxVu0yUzHjp9AkVliqqDL687PXGHe:r5i7JlgqvkeZEcocOADUflHXqn6sIWB
Score

1^/10
behavioral10 behavioral9
- Target
  
  bin/msvcr120.dll
- Size
  
  948KB
- MD5
  
  034ccadc1c073e4216e9466b720f9849
- SHA1
  
  f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1
- SHA256
  
  86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f
- SHA512
  
  5f11ef92d936669ee834a5cef5c7d0e7703bf05d03dc4f09b9dcfe048d7d5adfaab6a9c7f42e8080a5e9aad44a35f39f3940d5cca20623d9cafe373c635570f7
- SSDEEP
  
  12288:LBmFyjLAOQaYkxGXPfY7eiWWcpOKnpTVOIxhK765qlRRb6x4pI23IbJQV:dmFyjLF847eiWWcoGZVOIxh/WxIAIbGV
Score

3^/10
behavioral11 behavioral12
- Target
  
  bin/nspr4.dll
- Size
  
  155KB
- MD5
  
  bd0e897dbc2dcc0cf1287ffd7c734cf0
- SHA1
  
  5c9c6c6082127d106520ff2e88d4cd4b665d134f
- SHA256
  
  2d2096447b366d6640f2670edb474ab208d8d85b5650db5e80cc985d1189f911
- SHA512
  
  db21b151b9877c9b5a5dc2eda3afa6a75a827ce1f340032427b7de1d9f9803767aecc582862b58885f456c78fc75ee529581089b725975600e45c6af785280a9
- SSDEEP
  
  3072:5XEjwQq1VzTiey++hdm0mCeZrkAhniYUwl5VFTF0Rda914+2FTTf4oLkPEb:dEMfieU8A2ijMTF0RdE14P5LkP
Score

3^/10
behavioral13 behavioral14
- Target
  
  bin/nss3.dll
- Size
  
  788KB
- MD5
  
  54f3932864eed803bd1cb82df43f0c76
- SHA1
  
  675960acfed6df22ae0a41973b08494554b37f1a
- SHA256
  
  96e068e6162a98d212b57c86b14fc539f1bbdccd363f68efd8cdfecc90c699d3
- SHA512
  
  3e1eccb33b8371dbe4801c5c3909130eb4e2a8a9aec80d2c7b2528b00dd137c5ffe672095963d207b48e10f8e024c34fe841aa7ed22c7b7fa6e058165fce90b8
- SSDEEP
  
  24576:fE0i/L+PiYRCYeqF54WhJAqSoOzut7EtYiaUMes5+99SFP4MSKE:sexRT8RMS/
Score

3^/10
behavioral15 behavioral16
- Target
  
  bin/nssckbi.dll
- Size
  
  426KB
- MD5
  
  40483977b63ff6382ba0e4fb03198c8b
- SHA1
  
  d6c291be675e45a2d270e77bbc8f73d8fa51d8ad
- SHA256
  
  bfa1de077f19afc7b21feb41891b4200a40b4dda114f483d4eb92ff7a375926d
- SHA512
  
  eba65f2f39f0e0fa317d5aea13f945a3a72da72cc31c0a0631b070ab3a914cc19250fc794c1294f4195657b6d79ac56e50190f3ed3745fcb37f4ebd833f16862
- SSDEEP
  
  6144:t2HwxiNQVRjpfTOIf4EUo4pVQ6i+8a9CftgcWGzGgI4oW:t2HwxiWV/7OIfh4pVb2/WGzGgI4oW
Score

3^/10
behavioral17 behavioral18
- Target
  
  bin/nssdbm3.dll
- Size
  
  100KB
- MD5
  
  8cc6a31974a175a65d6c090feed39f42
- SHA1
  
  30dfeddc8a4a59aeb7198d8cc9c712f3248a1e51
- SHA256
  
  f64111faa9966d7b7859c6467bedbd64559284b049f55ffadc54dfc50a3a4264
- SHA512
  
  597b2fb5ba96fe656e2c81d3d411adfc4e693510f130872e16c9cc70355b41fccfc0b9dbc16171af76e2caa7945fdf2519cea40b9ef1a161ed967346df595d5e
- SSDEEP
  
  3072:rHLNCxyxOuseQadJYO3bc3Vjo0ZQNf1v1ErPjH3XK:rrdrdJYOLt0ZG1gPjXX
Score

1^/10
behavioral19 behavioral20
- Target
  
  bin/nssutil3.dll
- Size
  
  108KB
- MD5
  
  c19416e9cf9e571068ca14276c6e0620
- SHA1
  
  b5e8ee4659b678fb3b234055b1eeda920eb20b30
- SHA256
  
  ba9341807b42e90bb0380d51a83d3d6a0de7d57b6820a8b0cbe5e36e978860fa
- SHA512
  
  5cde579f66e0677f1419dc11723e1f7b5a7d408b4b3250e26aa0c0863a46b6fd86f17813416769f1eec89375f3c9c83fed468a17d1ef80f83ff1744927e7da79
- SSDEEP
  
  1536:QlEUXeNbfEzPX5FdEsom/cbvczqvooFPrSd8kBlUT1SB:qlybfEbXTd5wbvYqf0d8kBlUT1SB
Score

3^/10
behavioral21 behavioral22
- Target
  
  bin/plc4.dll
- Size
  
  13KB
- MD5
  
  88b4df8d7d536a195f866b70c48ed534
- SHA1
  
  a385bcd411c3dfad1c08cf56977c1ba45ecbf2f9
- SHA256
  
  09f01488a002915b8472a4e82adb7a3e8cb43bd77db347b0178eae614f846a0a
- SHA512
  
  b8291cc96a40391d69a75dd348204083f2e21a752a8af3339fd524f8dbb9947575c33eb8ecf77fc177cf2e3568777b2de267cf63301034b28adcfef40ab821c1
- SSDEEP
  
  192:gw+B2CXVETJWuHXzJqjtWoFyR5h+cBCyvqGnnnLGjV0BYpa3XGU0ki:oBH2VWu3Vqj8oFOjGsGjVAYIH0ki
Score

3^/10
behavioral23 behavioral24
- Target
  
  bin/plds4.dll
- Size
  
  11KB
- MD5
  
  b7ed50495d311cf6e7ad247968dd2079
- SHA1
  
  3364725821ea012f8fa99df102677befc5ff929f
- SHA256
  
  20166e281b31ae60672b9d87cb69fcba0c38cc5e18a8ba081c5601ccfab7589f
- SHA512
  
  a783f0a00d016a5974f87399637bddd5a5821e3a79c5acb2f6b3f097c9bffefb8a1dee7d968c0646faa2d854a105c57988d244d9c47fb9c189d8383c00a8d2fe
- SSDEEP
  
  192:PMf3jwDmDS5J3HcLK9gRIcsumHu4BGeTNN+b9omw5TYlFQ3XGU0r3zqY:PMkDmS5ZcLK9gufNBdxl9klFwH0r35
Score

3^/10
behavioral25 behavioral26
- Target
  
  bin/smime3.dll
- Size
  
  96KB
- MD5
  
  94624bbab23a92e0a5f90cce9a5a340d
- SHA1
  
  a81d1e0a2c75657f698cee9346fa85423b9b365f
- SHA256
  
  b0104ea7aaa257b111982bd0763c1c47fff76bd70249f84dcad834d50444df1a
- SHA512
  
  d623e4d271a0dcc0f16e4a2dc4d10422de42445d6da60a5fdb149c511b5e5363de448696592e11dce118f950eed2e92cffb78056c80e1a8e3a42d44ec54cb9f3
- SSDEEP
  
  3072:zmutViJeP5/spfYAYJV+1W26doizknjBNNqG5NFxXy4/H:zmutzP5/spfYAkV+1WpzeNqGG4
Score

3^/10
behavioral27 behavioral28
- Target
  
  bin/softokn3.dll
- Size
  
  166KB
- MD5
  
  6832b9a7ab871d81be42054f117b8299
- SHA1
  
  935c0fe7e6cb356a8854e3b7046fd7fc0aa29c61
- SHA256
  
  b1316e04b3bf464906f4e015d3e71b4e06a65cc6e59a20a96984ee1e862dcb0e
- SHA512
  
  e6579f7df7b3c43219e47630a6b51a576d2ffa9902ddb0f309f5ccb210242dd16ebec75439b2bac22e5cb0b62984386cb6eb4190b2914827b79e3e4afbbdee9c
- SSDEEP
  
  3072:+dGb9/jT+3ZazHitaf6fc5q/RYmgdwy6jnwU8AF+3eWQAZHbC:+dGb9/+3sLia6u7Ih8AsRhBe
Score

3^/10
behavioral29 behavioral30
- Target
  
  bin/sqlite3.dll
- Size
  
  467KB
- MD5
  
  3a58690aff7051bb18ea9d764a450551
- SHA1
  
  5ce859b3229da70925ffa25564cb6d7c84dd6c36
- SHA256
  
  d2d0b729837574d2eb6adac4f819bc4f8534ac9a43b17663942b2401a02db02a
- SHA512
  
  299634094a624ee8ad2898d3f2bdf8fee23f234c160992e68d087af828a16ff18e3d1fb1ca5755e82f592d6e3e335c63a9c8dad04ef003d2127bbfcdbec649d4
- SSDEEP
  
  12288:rF2tNYpFGB/zPDxB9+lfwskvdkuuNRcsUBm+6dwczL:wYpABLclfokbAsUBP+
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Service Stop

T1489

Tasks

Sharing

General

Malware Config

Targets

Drops file in Drivers directory

Stops running service(s)

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Checks installed software on the system

Reads user/profile data of web browsers

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32