121b577a7dac22764c8d5e89c1b0504edf7803fdf6c5ed15c0c432d9605b4f7a

Sharing

Copy URL

Twitter E-mail

General

Target

04210d6c97e3cc1e7a343d92be684ee6_JaffaCakes118
Size

9.6MB
Sample

240428-ce98kseb3y
MD5

04210d6c97e3cc1e7a343d92be684ee6
SHA1

59c7a4c842faf91d26f4a98d33b92595a06e713e
SHA256

121b577a7dac22764c8d5e89c1b0504edf7803fdf6c5ed15c0c432d9605b4f7a
SHA512

c5d6843a8ce0e87fd5b2b1df9a1314955be8f98179d00868fbbf6c7889e897e2049aecd11ae5fcc9bd016f9e7b89b839b47f9171e376abb01ba7c6de46c8a158
SSDEEP

196608:QQON6Gif26Z5Ayrb9TTg7ReSxDkN02Nd9KYZ4u7rHc7vMZX0H3MUWUu6dXfr1:pIkbAyr5qkSBk224WoMZX0+sZD1

Score

7^/10

Malware Config

Targets

- Target
  
  04210d6c97e3cc1e7a343d92be684ee6_JaffaCakes118
- Size
  
  9.6MB
- MD5
  
  04210d6c97e3cc1e7a343d92be684ee6
- SHA1
  
  59c7a4c842faf91d26f4a98d33b92595a06e713e
- SHA256
  
  121b577a7dac22764c8d5e89c1b0504edf7803fdf6c5ed15c0c432d9605b4f7a
- SHA512
  
  c5d6843a8ce0e87fd5b2b1df9a1314955be8f98179d00868fbbf6c7889e897e2049aecd11ae5fcc9bd016f9e7b89b839b47f9171e376abb01ba7c6de46c8a158
- SSDEEP
  
  196608:QQON6Gif26Z5Ayrb9TTg7ReSxDkN02Nd9KYZ4u7rHc7vMZX0H3MUWUu6dXfr1:pIkbAyr5qkSBk224WoMZX0+sZD1
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/PW001.exe
- Size
  
  894KB
- MD5
  
  14e8afb1eeccf97178b645f49d2ea7a1
- SHA1
  
  4ba319f46201d7af9c01b28cfc53ba7975c4bc3e
- SHA256
  
  1c52b0c39ae1f8405f09fab77e2ff02cc5083b0b329d06c979f4ca4f2eb1f934
- SHA512
  
  2e3a78b5d2794c03b672eecc8e30e3d17fcf9119102859eb02cc5d918b2bd3b8cf59b2e5bffd0b304dc8ca6d6ad5149114e964950d720812d062fc029cc6f137
- SSDEEP
  
  24576:fG50ZfFK6MLYptRReZ3kTE3S00B1RxjBnYy+olZhDvL1g:fG5UfgVYlMRkTEiRBPxJBVZhDC
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/SimpleFC.dll
- Size
  
  175KB
- MD5
  
  d38543fc9ae37d188a23e06ee11d3504
- SHA1
  
  174fe778f66db4a527fddf21b1c23e1bc1ceceeb
- SHA256
  
  72f33da081b8d579f437e7aa2ba8d9cb9602270b88093ff9411ac6316b52fc6e
- SHA512
  
  43d1874e5821d8e5530eaa34d42b76aa867528368779fadcfd2691825297accf04e94bd34867442a76c25d4729edefba9469de6500acfe6f665949f11878c54b
- SSDEEP
  
  3072:l2sd6EP05etg+rKTTmYjcnPMdsRrdU+/mbM/AuaNoNglzppVn5O4z6ULfLb6Cu:Us4zIg+rKTTmnhfAoSxZ5OVu/
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  bf712f32249029466fa86756f5546950
- SHA1
  
  75ac4dc4808ac148ddd78f6b89a51afbd4091c2e
- SHA256
  
  7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
- SHA512
  
  13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4
- SSDEEP
  
  192:0N2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Kx:rJoiO8V2upW7vQjS/
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/inetc.dll
- Size
  
  24KB
- MD5
  
  1fc1fbb2c7a14b7901fc9abbd6dbef10
- SHA1
  
  4d9ed86f31075a3d3f674ff78f39c190a4098126
- SHA256
  
  4f26394c93f1acb315c42c351983dafc7f094b2d05db6d7a1ba7dcb39a3a599e
- SHA512
  
  76d8ff7fc301cc5ff966ad8be17f0f3f2d869ef797c5a2c55a062305c02133a842906448741bf9818ec369bbb2932b9a9c2193ebc59835b50e8703db0090fdb2
- SSDEEP
  
  384:ya3Bj/GAqvdXP4P4IVlht8zNHxKNSJvor9e9dQTIHzOZwceyeZwd6TJdpq:yRtqLhtqKNS5sAvQTIB86T0
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  4ccc4a742d4423f2f0ed744fd9c81f63
- SHA1
  
  704f00a1acc327fd879cf75fc90d0b8f927c36bc
- SHA256
  
  416133dd86c0dff6b0fcaf1f46dfe97fdc85b37f90effb2d369164a8f7e13ae6
- SHA512
  
  790c5eb1f8b297e45054c855b66dfc18e9f3f1b1870559014dbefa3b9d5b6d33a993a9e089202e70f51a55d859b74e8605c6f633386fd9189b6f78941bf1bfdb
- SSDEEP
  
  192:SbEunjqjIcESwFlioU3M0LLF/t8t9pKSfOi:SbESjFCw6oWPFl8jfOi
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/vcredist_x86.exe
- Size
  
  2.6MB
- MD5
  
  5c82be7ad1775b67916ee19c15b99331
- SHA1
  
  7dfa98be78249921dd0eedb9a3dd809e7d215c8d
- SHA256
  
  eb00f891919d4f894ab725b158459db8834470c382dc60cd3c3ee2c6de6da92c
- SHA512
  
  2c505476c81ad32a4904d57d9214bbaa805891c261e010b08055896dca32cfd426f4d13d14a96022fda9a5d8ecd638d65bc37baefed216a2517f07e9acb6939d
- SSDEEP
  
  49152:7XOOTQyCR1e8HkA7pFomV4d4QN3uoxFit39/SZrPfLHkAZ0oI006q/HVFlQE+QD9:77EzzzJp0+ojyFALE4hIP/HRXP7x
Score

7^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral13 behavioral14
- Target
  
  7ZipBuilder.dll
- Size
  
  78KB
- MD5
  
  ae58a65957b0582620f602158d2b022f
- SHA1
  
  ae2883a00420c3cd8a0cc922e1f594a5c879fa17
- SHA256
  
  807d62849083fba827c54f3461f820dff32033e666f2f6845c61ea22ca341a4a
- SHA512
  
  b5272530793dc5ef502e6388c848368aa71eee803be3e5779acbeb1f4c2452d5e157bdce0ae848f82ebde892eb0bf1b70b12fadff3efc725e07fa8e7baa0d372
- SSDEEP
  
  1536:4oJPWvozDqtbkJEtPH/PsmA+7DbK7r14nm:7tGofqtQJi/PsmA+7DbSb
Score

1^/10
behavioral15 behavioral16
- Target
  
  7zxa.dll
- Size
  
  171KB
- MD5
  
  1cf011c4c0aeb50a46ce6d04ec47adf2
- SHA1
  
  80edc3f772084a8cbec182f1c588cd9f6f9c7df4
- SHA256
  
  d86b46836fd0a1d7488d1f8a01dbd831c5301c2a7b733aef584de7891cf2771a
- SHA512
  
  095f340db7c279832711ac4ed3bd932fe809f3d30d72ee6dc1357ffe4d77c6a68825967eaef4a33763bd1bfc1b476314dac44bb0552fac152ba6acd73d0660b8
- SSDEEP
  
  3072:Gc1Cwwna6ODBgYc6MDV3WX+87F0z19T1BoFOysbK9IKFFZpGCGklyIAv:GtaHDBgYP0wB7F03xysmBEC0Lv
Score

1^/10
behavioral17 behavioral18
- Target
  
  BugTrap.dll
- Size
  
  245KB
- MD5
  
  05c7a07dee252bfebbd8da6d6c33a5f8
- SHA1
  
  2d006834bb45ce6fa3ac07a0a871323b9d60137d
- SHA256
  
  80fac535f67fa93304bfd181cb77be2cdd7a263b34e19d477b3c6f1fb974d03a
- SHA512
  
  1bfcd25386fe8560ff842a346f51b27d900498e029e0a047ea0d3151960a42b41557d621d028420c6ce8ac2c1250de8f4f8b839d8d55371adeae9b33ecc2e42b
- SSDEEP
  
  3072:Vuj9UeV71NBHRSDUPxfCFRFYFE0szgzXyILt2vD0qcxrParYEctBYWBL17dK:Vues7pHgDUPxfCFRFYFrsiXykF9asdK
Score

1^/10
behavioral19 behavioral20
- Target
  
  Crux P2P.exe
- Size
  
  4.3MB
- MD5
  
  08c716898f568707c4514bbb485142a1
- SHA1
  
  b210be49e57c9da57b9e7762ba11023e9a4f0527
- SHA256
  
  e96b17d8b68aa6aaa20621c086d9cc4562832c5d8f2cc91e0e5484e1b5be44bc
- SHA512
  
  940ac0fb7eee08eba0ecb395920b5814729e2b8e7f9d7ad2a366aaa2561e28659ccb59b81ac304c3d5b1a74d442aa503d025f1cf07c95480291f33ed359c895b
- SSDEEP
  
  98304:HZadBHHx3WuEWAYJvO094J1ZcDKxclTQ/3XjUtCLvfHunLoxHVUA/bSGCQOm4bdt:HZQRx3WuuYhOuKaE0PJ/
Score

7^/10

adware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops desktop.ini file(s)
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral21 behavioral22
- Target
  
  DocumentReader.dll
- Size
  
  133KB
- MD5
  
  57a119e53a13833a2b17a66c283d60a4
- SHA1
  
  6de7d3a844e8157b71e9fef01e9ce00140c73c14
- SHA256
  
  d1b76d39ee0358407025a4214a8e8b58ba85dcc807f29294fb56991b02c7d50f
- SHA512
  
  bd93faedc07475881c737f1ad2e23f70fc4681151b1acfa1532c0b3eeb9f76717f92da27c8a86485fea06dd0e4dd63224dcd2318852d3ad6fba272251f263b84
- SSDEEP
  
  3072:ASGlTEZNIr1KqsnVA5OctzRD+T0XO+mu:ASQhV5xrtX
Score

1^/10
behavioral23 behavioral24
- Target
  
  GFLImageServices.dll
- Size
  
  92KB
- MD5
  
  7f490c0df4f4b406f885e33871f16303
- SHA1
  
  7c138c8740823f8f17b5cfbf64515881332096e6
- SHA256
  
  eb67c04ad1fc64e16d3f34a19194b321b6736e42a3a9975522b0570e399679d5
- SHA512
  
  f82f884fdb4b5692a9d37361c804f595e329e63b3cc366b9c3cb7cb39b49f0d7266ffc587d4a0fb39b78ade483462d82ec96c4e5ce38772dd90677866f889c86
- SSDEEP
  
  1536:swrH/GZD0ctEyrt1R4KnGhglPjCVHSDTAn6KOxjEY+f6E1YuX:sSOZoSEyJ17GhO/iujEY+f6E1z
Score

1^/10
behavioral25 behavioral26
- Target
  
  GFLLibraryBuilder.dll
- Size
  
  94KB
- MD5
  
  94c436a39c7a0a5b5a2a67dc33d8b6b2
- SHA1
  
  691afd5f8d88ad6ac6de6f38be9d8389e8c7d28d
- SHA256
  
  4f552fe9d1752a3e83fefacd51432e87d7f03082bd49105634e02372ae5a775d
- SHA512
  
  fd0f169520dcdf0d924b68bc1694f860f24676f00d2942000898321e08b4dfdb5d6b18dec4cd15a92799d7c8da9fa697b86a1be2b43a8562e58930add50b6d88
- SSDEEP
  
  1536:Va2bA5dMuyhOfgr/BLkv5onLKR9CinKy+Twtogh4tDIF:Va2s5dQSgrITfCiKy+TwSSF
Score

1^/10
behavioral27 behavioral28
- Target
  
  GeoIP.dll
- Size
  
  95KB
- MD5
  
  18acbac35973dd1a370eb084d3248a1c
- SHA1
  
  06d9b1011e8da4d32966f3f9b99d09914937c956
- SHA256
  
  7c9bc79832d4d95bacdcc7c3d3b9a09e907b0486a83f2b51ba97379ffb8b107f
- SHA512
  
  169e6d70e552d487bb89987beba8b15d0e3086ba484c436494f189c3d780b3a680e67d851ce31bbb63fe86c88ace464123752a3f649be36937e0a0a4155d02a4
- SSDEEP
  
  1536:JvYtAjfQa/bvEB7dD/xFUyYW0AVGURtgty90Dxp+Clo:SPaI7dlFUac+gW0Df+Clo
Score

3^/10
behavioral29 behavioral30
- Target
  
  HashLib.dll
- Size
  
  85KB
- MD5
  
  d4c56b38c61b62cd4fda14f9e46a4a3d
- SHA1
  
  e63a2cd59ff19042fd5fece5a9812f10e426639e
- SHA256
  
  6c5356f08f65135ae30e7208f91cf87f1e89731794ca5d0b5e8464efb5b82ffd
- SHA512
  
  e71ff82a905ba903726f05e0b18a403d0bb7bf769d4dfbaa01092c41a9d03c89303daa1363ab00c81b9b4cba81b4fe24fb326e828f6e0a2f4cb5c3499ca6fcb9
- SSDEEP
  
  1536:ou+QKy8A04dWZVRxyMfKpKQwOmu2JiQykO8hvELviU0:kdA04RbZ2J9ykOT6U
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Enumerates connected drives

Checks computer location settings

Drops desktop.ini file(s)

Installs/modifies Browser Helper Object

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32