61644eb98d810dfd3d994ef8efb46e8e228dab3e110b6d3a0bee1fc41ca4f682

Sharing

Copy URL

Twitter E-mail

General

Target

05167b67467ef0e7846d97b97e2f9205_JaffaCakes118
Size

6.5MB
Sample

240428-nlhyfsef59
MD5

05167b67467ef0e7846d97b97e2f9205
SHA1

e98b79bd7b0926dae5d0ddd343803a97a8219079
SHA256

61644eb98d810dfd3d994ef8efb46e8e228dab3e110b6d3a0bee1fc41ca4f682
SHA512

794d6631169ce34c9697411ad8d0ef2ca29c26cbaa6bc23895f9dc2ab405613f169842603094f6f93a4566a1e730e44184d6de125b6c975725d20715d1a96069
SSDEEP

196608:yOZx7ofnfWSUHkVlHuJbDo7ZkzI3E+hocCcBU:yOZanfWHkVlOq7EI31hTLBU

Score

10^/10

Malware Config

Targets

- Target
  
  05167b67467ef0e7846d97b97e2f9205_JaffaCakes118
- Size
  
  6.5MB
- MD5
  
  05167b67467ef0e7846d97b97e2f9205
- SHA1
  
  e98b79bd7b0926dae5d0ddd343803a97a8219079
- SHA256
  
  61644eb98d810dfd3d994ef8efb46e8e228dab3e110b6d3a0bee1fc41ca4f682
- SHA512
  
  794d6631169ce34c9697411ad8d0ef2ca29c26cbaa6bc23895f9dc2ab405613f169842603094f6f93a4566a1e730e44184d6de125b6c975725d20715d1a96069
- SSDEEP
  
  196608:yOZx7ofnfWSUHkVlHuJbDo7ZkzI3E+hocCcBU:yOZanfWHkVlOq7EI31hTLBU
Score

10^/10

evasion persistence trojan upx discovery spyware stealer
- Windows security bypass
  evasion trojan
- Creates new service(s)
  persistence
- Drops file in Drivers directory
- Stops running service(s)
  evasion
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/OkXQbfVygaX.dll
- Size
  
  452KB
- MD5
  
  57c38bcbce8a3c44d744d582adc87f54
- SHA1
  
  5d6478d9b9000a3504fdf26fdec05d0e18ba0c92
- SHA256
  
  915ae398218b61dcb81623857d1043abbec9a4a69b235a588ab504487e7f69f6
- SHA512
  
  eb9af37e6cd2b88660c8c53b5d52b5e604e5dceb0f0ba79f2852bb3a9e466f57dfe17a27a35f7a80f69f63d6bbd237b2907e0cf218fb3be52f41660d0e8bc98c
- SSDEEP
  
  6144:4hE6F6aCBaFStIszVXt5n14w42eT4X08vUuMVr:4+0MKsz5nb42eTo0zVr
Score

1^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/WBjXICmobuo.dll
- Size
  
  194KB
- MD5
  
  e2bd671e9e344851311370d202d5408a
- SHA1
  
  880b152faa5af7848a3fb19be4bb8ee53c86ecd7
- SHA256
  
  7a3071b7db37718a9879071ca3d33a05598eb2543b7448fb2daa2f4175675055
- SHA512
  
  ed3a3fa3dd22ce4ce3c74a68e8b82efa0d96f99d5fe5037e907e076aaf8160ef3a269a2ea2a212705a267f1803ba4aab294d1caab3a1451df5d2d3c6f1bb552b
- SSDEEP
  
  3072:IHxbHx0r2bvCYlLwFqoPP6++/Ekiu6uioOevtibgt:QbOrG8Fqw6akiu6uioOu4g
Score

1^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/hohtPMSjwNy.dll
- Size
  
  290KB
- MD5
  
  6b129edef72be41a55261016624f3ae2
- SHA1
  
  ca46a503bc3531cb26281461da0d7a09b0804e77
- SHA256
  
  7b99468236337b01d2e234f2a0e58188f7f210836228d9e31e3d721a008980ed
- SHA512
  
  2f6f0133a0d157f41955edf93c82820a239067145300c9cab7bfe9c842a0da6875f384f8048e257d22cc53cb3a86f76bf9e160d6c28b05ddef8ae7336b7d656a
- SSDEEP
  
  6144:SaYvd1GC/FyPSfUz93l1z0Ds6DsLTBOMeBkGch:DG/FyPSfUz93rzxTsMnGch
Score

1^/10
behavioral7 behavioral8
- Target
  
  $TEMP/oGcmpKezXmV.js
- Size
  
  356B
- MD5
  
  a35b87106725234045494a6404a003f9
- SHA1
  
  f4d1a2529a271946382c17132a5ebea6449a753f
- SHA256
  
  17aa4126885d2299ada9a5e3fa5c21dc52e133bfed72a25a96e0152044ea2cd4
- SHA512
  
  7924482b9e20801dd8d7abacd6fc4d2a1f182e4f663b0a519518e33c04b482d35d17d277af1e9555f9e8a3a92e67935dabbc5302507b2924ac4cc9b34546dd17
Score

1^/10
behavioral10 behavioral9