d11ecfdc1f5d350ff4ff2d1aa08d4e72b0eb424203aee450d39a63c21e489146

Sharing

Copy URL

Twitter E-mail

General

Target

0543e7ac313b3445d749bec7aa96325d_JaffaCakes118
Size

561KB
Sample

240428-qfkwzage72
MD5

0543e7ac313b3445d749bec7aa96325d
SHA1

034ad5993fbfeecac3e1668dcba6a839b7249b86
SHA256

d11ecfdc1f5d350ff4ff2d1aa08d4e72b0eb424203aee450d39a63c21e489146
SHA512

378449930dae4b69bd8b08d68d30e89ff50b71fca404f12fcafcb7a5a2a0f2a81fb31620233c5125d02ba0f9098f830776951d4d02a6ea5161c25c7b39c64ba0
SSDEEP

12288:NxBQrt3Cy7V0h1QWmojX+7oRwm2hRo0sf/bmHr8u8CfiLs08aQNn:N7ct3Cx1mdowmgNsnbmL8u8CfiLs08n

Score

7^/10

Malware Config

Targets

- Target
  
  0543e7ac313b3445d749bec7aa96325d_JaffaCakes118
- Size
  
  561KB
- MD5
  
  0543e7ac313b3445d749bec7aa96325d
- SHA1
  
  034ad5993fbfeecac3e1668dcba6a839b7249b86
- SHA256
  
  d11ecfdc1f5d350ff4ff2d1aa08d4e72b0eb424203aee450d39a63c21e489146
- SHA512
  
  378449930dae4b69bd8b08d68d30e89ff50b71fca404f12fcafcb7a5a2a0f2a81fb31620233c5125d02ba0f9098f830776951d4d02a6ea5161c25c7b39c64ba0
- SSDEEP
  
  12288:NxBQrt3Cy7V0h1QWmojX+7oRwm2hRo0sf/bmHr8u8CfiLs08aQNn:N7ct3Cx1mdowmgNsnbmL8u8CfiLs08n
Score

7^/10

adware discovery spyware stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/KillProcDLL.dll
- Size
  
  32KB
- MD5
  
  83142eac84475f4ca889c73f10d9c179
- SHA1
  
  dbe43c0de8ef881466bd74861b2e5b17598b5ce8
- SHA256
  
  ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729
- SHA512
  
  1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1
- SSDEEP
  
  384:3rYz6grZodORNWATt4TBmlk5ooyzFh7BukAUdJoUtSOSR:3QggDWATWNCFh7BNddJoxO+
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  17KB
- MD5
  
  88ad3fd90fc52ac3ee0441a38400a384
- SHA1
  
  08bc9e1f5951b54126b5c3c769e3eaed42f3d10b
- SHA256
  
  e58884695378cf02715373928bb8ade270baf03144369463f505c3b3808cbc42
- SHA512
  
  359496f571e6fa2ec4c5ab5bd1d35d1330586f624228713ae55c65a69e07d8623022ef54337c22c3aab558a9b74d9977c8436f5fea4194899d9ef3ffd74e7dbb
- SSDEEP
  
  384:59TzaeW+WyB8c7LX+OGkrwWvVrkUiEMAWm5nskAvXkq:5ZaB+W62Mr5vGUiEum5sk
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/inetc.dll
- Size
  
  20KB
- MD5
  
  4c01fdfd2b57b32046b3b3635a4f4df8
- SHA1
  
  e0af8e418cbe2b2783b5de93279a3b5dcb73490e
- SHA256
  
  b98e21645910f82b328f30c644b86c112969b42697e797671647b09eb40ad014
- SHA512
  
  cbd354536e2a970d31ba69024208673b1dc56603ad604ff17c5840b4371958fc22bafd90040ae3fb19ae9c248b2cfce08d0bc73cc93481f02c73b86dbc0697b2
- SSDEEP
  
  384:rJBJ8VnX8K+uKn2WQJdxbs3aEUhU7ya4L60Ac9khYLMkIX0+GwNyEAG:3J8+K+uK2WQJdxbsqEUhUua4L6AG
Score

3^/10
behavioral10 behavioral9
- Target
  
  chrome/content/browserevents.js
- Size
  
  7KB
- MD5
  
  e0a0d7cabb2100e1038b66a9b35a2473
- SHA1
  
  0a3dc3f5741945aac613a6f2897d63f94c2aad14
- SHA256
  
  a6637bd95a59cd0aa51a6ee0a55356cf4558d5dd5621ead8fea2ccf2e88e190e
- SHA512
  
  48813c47ec84ac76bc24e5e23a2a956822c6c97fc350798a620187e8b5a465e83c8c6b3670d78bfdf4ae47e02753793fe4ad477544fb82df9c74ebf952ab1c6d
- SSDEEP
  
  96:sLJQYQVongLT8+FCqDnB6ltJ+2CQ9Ra2KiYDuHOBdsWRAZoDq+BD18a7:sLiLVT8LwZQ9sBBds8AZa+I
Score

1^/10
behavioral11 behavioral12
- Target
  
  chrome/content/configuration.js
- Size
  
  10KB
- MD5
  
  18461742700dcf13db16c2aa64af40e5
- SHA1
  
  0f46c6ebc3f5ffb2ba77d344fb4e3005d27ac9e9
- SHA256
  
  67e54dad1106a42f96fe5f17c6aaff33bc587cfb8dd2420a93a0748c0c41554e
- SHA512
  
  14ecc4939ba2865e5bd944fd3c6ccc3e8fe40c62b63d883495d29b25f306c46fd2576dbe5f456cb1c037eeef4d050b46ea38e7cf1af45415b5a634283b7a0c26
- SSDEEP
  
  96:F7dzYH6ILBrK13khdrWhoie628W85WF0fMOo7MR16Mrn+owdFAJ:F7dzY6EK13khcoie6xR5W8MLSAi
Score

1^/10
behavioral13 behavioral14
- Target
  
  chrome/content/consts.js
- Size
  
  1KB
- MD5
  
  e405646f42e1ca67a6d69a0d8949294c
- SHA1
  
  5a92823ad568bd8a64e2a091c9fe75e8709d0551
- SHA256
  
  d46aafa211008261f5c34c062ea84db10edab4e73721b83b842be9f1bdb85586
- SHA512
  
  400b0106097522f7c1145ede669155f6412cf2ebff8566f59460dd3391e40cd1cf4960c353a204565e0879459cf0605f548f34c0c5e3c3859457e72938535864
Score

1^/10
behavioral15 behavioral16
- Target
  
  chrome/content/diagnostics.js
- Size
  
  1KB
- MD5
  
  bbb53533b7cec2039b2b33b98e7e87fd
- SHA1
  
  f14512f9b397bdb4202d39acf5959ca056389970
- SHA256
  
  93ce6427de950a599d0475d33ac9c42610613f434a3d3706cff634ef7654ac8a
- SHA512
  
  bf484d7cd7b23ac99419f80ccf51464561fff3cdddd3bb2a3549b37e9c54f3bbd76499bc65a4328e48b5698258fc6207cb7d393561b12b078f798f9b5d1d829b
Score

1^/10
behavioral17 behavioral18
- Target
  
  chrome/content/format.js
- Size
  
  999B
- MD5
  
  ce55f10e86c34b20fc340cc02b2edabc
- SHA1
  
  58373e51d8c7c05a1c7e9753502b0d73920d6515
- SHA256
  
  615388bee1427d458bcdd292c33510c3cd882e4cb29f4b6d695d2941728a3803
- SHA512
  
  bc026a4152087ac4b7351c2d569e77352130872946b9bf73746860d5e9eba2174b821044a7cb0b6b060e01f7876b9752e43ed9432fcf51abeb5779cb98f5068c
Score

1^/10
behavioral19 behavioral20
- Target
  
  chrome/content/jquery-1.4.4.min.js
- Size
  
  76KB
- MD5
  
  b76fc63a9c3fc4293fb90990818dd100
- SHA1
  
  7d591c32b44e66c2b1aadec2dd0d1e2f88a5bb3a
- SHA256
  
  48d685402b465594e6ec567be7f1cddcedadc9b6721f5eed1ffe7555c15ef0dc
- SHA512
  
  8694c0da19bb9586b3a9ea8a791978a3dba3f4edc397a058fde91ff1a863432b039ead2e3b3758c10581da93ad1ced52a334de57b38a6e7e935ad9798075f473
- SSDEEP
  
  1536:KqlVunnadmaVWfGx7SD/7VBfuwNPY9TV6k+tly3p40CSoPjCAl6jHkA4x9K:KQQadLy7aVCSojlakA4x9K
Score

1^/10
behavioral21 behavioral22
- Target
  
  chrome/content/main.js
- Size
  
  8KB
- MD5
  
  a00ea238de4c8ef16bd6a4c524626d49
- SHA1
  
  e2dbccf7aa733e96b1f32828bf802f73fa8f2406
- SHA256
  
  057ace837b853f48417f3c4634a4a3c0188c61aaa5a5cf8f926e683fccfb8e62
- SHA512
  
  3f09ffddbf3dbe195ad16b34d6bec708ae96a4bff3b9912d9ab36fa60d5529a280dad98b315b7fcf78450cacfcd3990490d344f87bf9f1fed191b236fa697c54
- SSDEEP
  
  96:T15EFojDZ4BNUpvKy0jFojDZ9PKUtNFojKpOuC1tpstp0I+tpXzDjfs5Rqi93Ii1:R6iJ43UYy6iJNriGi4hGDyYipZGUV
Score

1^/10
behavioral23 behavioral24
- Target
  
  chrome/content/request.js
- Size
  
  11KB
- MD5
  
  ccad9f96573d782e2445d580adabfe69
- SHA1
  
  b1d0cfa4fa1814506405ed42a9e6216347800208
- SHA256
  
  8363133edc4d2ffe7d5713d48452e2e174772b1fa2dbc5c587c9ac24a43cbb0f
- SHA512
  
  45102d2961c40d75b1e3d51b949c5bacb1b7b05e099c1fa23b78446db11c771f54369ef1898f20b662c3c489d50f6d0c371d4291835a66798dd192ab9d1dd87e
- SSDEEP
  
  192:hqvuMD8gl81VBvUSW5HvZx1OHqKGWQKardX7j:IJlYQP/
Score

1^/10
behavioral25 behavioral26
- Target
  
  chrome/content/script.js
- Size
  
  15KB
- MD5
  
  b63a01837ea94bf812d5de6f4dabec3f
- SHA1
  
  d5e780a34eddef149c24195204e678ecd99addf9
- SHA256
  
  36e7a2390c12c3c47d24f762bb703cae151b86875ef97d7a3b787b8a1bc7b22d
- SHA512
  
  ef09e4d3c924057041cef5d130eac67cf7667b9e4164b7cf6e58a844a9349faf196b402a07973be8a1762bf851676f330f53839e0a5d171d707af9091ae7e62f
- SSDEEP
  
  384:hfzbFV2KYuFf4hLm2a4Ol/nrVBOFXf3V+47Hb1bjK:lT2IkZ8r+FXc47Hb1bjK
Score

1^/10
behavioral27 behavioral28
- Target
  
  chrome/content/stats.js
- Size
  
  3KB
- MD5
  
  999a61e890d4521734855f2bd03a3ed2
- SHA1
  
  707f0ec7baa4a464ad5f2fed00a15478d086a567
- SHA256
  
  e1b27b238d6df4427164ba737d0388e7a49aed24b036624693c074dd8fa83dd3
- SHA512
  
  371fa5420b9e8184afa047b3a005eabcbe59ce7dd155a3df8048d155b31dc3009eab51381c523cdc7c49820badf6ccfbbcc6c0df5328ca096678bfaeaa9b1c08
Score

1^/10
behavioral29 behavioral30
- Target
  
  chrome/content/storage.js
- Size
  
  15KB
- MD5
  
  a92f58a0d8ab6e87c99d9f1add414e9d
- SHA1
  
  11edcd6b9953a37c10acfa6371390c98199f7311
- SHA256
  
  79551f543bb6c6fa159c4aad316eae03abfc3fab553b0ff5d4a0c40ac014fc79
- SHA512
  
  5256a27f4f9101ae6cb6749025e3910121dd5410ae83e38911f647a814a545d4d87f65a98f68a63ac1a30b95d52eefdc487192bee72b8254287f000007d9629a
- SSDEEP
  
  192:QYGUFDdStwK6TxCKejMSfdSLbK+cR/QC5opKS+sD+FRcblY9P7:Btx1b9IQCqYd
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Drops startup file

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Checks installed software on the system

Drops Chrome extension

Installs/modifies Browser Helper Object

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32