cd0fed0b2f7dd886deae0f349672a465fa91c68673c0c6ca7b98bc2734b68728

Sharing

Copy URL

Twitter E-mail

General

Target

0662d11d5a98875b8b02f9cc1c49924b_JaffaCakes118
Size

2.8MB
Sample

240429-ahmwcacf54
MD5

0662d11d5a98875b8b02f9cc1c49924b
SHA1

1e3f62a2faf4742ef51c3abaa65d7a77e1f2671c
SHA256

cd0fed0b2f7dd886deae0f349672a465fa91c68673c0c6ca7b98bc2734b68728
SHA512

8a357f36099507a6f48a53f8ba3aeb78f3546d9d0fff1229001a4d2b1b3699f946484d3b13a4d548e700c2c7ced7007c888502e4d058933a64509fdf27fbe0b6
SSDEEP

49152:ZP8j/XX1Er0sjGK6NkqG6steam6kr/g4QfQyoFANVLG/N53Pwaa2JRpsOa30:hmPF+56Natnm6k7g4QTgDvasRps1

Score

7^/10

Malware Config

Targets

- Target
  
  0662d11d5a98875b8b02f9cc1c49924b_JaffaCakes118
- Size
  
  2.8MB
- MD5
  
  0662d11d5a98875b8b02f9cc1c49924b
- SHA1
  
  1e3f62a2faf4742ef51c3abaa65d7a77e1f2671c
- SHA256
  
  cd0fed0b2f7dd886deae0f349672a465fa91c68673c0c6ca7b98bc2734b68728
- SHA512
  
  8a357f36099507a6f48a53f8ba3aeb78f3546d9d0fff1229001a4d2b1b3699f946484d3b13a4d548e700c2c7ced7007c888502e4d058933a64509fdf27fbe0b6
- SSDEEP
  
  49152:ZP8j/XX1Er0sjGK6NkqG6steam6kr/g4QfQyoFANVLG/N53Pwaa2JRpsOa30:hmPF+56Natnm6k7g4QTgDvasRps1
Score

7^/10

discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/IS.dll
- Size
  
  94KB
- MD5
  
  c31b97adf54bdd6ac6d19ab85cc6bc57
- SHA1
  
  7e458577b1fe49885c21f38ba981f77b00bdd59b
- SHA256
  
  2e5af5577044835e7d1c526b1ef11dddbf660dbf265f3c8b533cbfcfd2a8b57a
- SHA512
  
  9178ba7bfd3851b9622ffa7f5981f43b4ca654e3f85113f7c91ebd2ce417c1acb718e73737838c61496a255cee1f5ad9873ea88bce78a0cfe67bd2cfb1e71790
- SSDEEP
  
  1536:040tQWYXj9hStyVl4d5VypW4s+qxcfAsWjcdcmeiFrNt:6SV5Ll4dLBZ+q8cmZFrNt
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/KillProcDLL.dll
- Size
  
  37KB
- MD5
  
  e0cba97d6c9203b638fe94402106091b
- SHA1
  
  ba331d35ea9a19e0f5d228c8a0b6152cdb4c5c6b
- SHA256
  
  fb3004f3e89257c0e13b9fe4b641e5ffccac45aca0a09d0d96146cbbadb55b62
- SHA512
  
  7c12ab9704b6a9887dc12f09c03505721f2ee26fed621ca8ddee27e366795d36f61a0b5b6204374d9a4e6faea3c7dc82a29abc1b9b8723c9549af4ab2d8cfd7e
- SSDEEP
  
  768:XzuIRePkNuMZmhBZYPdhZQqn2WEDFZjulJAsDo:qIVNUBW5wJkd
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/NET.dll
- Size
  
  92KB
- MD5
  
  a0770e9489444df7c0c1e5c8d4423834
- SHA1
  
  19dfa268fbb3fe07cde624308931792e7ecc6d72
- SHA256
  
  2e6676ae4d08193838b06b4decd97b767357fbae55f3cdeec72df418ad438fec
- SHA512
  
  97cd2a509ab976ace6fd0967b18bc7a816383d5eaa7af728135a3ac65d438ab276233103d171a2524efc883410320cf1a26036bebb694154a470f1da9a467adf
- SSDEEP
  
  1536:SGm1qiWG5m2ftSFh/st/smDk+g6cLFsWjcd9sRqt4EVK:SG1ipptSqe+gzq9Pt4EV
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  15KB
- MD5
  
  7caaf58a526da33c24cbe122e7839693
- SHA1
  
  7687112cb6593947226f8a8319d6e2d0cdef3b11
- SHA256
  
  19debdc4c0b6f5dc9582bda7a2c1146516f683e8d741190e6d4b81ad10b33f61
- SHA512
  
  aafd0cb2abb3d2dee95c2d037a6a1a5bff0518e3210ced0c39e6d6696e4fab4734df01476fe9dcb208f02c529cd03346bc8b7f3319ae49701bbf2cb453d59bae
- SSDEEP
  
  384:bLGI+uz/G3ZPRHncbDmMWj5aa3ZUFZJGEdnz4mP:XGUz/G3JYmMGaKZUXJGEdzX
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  bf712f32249029466fa86756f5546950
- SHA1
  
  75ac4dc4808ac148ddd78f6b89a51afbd4091c2e
- SHA256
  
  7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
- SHA512
  
  13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4
- SSDEEP
  
  192:0N2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Kx:rJoiO8V2upW7vQjS/
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/ividi_1.8.23.0.exe
- Size
  
  2.2MB
- MD5
  
  8c271a4f3d22bab31657afef6d391392
- SHA1
  
  73ca356b709eea6404ad8a997d4175894706430f
- SHA256
  
  afc3a56884a203c8351098f217383d7397ede85580e1ce6dd54ad59f327bed69
- SHA512
  
  cd433aae16749a0581761fed60d1758f80351d9a08219a256aae95711060f91a2189fbfbf7e5dd35202d8c1da92049c03357c505159c7b724c4896dd7a1cc832
- SSDEEP
  
  49152:wLDJBvX6dkcGTsi5JmjUg/a4ttMPhvJNCUGZJYkPhgVr9WT:E/6dbiHmjUOa4tqxu1
Score

7^/10

adware discovery spyware stealer upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral13 behavioral14
- Target
  
  $APPDATA/Unitech LLC/sqlite3.dll
- Size
  
  265KB
- MD5
  
  db4961bbb3c1cf487904b15ea5b5884b
- SHA1
  
  d1c23d22e93d3f9b268f99519d38d010ff99ea6c
- SHA256
  
  970ab5826883e15bd9ae33310dcfb00968a938eebbe7e8e1ba5c8b0c12cc5d12
- SHA512
  
  191e365500a824c1b31eca9f82caecdc227471d09c1343390a2879bd9642cad1a57fe812eb0ab3f20b24941da763a24a76f5a4b0791af5600d283eae7f6cae7d
- SSDEEP
  
  6144:XeuZevv40YGJbqYwOTfSED3HvE5+8jVAKZYOwr80B2:XEHGGJbXTaOX38jVX48
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/IEFunctions.dll
- Size
  
  7KB
- MD5
  
  46ee93cfce4dd2576579f45ad8c41b88
- SHA1
  
  f34a4eb6df68e521debda61e5af46aaf461bc3ce
- SHA256
  
  a8fbec39470467e43e3fbc48cceeaf11d5e2fe3b98c521ac71b5522e7b46a859
- SHA512
  
  a2eb8ed29a819ee821c749dd76c04c2f3a5284a0063d08c43c9eaeb6f68a7c9034b846cb3cca26608cfe28b5ddc07842ea70a6aeb9cb7c6c1b579c3d05e40a5b
- SSDEEP
  
  96:fCOzwoO5dacVRNoYVhawoXA8B2oKhYVhrigWV6PM7qCtQp82:fAVV/cwcAMnAqrlWV6P0dQpL
Score

1^/10
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/InetLoad.dll
- Size
  
  18KB
- MD5
  
  994669c5737b25c26642c94180e92fa2
- SHA1
  
  d8a1836914a446b0e06881ce1be8631554adafde
- SHA256
  
  bf01a1f272e0daf82df3407690b646e0ff6b2c562e36e47cf177eda71ccb6f6c
- SHA512
  
  d0ab7ca7f890ef9e59015c33e6b400a0a4d1ce0d24599537e09e845f4b953e3ecd44bf3e3cbe584f57c2948743e689ed67d2d40e6caf923bd630886e89c38563
- SSDEEP
  
  384:nUOPTbiJmdztwwKq8W1cyMjPzV0Ac9k+LMkIX1+Gn+XHdjf:nTikliwKq8W1rMjPzz+f
Score

3^/10
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/Processes.dll
- Size
  
  56KB
- MD5
  
  cc0bd4f5a79107633084471dbd4af796
- SHA1
  
  09dfcf182b1493161dec8044a5234c35ee24c43a
- SHA256
  
  3b5388e13dab53d53e08791f492ed7d3094a0cee51e9841af83ce02534e0621c
- SHA512
  
  67ba90ec04366e07d0922ffb4dbbb4f12f90b6785b87700adaae29327db9ec2a03d750b229f858db0594f439499d6346fbf1ebc17c77162bf8da027515219ee3
- SSDEEP
  
  768:WmswCIbuzwEmd7Fp4KpDAKngV9tV3rJy63JgaVwoz7si4uYqUYWu1gYwmj552RFB:WmswCIbuzwEy7n3YD3Jgw7shKrp55io
Score

3^/10
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/Time.dll
- Size
  
  10KB
- MD5
  
  38977533750fe69979b2c2ac801f96e6
- SHA1
  
  74643c30cda909e649722ed0c7f267903558e92a
- SHA256
  
  b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35
- SHA512
  
  e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53
- SSDEEP
  
  192:oNcwTweFbs9t2n2Sgiga65/aHdaGZavaJIYX4Hw2:oNcwBFg22SEw47CPU
Score

3^/10
behavioral25 behavioral26
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  7579ade7ae1747a31960a228ce02e666
- SHA1
  
  8ec8571a296737e819dcf86353a43fcf8ec63351
- SHA256
  
  564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5
- SHA512
  
  a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b
Score

3^/10
behavioral27 behavioral28
- Target
  
  $PLUGINSDIR/chrmPref.dll
- Size
  
  208KB
- MD5
  
  b2bff24dcb4606c6c8474f979bfb4858
- SHA1
  
  5671b867df8ce726d1075909cd40f3934d680da6
- SHA256
  
  82d89574b1019c60d6bcf97318b36f8e4bb535bb68334c68253b6306d9dbe4af
- SHA512
  
  e7187607c909a9416ede056c10e83d4a0b8f8bb33a8653009630d5f36f80c8be145658d1c2d9df3ede48ce1e9bdf20d192dff45ebe0c6fdc50f241e81df4c874
- SSDEEP
  
  3072:R09yocgUKjfjp0CF45n1FAFbqz2Yoz+wThF4hW0OJ5XR+LbA1p5oonej12lS:R0MpgUWfFg4Fbc+ThihW55XiA1bW
Score

3^/10
behavioral29 behavioral30
- Target
  
  $PLUGINSDIR/mt.dll
- Size
  
  7KB
- MD5
  
  4fae8b7d6c73ca9e5fc4fe8d96c14583
- SHA1
  
  10865e388f36174297ec4ecdafd6265b331bfdcd
- SHA256
  
  069db1a83371dcd2dd28a51def6cef190edcac6bbf35b81b7ee3c52105db210f
- SHA512
  
  73a5547c6d83227a08e2427f2e5eb6abf429d4b5b7e146fcd59b9fb8c9cc6eb9ff61347a3d46f83d0c7adbaff15e94e70bf40660c217f48e9a46a6e310aaf6b1
- SSDEEP
  
  96:Q934+YOERFWe2B1ZVtKW5A8V6dIUTY02J6qCtX:24FdL8vN5AHdIUTRw6dX
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

ACProtect 1.3x - 1.4x DLL software

Loads dropped DLL

UPX packed file

Checks installed software on the system

ACProtect 1.3x - 1.4x DLL software

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

UPX packed file

Checks installed software on the system

Drops Chrome extension

Installs/modifies Browser Helper Object

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32