04a484c01214c519221232364f1b99e4aff0761a6fe9c2cfcbf0c84a246a1689

Sharing

Copy URL

Twitter E-mail

General

Target

1bc877ccdae6e341b8a3ef1e3507be67_JaffaCakes118
Size

2.3MB
Sample

240506-k65feaad75
MD5

1bc877ccdae6e341b8a3ef1e3507be67
SHA1

1ed2c9ee14e3a4192bba9e4d0fe29524108cd23f
SHA256

04a484c01214c519221232364f1b99e4aff0761a6fe9c2cfcbf0c84a246a1689
SHA512

d4a91366ea7a12a1dab839db45a33ebad96324a3c1dccb2b2bd6e6115c9dd5888d44637aae675c64600b73aff30683dac1acd00a16b3da333943b7337c75e97c
SSDEEP

49152:537DPQNxWCWMpiwy1rA91zjbb7aaM429BNgFH2LM:53nPQnW4tyS1zjn7aaM4CrgcLM

Score

7^/10

Malware Config

Targets

- Target
  
  1bc877ccdae6e341b8a3ef1e3507be67_JaffaCakes118
- Size
  
  2.3MB
- MD5
  
  1bc877ccdae6e341b8a3ef1e3507be67
- SHA1
  
  1ed2c9ee14e3a4192bba9e4d0fe29524108cd23f
- SHA256
  
  04a484c01214c519221232364f1b99e4aff0761a6fe9c2cfcbf0c84a246a1689
- SHA512
  
  d4a91366ea7a12a1dab839db45a33ebad96324a3c1dccb2b2bd6e6115c9dd5888d44637aae675c64600b73aff30683dac1acd00a16b3da333943b7337c75e97c
- SSDEEP
  
  49152:537DPQNxWCWMpiwy1rA91zjbb7aaM429BNgFH2LM:53nPQnW4tyS1zjn7aaM4CrgcLM
Score

7^/10

adware discovery persistence spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2
- Target
  
  background.html
- Size
  
  325B
- MD5
  
  d050b00c97d6287da7c1605c010b6b86
- SHA1
  
  1e9a3109b1505cd2ebfaf0d4f00cdbdf342b01f5
- SHA256
  
  2cffe15d6ffd8a4bdbfba8bcdda1e911660b62d795048bcd6c66004e9640d65c
- SHA512
  
  feb6213e6a3e027e8a8cc15d6bcfa963098bd78bea1e251d6ee32ca89f642c4e967cfbf7d69adb70549c1b00b164a74b9707e63d79c43623bb32ef5099e8bddf
Score

1^/10
behavioral3 behavioral4
- Target
  
  ci.bg.pack.js
- Size
  
  8KB
- MD5
  
  04a299b2da7d024a35e9dbea1e382d88
- SHA1
  
  35cbb5a7a0eeaa40dd611060756870b98cf8ed05
- SHA256
  
  25eadfbb5612cb37faac27933bf655f285e37bd34b942017f073586695f1eec7
- SHA512
  
  fc63222b5485e079b807218828ca50387fa64a46cf510c0919b001eb0a545130baa7b8b7d29d794a5adc0e50eec0f6d0278bda9753b0442c666fc20543b5a941
- SSDEEP
  
  192:X63BZ08WUBeQCgocHt7fuH0t+0vT4ZtSo3Bq7skLWZJ2k7Ng3T/:q3B28RHt7fuHL0vUZIo3Bq7skLWZJ2k6
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  ci.browser.helper.js
- Size
  
  342B
- MD5
  
  a6ed515dafa0695ec87e6d621fa8ec8a
- SHA1
  
  b46ec48830a11976e1da008dbaefc1a3ac5c9cfa
- SHA256
  
  0551edbd3a8c54a9cb86b91c0ef801a3062f8cb135927b29da6911010ad8862b
- SHA512
  
  c8b7c5b93d2cb7ba39e81efa7fa16774a75e47ed96ede604863a4d3e45a4e24ef5f1b4febabac3d2ea6ed24c2d49d05852d837679b0b835aa1cf8b79c362a80d
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  ci.content.pack.js
- Size
  
  2KB
- MD5
  
  5e491154cbefed8685afd82e4a6b2ed4
- SHA1
  
  395cf450f2ff3fea0110ff7cd63500a0bb1edf29
- SHA256
  
  c8b325486bd472a6890c9f0cc6cbc111df20f442442af51c1eff3286da211e2f
- SHA512
  
  24fed845ced3be38622950c82913a2808c6780a94675d8f33027273637fe4d80da992de45950f46b8a762ccac433925eaf077eeb2d080c113f51261982e4243b
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  content.js
- Size
  
  66B
- MD5
  
  024b82ece28f3870f3c7f6debf8f0cd5
- SHA1
  
  c48cb5732ebc2249e7fc4125fcde89bde18f1939
- SHA256
  
  723edadf07e76deef6be6e2d4edadd5da5d716f73eee4a0a12cd1caa4d95a512
- SHA512
  
  df46d769b1ba9afaa896ee7d65fb5af668589b1c6504c85392614cb6657443c53afc36b44e46a61a38b3c614b4d59a0bd029f3ca6437c29b4cc289200b0f7cdd
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  jquery-1.9.1.min.js
- Size
  
  90KB
- MD5
  
  397754ba49e9e0cf4e7c190da78dda05
- SHA1
  
  ae49e56999d82802727455f0ba83b63acd90a22b
- SHA256
  
  c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
- SHA512
  
  8c64754f77507ab2c24a6fc818419b9dd3f0ceccc9065290e41afdbee0743f0da2cb13b2fbb00afa525c082f1e697cb3ffd76ef9b902cb81d7c41ca1c641dffb
- SSDEEP
  
  1536:dnu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rbaN1RUx:ddkWgoBhcZRQgmW42qe
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  jquery.uuid.js
- Size
  
  454B
- MD5
  
  5cc17595bde76df6f193381785901b79
- SHA1
  
  7cef44ac25abd17e63410dc94bae0f7bad85c435
- SHA256
  
  2b24135a3ee8e04aacae0ddd0b4735da1f551f88c0e03c9a7eba067840c38755
- SHA512
  
  145edaf2d16ca26394416d93c61b0a1da555556f60f0ee266f66f3bec1596c8368a9600998030ecfede1c51ff3e44e7abc8622f2963479872b78adb08f96bced
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  mz/background.js
- Size
  
  2KB
- MD5
  
  e0fd2443c49fa0c5f2a0a55e6dd2d552
- SHA1
  
  8254aa2b70c1ed0a8c6ef77d3b9791c2a3bf9cb7
- SHA256
  
  de507a9a3bd6ccb74eae7e1d489eb5013c463a8c2dc7e04544e1b2f4a996ba67
- SHA512
  
  4dca2c945ec0a8f604a02d459b48579e6d58ead3395c93e23fbc1ec2702b1bb6f4c3561ac727f2ddbbca9a4e35f47d9a7c0147637f8de5f5cfdd57490d15c609
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  mz/content.js
- Size
  
  1KB
- MD5
  
  428a2d28a31908538f6b433d9150bd7e
- SHA1
  
  de9398a23f158a64cc1031eaef2e4e21ad040e72
- SHA256
  
  f940c80a50a86e85ed80b71ab9999ef60d271047bbb2f265bc3b37b80ca0cd07
- SHA512
  
  f55f53df0f91fce40b36fc0757144b2f4fa22d26d65720bb6a9e31ec541e813bc17170feecc61435621b117cb97228812f02e2751bcad4006c2ae4551e1d25e3
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  popup.js
- Size
  
  66B
- MD5
  
  72b6ae892f1252bbfda3a039a316aa88
- SHA1
  
  ec418db8da7413e24e17beeee58d8969fca77e45
- SHA256
  
  fcfcc47f8cfe687ebd6422500452ad38f3cfc2256b6de0de602984a1e7419cf6
- SHA512
  
  27c53ce01eecd50ba3195faa7e81afcbfd3e9804da9ab142fccf73dc5d6034826e6a2cffa8ee57fca297e0a4a3954989733765102baad4848985738d9152cc9b
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  $APPDATA/SpecialSavings/chrome_install.exe
- Size
  
  1.1MB
- MD5
  
  0a1dc567bd6b241e4fa7ef27f1eba05a
- SHA1
  
  7a5d74e35d161da9c1cda5e062007a96af28bd62
- SHA256
  
  0a7691f82e885a2ecca874524da7e605de3a183a153b578c5e936236432b8dc8
- SHA512
  
  bab6fa82b167add04fb1f2b2700c87daa9aa0f24269d99eb7996c95f9a040c7c436464d90ca24bd18889be6d884fc4a1dedf16f2784b626731129d3e784394ae
- SSDEEP
  
  24576:aZafNe7BcxzXbfymiOpxtLCwnkIeFOsUWQjRQ7BnZbRao5TWak:DfNeuxzXbfvbEGTbrWQjRgbRao5Tnk
Score

1^/10
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/nsisunz.dll
- Size
  
  88KB
- MD5
  
  bd97d86d8bd07ebdc8ec662a3f31dfd5
- SHA1
  
  5e2b3a1af5ee53ab6d1d6c2cb8127add39ee7e82
- SHA256
  
  c31b590cba443de87f0f4a81712f0883ac3b506f3868759d918d9a81f84ea922
- SHA512
  
  4575d1ea0d1b2f74df74cad94eae7fdf31c513e5dc6d945e81e0873b99f94a5d81b1c385c71ab79a19e5bb6c00fc5fffec7a3bbfd60ad7de312cbb53d8bcce9a
- SSDEEP
  
  1536:uPmnCuZs9reYWvAHvXhxQdJeY3tMCo9NTJwd6aimHr5jr5T51NT:uPmnCuZs9KoPX6rA9Nl2Rrt51h
Score

3^/10
behavioral25 behavioral26
- Target
  
  chrome/content/background.html
- Size
  
  118B
- MD5
  
  01129decafb3b274f13331448125b482
- SHA1
  
  239bada95abb067b680d079c54b59d22d89cfd90
- SHA256
  
  373fafb49216bd341a8517e9836364001240323410a109933eba77c158b4eff3
- SHA512
  
  5b62d19cafd15fe814ff6036debeb43986a16235da77029cd4ab6027651ef608f1715905783e9b4395cd7c8a4588da71652a696ee5b6aaea6895df478598d314
Score

1^/10
behavioral27 behavioral28
- Target
  
  chrome/content/config.js
- Size
  
  242B
- MD5
  
  59d75c145b2644b425d91e6d359f90fd
- SHA1
  
  5a8b7068791979aa1f98c52203294b852ee5ec33
- SHA256
  
  1e3ddf4b15635b00dc85923250b61a8144d905b6f3083799c2c1e66b2983f069
- SHA512
  
  516ec5b7859f066d77856c67e15cc80f225f017fcf6f9ecaf158bd046b6bbed3832e18a44cce0abc016c4e032aeaeee6475b2dd4c6b5d633e05412f3fc85231d
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  chrome/content/content.js
- Size
  
  66B
- MD5
  
  024b82ece28f3870f3c7f6debf8f0cd5
- SHA1
  
  c48cb5732ebc2249e7fc4125fcde89bde18f1939
- SHA256
  
  723edadf07e76deef6be6e2d4edadd5da5d716f73eee4a0a12cd1caa4d95a512
- SHA512
  
  df46d769b1ba9afaa896ee7d65fb5af668589b1c6504c85392614cb6657443c53afc36b44e46a61a38b3c614b4d59a0bd029f3ca6437c29b4cc289200b0f7cdd
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Registers COM server for autorun

Checks installed software on the system

Drops Chrome extension

Installs/modifies Browser Helper Object

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32