fe22e0a3594bff1aaa8daa3d102e840bde89ea342a3e16dfb1ee298f08e5696f

Sharing

Copy URL

Twitter E-mail

General

Target

201037d0abd9a98db87dd8c16abcd32c_JaffaCakes118
Size

551KB
Sample

240507-klhe5sgh5s
MD5

201037d0abd9a98db87dd8c16abcd32c
SHA1

8fa5f6119b1b9da114f85e27a0df046ed64dfd7c
SHA256

fe22e0a3594bff1aaa8daa3d102e840bde89ea342a3e16dfb1ee298f08e5696f
SHA512

7595f30e20dd8058ce12ed17283aa9915a49c6e07624e257283011a985975850510d12ac55e5150268cf7da13eb16742cc7bf737b91aba63ccbefe5bc514056c
SSDEEP

12288:et9r8hcmTtcNqOQ/3AjTr7vHSujL6Tc8VpSriup858QjJgE85:uZfmJcN0/3YrziThSrHp8KQVgE0

Score

7^/10

Malware Config

Targets

- Target
  
  201037d0abd9a98db87dd8c16abcd32c_JaffaCakes118
- Size
  
  551KB
- MD5
  
  201037d0abd9a98db87dd8c16abcd32c
- SHA1
  
  8fa5f6119b1b9da114f85e27a0df046ed64dfd7c
- SHA256
  
  fe22e0a3594bff1aaa8daa3d102e840bde89ea342a3e16dfb1ee298f08e5696f
- SHA512
  
  7595f30e20dd8058ce12ed17283aa9915a49c6e07624e257283011a985975850510d12ac55e5150268cf7da13eb16742cc7bf737b91aba63ccbefe5bc514056c
- SSDEEP
  
  12288:et9r8hcmTtcNqOQ/3AjTr7vHSujL6Tc8VpSriup858QjJgE85:uZfmJcN0/3YrziThSrHp8KQVgE0
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $1/TablacusInstallerStuff.exe
- Size
  
  96KB
- MD5
  
  e4857bb275db012cca00c9f2e56dade6
- SHA1
  
  c9e3c8de1e38b18d05d9892a59efff93e470b18c
- SHA256
  
  b64cb265fec70f58a3826118390b28399d3d6a62aeb3d8a85ae4633e4c0e1cb4
- SHA512
  
  aebfd399b55dbd27218514bf3d5daf73deca0083746e1d880f5b586faeb0d6945665ddb1ff49a98fb3f3c610f290b6ec973e30d312bdc2720122aaf5205dcb86
- SSDEEP
  
  1536:7AekLvzFkO2EB/pW/12mXnbcympZ2NKzLsiGeJQbsWlcd68uYWrAmHW:7AhLh/Ud2mXnbcZpowbJR6xYWrAm2
Score

1^/10
behavioral3 behavioral4
- Target
  
  $3/$APPDATA/TablacusApp/uninstaller.exe
- Size
  
  39KB
- MD5
  
  b0462ccb1a0a065caa4e0fe79cde336a
- SHA1
  
  38fac4faa072f0b1acb3159328c9c0685721226e
- SHA256
  
  79681af3c6d910b5e4239f498d183a8da375156dc2b77ad8b930582e152c4a10
- SHA512
  
  3cae3132b2ea5b364091d48cafe952812d8f68aba572661b0c1465579f4b09cf5d74bce4e51ce651b60994caf567c83e72b14fa26a81fa510ce31138d52a3f37
- SSDEEP
  
  768:2JKOdm9o29rJYypQJ2JQJXJuKU+duC1ZHQ0D3LHSGiVNuCJRnTb6z:iTdm9B9lYypfMXvugHQ0DbLiNuEb6z
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  4KB
- MD5
  
  f0438a894f3a7e01a4aae8d1b5dd0289
- SHA1
  
  b058e3fcfb7b550041da16bf10d8837024c38bf6
- SHA256
  
  30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
- SHA512
  
  f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7
- SSDEEP
  
  48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  4KB
- MD5
  
  f0438a894f3a7e01a4aae8d1b5dd0289
- SHA1
  
  b058e3fcfb7b550041da16bf10d8837024c38bf6
- SHA256
  
  30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
- SHA512
  
  f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7
- SSDEEP
  
  48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj
Score

3^/10
behavioral10 behavioral9
- Target
  
  $R1/Tablacus.exe
- Size
  
  347KB
- MD5
  
  090cacc2a455fd516e56199761c26d96
- SHA1
  
  055bcf7abb7fd5332dd9b33784ae380370a528c1
- SHA256
  
  cc7001a8c2a49a448f99a7b1740bfc7a6e8447fbc061e4856cdb35c5b73b0ee8
- SHA512
  
  4f8fe8d40a9baf2cb9084cf5767d646fa03db0486eb9a4de5e2b0596e010f95feaea96b4c005d0f0d7f49059b9276c3f83b6eb597f99ac71e26768324ae850c0
- SSDEEP
  
  6144:mL92eofr1VBMUmNE2szMZb+6sNeM7cL3BH8Cmu5lEH4+KZIeJvZvvZ:mL92eofr1EUmNO6+neM7cFcdu5ly4jDR
Score

4^/10
behavioral11 behavioral12
- Target
  
  $R1/TablacusApp.exe
- Size
  
  218KB
- MD5
  
  20ad237a9b92f1cd7640e9d461ac8bc4
- SHA1
  
  49114acedfa7be6429ebd0da5b5c1311a966e822
- SHA256
  
  044f03a47a95aab679f55a5bd9d323ce5cafb2ee6346d144831292e25247bb32
- SHA512
  
  a9fae0ccddbca9346fd78fe0f0de8455d1587dd4479b26ce26acffad76be1a0955b907b83a2cad9b56e1ecb73efd908e6698976d43b908b1f58b8eab02d5909b
- SSDEEP
  
  3072:JcQ2az64xmGkBcYDXyuci31hRcg2J/RKgNgbKLimkGwpW4/u6uBbEBEP+FJsQjA:SQvxmRvbcrJsGgbKfLwM4Grgq2Fiv
Score

1^/10
behavioral13 behavioral14
- Target
  
  $R1/script/background.js
- Size
  
  1KB
- MD5
  
  5de308df677dc1796e504d815f163931
- SHA1
  
  632289cba3f2e420594f452ce82e59accca71e17
- SHA256
  
  66526024fd934aefedf938e18a32aba15d964f2c9ff266d2bf495de6b7c8b887
- SHA512
  
  31c88570506c48af26b467b04fed1e5e65cb4f92278176a78577b180b02b9c41323e0dc6ee907ed3b253c26d553cf333b63bee0a4a9e20afd3c7d04e28c13731
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  $R1/script/common.js
- Size
  
  88KB
- MD5
  
  257375f0eec0c8b964c9eb75e2279470
- SHA1
  
  8e7b485203cc62fb4d8e439ea2a3e00d6a098542
- SHA256
  
  78e1fbcdf67495c72ca943c75fe38ef61b1c45ed49115bfd46026fdbe0b002dd
- SHA512
  
  abc1acf02e5bf1209b278bd65e647540b7d9a30a1a52ce78651c5d2dc39f77c247e3171672c26979f2cb64346424fa3eab25e30a092386a066baf58f76eb1c1d
- SSDEEP
  
  1536:qgne9084nkn7p42YpQMwCnEU/KeyGEaVtbqbyTeRtfkImBLOLJBo0OkWLyhVBJLC:qhNC82PbqbyTK+LW4kLyGwIi
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  $R1/script/consts.js
- Size
  
  55KB
- MD5
  
  18bfa5281a2dd4a2cb35fbf924702898
- SHA1
  
  dd6faadceaca2d1e22548fcff96d49e60295b6a8
- SHA256
  
  1631247933478916abbe4a6bc1e1432d04a7f4d3e159c1566e69ec872d0f11c7
- SHA512
  
  8ae7a445fe2e601fedb4cf246fca4e22bccee5aa48d801437e095b81529f35af8b8955580796786866d751cf2b8fda3e494bc0d1d18f000c6e3374f6434766b9
- SSDEEP
  
  768:l0ivNHI18/CF8wVg0hIL/QupMEerjC4xPmtDV:aiSCwO7TyVrjC4xPS
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  $R1/script/dialog.html
- Size
  
  1KB
- MD5
  
  d800fdd62461179fd537c8c4669dd5e8
- SHA1
  
  d44bcee9d9e63d50e8ed42be2ce1a3964870a5aa
- SHA256
  
  4af54a319e8be177e2d48f4effcce3ca98c3bc564e3f46b4b7e14471fdfba1c9
- SHA512
  
  e0670d9dee7e15520085d269224a4188f09fe753bf3041a9c1f0246771b1928c4fc644e17633a2e08fa02e4064518945afaaa6bdc098ee41288dda42854f5083
Score

1^/10
behavioral21 behavioral22
- Target
  
  $R1/script/index.html
- Size
  
  4KB
- MD5
  
  6f44e35e505abf551740619a53bd6034
- SHA1
  
  97a24684f8672ff92bae90da19473a557873e2bc
- SHA256
  
  cd99cbcc87c55ead5a5f6b419fb75c99e20a136f3cb2c4ecfd531c0ceb66810b
- SHA512
  
  db991364462289d4ec196e3bb7ab7e9fc717796ea7664b6467b85e1e7d8cea8f94e9fc25809f757330b4909fd4711ed996fca7e814a8206b97741efd7ee82c02
- SSDEEP
  
  48:pEJtNzTZcKxpKtoobr3NYWwSLDEa3ol54s:6VcY4oIdnivH
Score

1^/10
behavioral23 behavioral24
- Target
  
  $R1/script/index.js
- Size
  
  85KB
- MD5
  
  1eb9c1ad02dd42e433f950160dbceaab
- SHA1
  
  f37bba095108056895444d9c7058ca3c3b50591f
- SHA256
  
  6eb27a55957dcbeb1b3440f9cb004268c21dbe56493ef4222eedb7e975f43cb6
- SHA512
  
  79474e515c5bcc59c09023217a5350d9c6c2a40f2414cf280f70aec84a156686e70898f40bb2c260f5927cb26e79bcf224d2e617f06442615d5a6f6898ccadb7
- SSDEEP
  
  1536:jNfFm4eWHfI7h3Ip7kZF6Cjz7rgAMkfXIjtbJSZ:nmUzknHXCu
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  $R1/script/location.html
- Size
  
  16KB
- MD5
  
  427ec659eedeb7cfce01a01eb7538c5c
- SHA1
  
  84ae225f6b5703f0c6ade09079f2c90bcd7f888d
- SHA256
  
  15234b2b8b11dae32c5bb3690daea94e77f2df9c12d5836cae7db8de211bd91b
- SHA512
  
  3b3ab172ddce2ec434a92961ace48dac949ae1d975fcde39fc750da3c7df3c4ca1cd1bfd70f43f2a82568b30328c72f05a75d8046c2f1cba21f296bafcedbfe5
- SSDEEP
  
  96:/28XzXAXZXyXALX1LXFXTX2XfFgLAi9QO5Ah2pvAJf/035y37okwWUK9yrv+1DhZ:IpOri9Qjh2pSf8E7o1PK9yaJe8OL6
Score

1^/10
behavioral27 behavioral28
- Target
  
  $R1/script/options.html
- Size
  
  40KB
- MD5
  
  8edc585907d23736b1e26fc98e594ed3
- SHA1
  
  5e7b30d1e1a7ed1f1c70534dba260eb9828a4292
- SHA256
  
  3c0eee433877c0653bebe24c64cf463839b59598c639a60f602e5f4490c21171
- SHA512
  
  3c8fb6d2d0690263442490a6f7aa782a5dc0f93ddf983c383d1ea0ba8199882bd7654ab4e8e8d49adb30cb5a2e1144f5b606e0fad7d789bcf5a751cb94e37ac7
- SSDEEP
  
  384:5FfEewwN2b9hnZ+XqLwoVnDpn4LfU0oI/V2X2wrX2+5X2zdX29sX2mxX2VtTSXN8:5yhhIqUoV+eVwmOJ+
Score

1^/10
behavioral29 behavioral30
- Target
  
  $R1/script/options.js
- Size
  
  63KB
- MD5
  
  7ed4cef0e4ea71f3557b801fc3f12bb1
- SHA1
  
  e86de2089538bfd381f346cc215be24b911eec94
- SHA256
  
  185d5333723e82029947b64d4691ca1ef8077f47c7f74900f701914a45e08f56
- SHA512
  
  1eca72257c59412a9ab218313af408dc0048001545c6763025166922f203b3bce1911ea2b1ba8f2b665c258c33a250014cc7703f7f0aa959f29a32a43b6a2c63
- SSDEEP
  
  1536:1EOqI9VotzZ9OxUXOv0nYT9r05ab5EHsZZKu3dXSpt1h04N+3HOE6l:1EOqI9VizZ9w05abDZSB+3uf
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32