c37ac379f7614de0382c60dee8470067c15397a0679cff1f6e4b7f6b40f029b6

Sharing

Copy URL

Twitter E-mail

General

Target

35e10c53232112b1193880e5b3ef36bc_JaffaCakes118
Size

25.5MB
Sample

240511-wqxamsdd66
MD5

35e10c53232112b1193880e5b3ef36bc
SHA1

d31c06051210c825c394da2842031b845f94f609
SHA256

c37ac379f7614de0382c60dee8470067c15397a0679cff1f6e4b7f6b40f029b6
SHA512

864e3dfb840b3ea9ff3c0478d97da3b7e98b587fdc75252d561f009b0e121491855624b7e46de736dba8f1ac02c56cf610d84d614f83407557a4b71538a54319
SSDEEP

393216:gg+IWYDv9FYF3+x/h/13Bs+VYVY03ssoV+/Z/Zs+dEJxiTP/bciziKTDxb/rKXIE:H+7F3M/9Njf2tdEmUizB/rKYSoorz

Score

7^/10

upx

Malware Config

Targets

- Target
  
  35e10c53232112b1193880e5b3ef36bc_JaffaCakes118
- Size
  
  25.5MB
- MD5
  
  35e10c53232112b1193880e5b3ef36bc
- SHA1
  
  d31c06051210c825c394da2842031b845f94f609
- SHA256
  
  c37ac379f7614de0382c60dee8470067c15397a0679cff1f6e4b7f6b40f029b6
- SHA512
  
  864e3dfb840b3ea9ff3c0478d97da3b7e98b587fdc75252d561f009b0e121491855624b7e46de736dba8f1ac02c56cf610d84d614f83407557a4b71538a54319
- SSDEEP
  
  393216:gg+IWYDv9FYF3+x/h/13Bs+VYVY03ssoV+/Z/Zs+dEJxiTP/bciziKTDxb/rKXIE:H+7F3M/9Njf2tdEmUizB/rKYSoorz
Score

7^/10

upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $(LSTR_76).exe
- Size
  
  12.7MB
- MD5
  
  2d73627f749ae3deed81002bc9c1219c
- SHA1
  
  cad7735a7356be93704ad92a1b909c132810090b
- SHA256
  
  25f9c485d17e1666e959c4d98cd29fc9cf833fe163ab80537a411ce5973938dc
- SHA512
  
  be174fa33322ebde4405287ac9ed80b376cd5b1654fbe6f6473623922d2fdda264992d5a64b9a9a6faff811611291285bafa101a18a181741b495d9c3f865caa
- SSDEEP
  
  98304:DjiNb9NQk8//YB9tDDD8888xBKKiiqqqqnnT0bUDcuT3eXHV9LsI47uxCKYtLUG+:DbcYhRok0EHEYqgeXST
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/Dialer.dll
- Size
  
  3KB
- MD5
  
  cfe0ac822ed2c3598de87fe3931c92a0
- SHA1
  
  0c603bdf81abe835621f29acd5ab2a67e670e762
- SHA256
  
  df2f6d3c9de979dbde3aa3cf0633fc8cd3215cfba5b5fc02f94338ac16cc2cac
- SHA512
  
  cacbe97b03cd2037fe28ae928b292a1558fc88ac2dc0a27e859efb413529e47f099b429e41202151f4f52fabf33c67911472edbf41132df1a7e6d1f0eac03b3f
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/INetC.dll
- Size
  
  25KB
- MD5
  
  bcf627d0db38c8e772e292b509a625de
- SHA1
  
  8ee208ff94930571b176ef92dba1c5ef5dd9c415
- SHA256
  
  6bccf372e490c49a3850e4f326c6a988e08991bbfe6e89b9c35d3efe29d304c4
- SHA512
  
  234c83b48e2f6e650a955cadcb227345f38392fc05101d21611c576307595a99e2e357be7ab6dc7d6d0a0deef501bc29dbca12907821cae9d9e2c8f17e21f7c1
- SSDEEP
  
  384:XH7Nzpqwkh7R0EOrHn/ZeQaWbJQ2+r9e9dVpyeWZwcAyHEazjJ:Pi0EOT/5aWbJLSAvVpyd3J
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/ShellLink.dll
- Size
  
  4KB
- MD5
  
  d62d3e349689811f838dd10fb216eba1
- SHA1
  
  edcafd517860cb6b4bd299e20b17ad74a6fa2a5d
- SHA256
  
  5d103419245e2a5f124a96cace25d6836b2398edc0aa3919829b0fd6ad8b5d6a
- SHA512
  
  fc7d5826cb9f85068ea702f007920bf7ae63758d13c48761e83cc9e8ac06b231f40e17a9f3340d60d874ad2cf6e0991eb98a52cf893ab785489e0cdbbf294f88
- SSDEEP
  
  96:fQW7e3a0JF5jdrORE6C4tb+X+bzYz3Cl6nfkfLGpRO:4687JQCdiaR
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  a4dd044bcd94e9b3370ccf095b31f896
- SHA1
  
  17c78201323ab2095bc53184aa8267c9187d5173
- SHA256
  
  2e226715419a5882e2e14278940ee8ef0aa648a3ef7af5b3dc252674111962bc
- SHA512
  
  87335a43b9ca13e1300c7c23e702e87c669e2bcf4f6065f0c684fc53165e9c1f091cc4d79a3eca3910f0518d3b647120ac0be1a68eaade2e75eaa64adfc92c5a
- SSDEEP
  
  192:em24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlESl:m8QIl975eXqlWBrz7YLOlE
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  b98f45a83c1d09132e1e4ada1387a6f8
- SHA1
  
  9f0a343ec5060b269d36fe1045cff14185f15d1b
- SHA256
  
  23661a4b1f3d6744fcdd1b2379e5e602e6cf6bd5950b2d19b844527b2f626e99
- SHA512
  
  cb446acd93c4dd79e81b920075a7055140b27d3e83b43ad899736a0d37e709974b27c5340a4b864e3b41714523dd4daee07b506a2c40b36f9b9d05fdd5cc2612
Score

3^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/ad.html
- Size
  
  191B
- MD5
  
  8464f87975aa647c253e5403534f228f
- SHA1
  
  0a1d2571a454b76ff43ade320631853650ba448d
- SHA256
  
  85af9fb1cd755893365f5b0eb6fdb37533084dd8fea0245a12a83a4c1fa69540
- SHA512
  
  d3a38b949eb81fa35fd7d3b9af65093fc70c53348d7f472bc2bb6a2af3fb9d0a45604965e06c13d365b82838f85d24bfd7bd5ced6832bd3b9572a2adf7845a4d
Score

1^/10
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/advsplash.dll
- Size
  
  6KB
- MD5
  
  505c7c214c17ac801f5930abc57d38c3
- SHA1
  
  e9a17ed8182f92bf86babbd7ba8dd8770e8ff47e
- SHA256
  
  999ebf5ef6bf51828193deaf7697e6d22419e437c65e603bffa0bb2acc7f40c8
- SHA512
  
  30686f361db9d81c95912700af530529d4d89bf6b514a63ab5db6b20efc443b87aef44b598e45d33adee448ec1b6573ca035a1d20e11c78ea8253f1ecf5ebf38
- SSDEEP
  
  96:oIUNaXnnXyEIPtXvZhr5RwiULuxDtJy+wolpE:oIx3XyEwXvZh1RwnLUDtU+I
Score

3^/10
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  0d45588070cf728359055f776af16ec4
- SHA1
  
  c4375ceb2883dee74632e81addbfa4e8b0c6d84a
- SHA256
  
  067c77d51df034b4a614f83803140fbf4cd2f8684b88ea8c8acdf163edad085a
- SHA512
  
  751ebf4c43f100b41f799d0fbf8db118ea8751df029c1f4c4b0daeb0fef200ddf2e41c1c9c55c2dc94f2c841cf6acb7df355e98a2e5877a7797f0f1d41a7e415
- SSDEEP
  
  192:ob8cSzvTyl4tgi8pPjQM0PuAg0YNyhIFtSP:mBSzm+t18pZ0WAg0RhIFg
Score

3^/10
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/nsJSON.dll
- Size
  
  18KB
- MD5
  
  e89c7cd9336d61bb500ac3e581601878
- SHA1
  
  45b2563daa00ba1b747615c23c38ef04b95c5674
- SHA256
  
  431fc2ed27d0b7a1ce80de07989595effcc3ffb1dea1af6c0e178b53f6bd2f1e
- SHA512
  
  09485a354ac4ace6084cb6fcbd92eee8488074763c8443638f78e655e45e8aa0fe40a45d4ce0dff116ed3a4bb7bc4d7d845a6ccf0e0bf35533ce81626a8db06f
- SSDEEP
  
  384:u1ju3wCtynlKEJAIl0CU4BNe0i5wsVEABy/7tpnYmdnDQVJlN/BmqIw4n:t3wCtynHJAIl0CU4K7yAB8tpVdDQJNI0
Score

3^/10
behavioral21 behavioral22
- Target
  
  $TEMP/NSISPromotionEx.dll
- Size
  
  1.8MB
- MD5
  
  9e76a9d52f45845280024561eb0583d2
- SHA1
  
  89a92563bfcb784ce0a17b3ba02e336f59dfb6b8
- SHA256
  
  c10670e98eda82fe0984a02c88949ac1be96ca466d6d424a77ea5b67118e8d4d
- SHA512
  
  9dab31a7dd32c01ca6d6ae38f38cfe8aa84a338b3cd4d540e308e246ec09f390a00bfc698a0b739951df66356a74de925b7e2c9be22c0e06ad2dd1b891451715
- SSDEEP
  
  24576:YnLxB35LZ4nY2BNc3oXrgJnNZdC/eTPakySNerBOS7bCWlti66p:cLxph+hC3JHOeTPakyfkS7bHlti9p
Score

3^/10
behavioral23 behavioral24
- Target
  
  $TEMP/NSISTrigger.dll
- Size
  
  97KB
- MD5
  
  4a8178519a84a5aefd06c9c720360c69
- SHA1
  
  d3598a9dee27879889b7ba3f3abe218586f11917
- SHA256
  
  fdd180c2c1006d1538bae0e968d24ae70f7386f30b42e13e9cf45a48d1b0bbc0
- SHA512
  
  967579323f7286fd3fa4f3c7f259ed9fccb63a8aa6fd2647fb8e2725c4d968b2fe2746a517078866393143d85c352e29a160b04a594f1b950d8918fa530655c8
- SSDEEP
  
  1536:Yu57R+hRzZNzqwTL7laO4Qim8A1DwLkGqQcNasWjcd+B4Vc:Yu5+BnfL7jpKAGq1+B4
Score

3^/10
behavioral25 behavioral26
- Target
  
  CrashDumpCollector.dll
- Size
  
  173KB
- MD5
  
  68f39c3915feaa3a5251e6be0d471b52
- SHA1
  
  c902b68cc1eb5b6c62ebe7f80ca8b123ff9820c9
- SHA256
  
  bd998d4f342d5db04534ae9d9c3497d2dfc701341399998f49857b048e50b83a
- SHA512
  
  1018e81735ef9cb8084d43d01aebf2ffcf56c88ea1c09f7df1aa56a7c4034d70c8fc407427d28cbb24af62eb4c09a5a7d3e39aa80f0d429a75178ae9d27b579c
- SSDEEP
  
  3072:IIPHanTmyMY2I28ugIs7O/6rle+qjp9fD5bM/uR+7oHMf085oGeg:7PHkTmyMdVKE/q1mXfDfAfiz
Score

1^/10
behavioral27 behavioral28
- Target
  
  GOMProtect.exe
- Size
  
  2.1MB
- MD5
  
  c5405d47e426f55e5f92ff5d9ab59a92
- SHA1
  
  5382e17969d82b213c3f429c3c6d584f8292553d
- SHA256
  
  c71202f64f02ccc126e60fcc6f736da6759d9c64298108d5d044426f498a2a70
- SHA512
  
  275b544742574f4c21c81b94bce88a1c22c1a0f9cf17e56194ce31a5ed2358d099f2c5b92288c067fe6496ac5eb7520dd06a6fb64dae1bf43caded2acad13fb8
- SSDEEP
  
  49152:sxYDItNUIhitqrLOeK+aJn9x+Uw7X8ZzZ17KmgCskgk:sxx7UIItqr5zI0w
Score

1^/10
behavioral29 behavioral30
- Target
  
  GomVR.dll
- Size
  
  225KB
- MD5
  
  39b2b639ea38fc5af16729e32c25255f
- SHA1
  
  041d9e62e4224ab45e1ebe40f12249c7bc138db2
- SHA256
  
  f0ac5c963159905486fab58fb340ae6694a4154bb06fa088ef055f9d25ce9e2b
- SHA512
  
  a39054918343cc903ada272c7bd38adad00563feb6a45ead23f157e7db85fc1c9d169fc0596b638be2dd08bd14c43948390e4a3a3b2fcc5bd21a2f582a85e1e6
- SSDEEP
  
  3072:oWK0YC1ZFbd5vwyRUshkZIZpINQLyKpncLCQ/tSVCXQfkg2RJlTR0u7N:oWK0/dRwyeshkZSpIGe7Rs7fkg2bc
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

ACProtect 1.3x - 1.4x DLL software

Loads dropped DLL

UPX packed file

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32