134c5d1acefee78416ad78742e402a3992bf3ab31ce21a7c3bf07cf4e182ef22

Sharing

Copy URL

Twitter E-mail

General

Target

5ffefb2fa977a638c88c558abfb85443_JaffaCakes118
Size

2.7MB
Sample

240520-tmxe5age86
MD5

5ffefb2fa977a638c88c558abfb85443
SHA1

3fc18cbd4c3b02b29a9de38ff7fcfd5693477b1d
SHA256

134c5d1acefee78416ad78742e402a3992bf3ab31ce21a7c3bf07cf4e182ef22
SHA512

c7cdb85e11992e89482d49ea854957101ae2d4670658ecc5ebe10a3d32cdb8a5dbf2503de26b8ad6b82881cf970f1cdfa78d521723cc0e55723c58302c6d9e28
SSDEEP

49152:QeLbg5XIK9lZxL0nw0Pelu8G5UoyMl/g3RoD8a/klTCo0:QzY0GPeoVOoyMFgyVscX

Score

8^/10

execution upx

Malware Config

Targets

- Target
  
  5ffefb2fa977a638c88c558abfb85443_JaffaCakes118
- Size
  
  2.7MB
- MD5
  
  5ffefb2fa977a638c88c558abfb85443
- SHA1
  
  3fc18cbd4c3b02b29a9de38ff7fcfd5693477b1d
- SHA256
  
  134c5d1acefee78416ad78742e402a3992bf3ab31ce21a7c3bf07cf4e182ef22
- SHA512
  
  c7cdb85e11992e89482d49ea854957101ae2d4670658ecc5ebe10a3d32cdb8a5dbf2503de26b8ad6b82881cf970f1cdfa78d521723cc0e55723c58302c6d9e28
- SSDEEP
  
  49152:QeLbg5XIK9lZxL0nw0Pelu8G5UoyMl/g3RoD8a/klTCo0:QzY0GPeoVOoyMFgyVscX
Score

8^/10

upx
- Blocklisted process makes network request
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/ShellExecAsUser.dll
- Size
  
  89KB
- MD5
  
  42865be4950639e871fed3a55b790d7b
- SHA1
  
  c6f52d75dec3e215ff0ed3f9ffd4a2e05e3a31c4
- SHA256
  
  c2c32ec71d26b8b4c451401eea1b00fb110ae6f530301605f8d5f71fb7bd738e
- SHA512
  
  2bf28f0b39d4b10325b7038b71519819f6923ba11fcbf510c6be2e02291741ec3d79f4be651df9e0fe1ce4227498a1449463407622dfdd924b81e8681fe6bb67
- SSDEEP
  
  1536:nZUcH87dl2uUVzmk1zaOvSTamTa4Uyf/fhcQYDZZsWjcdojmV/1Boq:2BZlWVzmupvADrymojmV/Eq
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  4206ac12a66dd61b2913f158488db070
- SHA1
  
  589a65a8f2b40d9e821e47bc66fd5bb3848d6f77
- SHA256
  
  4b722e1b2445fe8030194ba2ae1f573bc8e13dc3c028ce22312ea9848c584449
- SHA512
  
  a6a1bd423f222dd28277831eb01a14179ea67fb4d7c2b498cf0684185caf7d44a1378faf3a3933a6ce5bed5f5824d011b4a0f6558c3b5d8e84cb5a2bfe455a67
- SSDEEP
  
  96:o8dPIKJhMuhik+CfoEwknt6io8zv+qy5/utta/P3lkCTcaqHCI:1ZIKXgk+cx6QYFkAvlncviI
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  3e6bf00b3ac976122f982ae2aadb1c51
- SHA1
  
  caab188f7fdc84d3fdcb2922edeeb5ed576bd31d
- SHA256
  
  4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe
- SHA512
  
  1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706
- SSDEEP
  
  192:eP24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlbSl:T8QIl975eXqlWBrz7YLOlb
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/md5dll.dll
- Size
  
  6KB
- MD5
  
  7059f133ea2316b9e7e39094a52a8c34
- SHA1
  
  ee9f1487c8152d8c42fecf2efb8ed1db68395802
- SHA256
  
  32c3d36f38e7e8a8bafd4a53663203ef24a10431bda16af9e353c7d5d108610f
- SHA512
  
  9115986754a74d3084dd18018e757d3b281a2c2fde48c73b71dba882e13bd9b2ded0e6e7f45dc5b019e6d53d086090ccb06e18e6efeec091f655a128510cbe51
- SSDEEP
  
  96:5mArJv6F3TqDmgK4ghEin1US36eHQZDUDgGogZcko5Nt4AMP:5XJ63LhR6inZ6dsgZkKQT
Score

7^/10

upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  dbdbf4017ff91c9de328697b5fd2e10a
- SHA1
  
  b597a5e9a8a0b252770933feed51169b5060a09f
- SHA256
  
  be60a00f32924ccbe03f9914e33b8e1ad8c8a1ca442263a69896efba74925b36
- SHA512
  
  3befc15aab0a5dbe7fde96155b0499d385f2799b1a2d47ce04f37b5804006b1c6c4fff93d3cedb56a2a8172b23752b6f9dc6168cfce3596b91def3247836cf10
- SSDEEP
  
  96:33YnIxFkDUGZpKSmktse3GpmD8pevbE9cxSgB5PKtAtYE9v5E9KntrmfVEB3YdkS:33YIvGZDdtP8pevbg0PuAYK56NyoIFI
Score

3^/10
behavioral11 behavioral12
- Target
  
  $TEMP/$_85_/InstSupp.dll
- Size
  
  365KB
- MD5
  
  8f11c131cfa10a7f4df6713a600edc4e
- SHA1
  
  f778dde4e4e07c2851787aca0d9599bacc89d112
- SHA256
  
  6b983cb710acb18c3f41fb0b0593a437f824f467adbdbcaee754bb78b7a10493
- SHA512
  
  e1a1841a3f45aca5c641440ec4ccb371d3f593d6e7b31dacf0072efcdecddc845ac54344be196404e0e8bba03330e1d02b07d3a3637c3bc1e5dc30eddd72aae8
- SSDEEP
  
  6144:oax/t+8HtpQhakvZpS6IkOrwESznfzQq7aHG/coYbioVm/Pg/Jm8ji:oaJNpJkxpLIkO0ESzn7J/GiuEPH8ji
Score

1^/10
behavioral13 behavioral14
- Target
  
  FireFox/bootstrap.js
- Size
  
  11KB
- MD5
  
  4ceb7dfccc418f4a220e41e0e3b5244a
- SHA1
  
  6e4e25767afb889f516ed42308f9ee1a38c67492
- SHA256
  
  e9c7c14543100f703f9ee59762ed5e0ce2958acf44c93e33c89539088fdb8228
- SHA512
  
  647b44e9805ab99d1bcd791c51301b69738d30c49233f4a75cbfa2d9463d0a308a3ed2b7294a53d3258081061f71f6ba7be8f47712d4e5e78d54a916897c28cd
- SSDEEP
  
  192:fy5ZY6esa/XFee6DKdawc38ZY9bk300jAVwaP:SXeR/fawc5ZiAVfP
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  FireFox/content/html/popup.html
- Size
  
  734B
- MD5
  
  c929c4ef17977667affa3fbf2308d429
- SHA1
  
  8981c4dedbb7446e817e20f206b5c9e174cc0074
- SHA256
  
  4599c1cb8c97f841d48a003f47e6ab8b7b8f720448129183c4499812468377eb
- SHA512
  
  1831fb44ec6c9ff32fe21386023d4f0229d85844b09ed28975b65e5aba6eb81c6a0f783a7e023f966cc90082191ea4d5df5c3f803f2764181461433ce38935ad
Score

1^/10
behavioral17 behavioral18
- Target
  
  FireFox/content/js/uid.js
- Size
  
  41B
- MD5
  
  0460abfa86a3c928cfd26d3af6b17188
- SHA1
  
  551732701651d8ecd2847a9db6a557aef32b1539
- SHA256
  
  074dc1633ac3a5118053e509bd2d285635c9d946275431489bbfdcf26f26c8c3
- SHA512
  
  fbb386513ecdee0b096c5d75830a1cc25afe1c2b724f53bfb7f4d73312bc52f3dcbb953b47da05121ef21b76a734896063b8043ad3b63785a605cf7df2263258
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  Modules/7z.dll
- Size
  
  893KB
- MD5
  
  04ad4b80880b32c94be8d0886482c774
- SHA1
  
  344faf61c3eb76f4a2fb6452e83ed16c9cce73e0
- SHA256
  
  a1e1d1f0fff4fcccfbdfa313f3bdfea4d3dfe2c2d9174a615bbc39a0a6929338
- SHA512
  
  3e3aaf01b769471b18126e443a721c9e9a0269e9f5e48d0a10251bc1ee309855bd71ede266caa6828b007359b21ba562c2a5a3469078760f564fb7bd43acabfb
- SSDEEP
  
  24576:TW+wsDaQw6DDz3qRyPnmGfrnvVUKueY8RmneWtJ:TasY6DwOBfrnvV7UeWt
Score

3^/10
behavioral21 behavioral22
- Target
  
  Modules/ArSp.dll
- Size
  
  38KB
- MD5
  
  c7147f4c8432b235801efcce5ce6cc4b
- SHA1
  
  0a212712de818ee6b6347a69788c628a1ad97a5f
- SHA256
  
  dd5b037412d20d8d316c1f1c937291275bb78394c47e97c1cc3c284e801ac9df
- SHA512
  
  1820fb4def4b075c991f97fb14bd8ad040ce78ca28eb418c5d2a45dd50ef98d8f73191b830388e8339b44f0daa7ef3e77b119c7efd09766fd935078a6274980a
- SSDEEP
  
  768:u/PidxjnQyslT/9wtRBYzNjMLwYFScciM:6PidtnPgr9wOzNoMYFS3iM
Score

1^/10
behavioral23 behavioral24
- Target
  
  Modules/BdUdr.dll
- Size
  
  57KB
- MD5
  
  b449b3d40b83009003376335fefff62d
- SHA1
  
  96a654b74244ee29861e45524733390565e71c68
- SHA256
  
  2edc5cf27e6e44047fc97e3f675a09e6e6fe9273b45940db9038a03e27ccf29a
- SHA512
  
  0879277f31dfd340709c35649b7531bd0f5443a2e34c81a926ace3c8d9a44908f31f7ea9f6f52e7a910ed91cd26405a39b4b538e7f83c8a995359bd066ca9eeb
- SSDEEP
  
  1536:8iiWqjptijlWIhMjrQLyaOnrS83/+jQ/40i+FS3iZ:jiWqlASQLBOnrS83/+jH0iF4
Score

1^/10
behavioral25 behavioral26
- Target
  
  Modules/BrSp.dll
- Size
  
  114KB
- MD5
  
  2892c648e548df6d8f5ace9f03495ea7
- SHA1
  
  67fc99ea5c6badc1bc11441a0829361122d54d94
- SHA256
  
  df2f5be3bf5f148453d7f27091e1d7c6a206238631d2ed9d5c8d3d85a9623b04
- SHA512
  
  a15678b1462e6737f1c91bb40fec5e795681422f6fd273b05839b6146582b161570934b0df91eedacadd58bdd8c289149651323a9c3c4f59364e160fcc00c464
- SSDEEP
  
  3072:wV2WtwQZmhXiHFimwH56gb4ncG5AVOWi3wDbd2/LeELrg:jWtwZhXiHpo5WgNQqd2/LjLE
Score

1^/10
behavioral27 behavioral28
- Target
  
  Modules/CdPrc.dll
- Size
  
  88KB
- MD5
  
  fd758bb81a99621d73d6157d1e8e168b
- SHA1
  
  27c649f3d0d3aa25396705ee0f97be1c5f8f608e
- SHA256
  
  abb1c1eab73b63dc96e626c24f5025c184c749285254a26c3d8e913bd808fca4
- SHA512
  
  b4fe3393537061fa7977382bf59a102d3d13f358fdde4df3271494b6f10ea31b7e2b6e6b2082c35f9e632979df6176dce447e60a1eccd6ee0454ba03db4e48c7
- SSDEEP
  
  1536:XF9wrgScEr7fYnX0FMDvy/OtmkYtbSK6RpduYF36o5qW/c3NwlQFS3is:39MgnX8MDvyGtmlCRpYYF36dW/c3NwRF
Score

1^/10
behavioral29 behavioral30
- Target
  
  Modules/Core.dll
- Size
  
  106KB
- MD5
  
  5dba34c734fa8ae37643f2aa6f600e10
- SHA1
  
  bc7cb8294245e18ce7558e4f75beb2de6ec1e0f0
- SHA256
  
  860c942dcb30abfe95c106e150c11f70544a1a6acb325ac2da4672f4a5f864cf
- SHA512
  
  4dd5d33b1cf741071cf496677c69785963bf069a5ccd59353adfaa103a09da29aee30d0fc043b480625e272e3f711b5bfac718098ac9c94f4ea19e68b6bd42d6
- SSDEEP
  
  3072:iZYCVPJG1+LWSYVgFWTNlOduuNa8I/+/VZM4vX0W8:iZYCflSSYSFuouuNa8I/+/VZM4vX6
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Blocklisted process makes network request

ACProtect 1.3x - 1.4x DLL software

Loads dropped DLL

UPX packed file

Maps connected drives based on registry

ACProtect 1.3x - 1.4x DLL software

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32