0f3bfdf1fccfa3d80af6edb597a5071099825be60264c230a0da29ca49dfd31a

Sharing

Copy URL

Twitter E-mail

General

Target

63c2d776c48ff1228b12812719c3f2bb_JaffaCakes118
Size

13.4MB
Sample

240521-sp4rjsab42
MD5

63c2d776c48ff1228b12812719c3f2bb
SHA1

b8cf9f9e401f51fe966748df947970ff48f951f4
SHA256

0f3bfdf1fccfa3d80af6edb597a5071099825be60264c230a0da29ca49dfd31a
SHA512

394c6791509723807fd197d20e374f4fd119dfd762ca199aa4310b0778f2a5ddc4d459065e616840f4eb71ffce9c99dd22cacc1dc2b53ad19e3f69b6b933d442
SSDEEP

393216:FpAzXLKi/KForUnnXFwtAdPUqJyBTIm1GQvm:FpAfnlAnXFBdPU4yT1GQvm

Score

9^/10

Malware Config

Targets

- Target
  
  63c2d776c48ff1228b12812719c3f2bb_JaffaCakes118
- Size
  
  13.4MB
- MD5
  
  63c2d776c48ff1228b12812719c3f2bb
- SHA1
  
  b8cf9f9e401f51fe966748df947970ff48f951f4
- SHA256
  
  0f3bfdf1fccfa3d80af6edb597a5071099825be60264c230a0da29ca49dfd31a
- SHA512
  
  394c6791509723807fd197d20e374f4fd119dfd762ca199aa4310b0778f2a5ddc4d459065e616840f4eb71ffce9c99dd22cacc1dc2b53ad19e3f69b6b933d442
- SSDEEP
  
  393216:FpAzXLKi/KForUnnXFwtAdPUqJyBTIm1GQvm:FpAfnlAnXFBdPU4yT1GQvm
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  InstallTools.exe
- Size
  
  274KB
- MD5
  
  7bfcafbcc8ee124ce3ea6b098105865a
- SHA1
  
  f404c9a50e0740e465106321012c3b7859c999dc
- SHA256
  
  d7ffd96c98cdcd1bacbe7542b403d60a8b700ab8305de02738f1f1c2d98aa71f
- SHA512
  
  02b873be813abc8a50b882bed60ad2c57ad6cba8f83984c30d2ca0b5dba6c5b6427d44626bd2689e179bff539160b78b3ff6b604d1d134a147e41c9861b1600c
- SSDEEP
  
  3072:0l7g2UXc+gHjgXqJV0BhZ1hgC5VQ+dVg6tsH3kksA7XDCEtXFD:SkxM+gE607ZEC5VFgkks4Xx9
Score

1^/10
behavioral3 behavioral4
- Target
  
  bytefence-installer-5.5.0.7.exe
- Size
  
  13.2MB
- MD5
  
  bd660f5e0f39dd05d5eefff4ce65c017
- SHA1
  
  956847325b76f4f02c8803f71204f4c747823ea2
- SHA256
  
  223ab46425284dd4ae73f8e7ad478eca6a0dcb4902cbc2f203b73b7cfe0da90b
- SHA512
  
  4fb02afb13c67c3d99cb0b183ca20ede069fb7a92cacd2f9bc73891e05a51bd6bd3ca2988fb71813444f9c9853ab8ad42193b234d5d0a60ca6a63355b51c0469
- SSDEEP
  
  393216:TAzXLKi/KForUnnXFwtAdPUqJyBTIm1GQv9:TAfnlAnXFBdPU4yT1GQv9
Score

4^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fbe295e5a1acfbd0a6271898f885fe6a
- SHA1
  
  d6d205922e61635472efb13c2bb92c9ac6cb96da
- SHA256
  
  a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1
- SHA512
  
  2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06
- SSDEEP
  
  192:yPtkiQJr7V9r3Ftr87NfwXQ6whlgi62V7i77blbTc4DI:N7Vxr8IgLgi3sVc4
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  ab101f38562c8545a641e95172c354b4
- SHA1
  
  ec47ac5449f6ee4b14f6dd7ddde841a3e723e567
- SHA256
  
  3cdf3e24c87666ed5c582b8b028c01ee6ac16d5a9b8d8d684ae67605376786ea
- SHA512
  
  72d4b6dc439f40b7d68b03353a748fc3ad7ed10b0401741c5030705d9b1adef856406075e9ce4f1a08e4345a16e1c759f636c38ad92a57ef369867a9533b7037
- SSDEEP
  
  96:o3W4JlD3c151V1gQoE8cxM2DjDf3GEst+Nt+jvcx4K8qndYv0PLE:o3p3ggQF8REskpxZdO0PLE
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  50ba20cad29399e2db9fa75a1324bd1d
- SHA1
  
  3850634bb15a112623222972ef554c8d1eca16f4
- SHA256
  
  e7b145abc7c519e6bd91dc06b7b83d1e73735ac1ac37d30a7889840a6eed38fc
- SHA512
  
  893e053fcb0a2d3742e2b13b869941a3a485b2bda3a92567f84190cb1be170b67d20cc71c6a2cb92f4202140c8afd9c40a358496947d709e0c4b68d43a368754
- SSDEEP
  
  96:17GUxNkO6GR0t9GKKr1Zd8NHYVVHp4dEeY3kRnHdMqqyVgNT3e:5XhHR0aTQN4gRHdMqJVgNa
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsisdl.dll
- Size
  
  14KB
- MD5
  
  732b08d61117e442df209d6e2e4165a4
- SHA1
  
  4ced1f43e94800dd08f6c2efc73be978dbca028b
- SHA256
  
  73a1d4339513125be547a038321e26a3de13593df96ed715efd8a1683ccc0665
- SHA512
  
  f79e75f2637072c07f55f6e2192a1c7a997f184432a8179afde38656034b3167fc3e275755c17f298b9f554c7a20571aa4df165248a42315c5f1a1aa52bedc03
- SSDEEP
  
  384:yck76gi51kE5aYOMLDC4UnDp9B0Jc5HNw2+E:yck76gibLCMLDLCx04HNV+E
Score

3^/10
behavioral13 behavioral14
- Target
  
  ByteFence.exe
- Size
  
  3.8MB
- MD5
  
  b821cd61e2d66b1ca5c795230f6b1b8e
- SHA1
  
  a2e0cea3af916f98233ad73992cbac1dea55b234
- SHA256
  
  16e0d6966e98794aa18719606e41f4d4ae74683d652e81374717282fc8b3239e
- SHA512
  
  6f88f403aadb97612bb409bae098bfba28d863a97c4fdb5a69431732251d7a91d3bc76750d30e30db38df1e7d4cf2f633c2b5a09cfef08437d5d1a6cfd55ebd7
- SSDEEP
  
  98304:YXrXAQnL22v90UxMwbV1J29H0SF8A9q4er:YTL2mewhn2ddrur
Score

9^/10

evasion spyware stealer trojan
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral15 behavioral16
- Target
  
  ByteFenceGUI.dll
- Size
  
  402KB
- MD5
  
  64d417dc29e703c1ce96f6883693bb48
- SHA1
  
  959cdfea412e43fbf0992a6fec142802148ad2ed
- SHA256
  
  4653f64b3374bd12df745ed33e46d27c7a33010bc92d0d2a5f4b2e45fb3a2fc2
- SHA512
  
  5970fff0e2f6ec1ed8835078ef2001f54d0364c846c26a32826d3ae534e368c159e49f16b1f201b8b83b17a34b7f7c16ab7dbef02ceb2b93ad49f0e1863b75e0
- SSDEEP
  
  6144:x5UfubKSlfRgMhU+T9DW7X5GX2ypXfC0SYdC:x5J5gz+w7XYXw
Score

1^/10
behavioral17 behavioral18
- Target
  
  ByteFenceScan.exe
- Size
  
  809KB
- MD5
  
  6e0e63eb8b8022286b9cceddce76c5dc
- SHA1
  
  8bafea55708917c27f98c44920f6d0bc8ca2a37a
- SHA256
  
  434e30c59249506dde85ce9e22ffacb2dcfbb05625c5853e9e72397c22f2cc53
- SHA512
  
  de73bde33e8f702926bac7c93d681edf545d178b78601e17fa64a751c4c66e771fb12177f46a4d43fda60785e8af7831c4bf5c72ca16f36f0c89a38239bfab65
- SSDEEP
  
  12288:qM0Voclkzj2+OeO+OeNhBBhhBB3RauRtg8awP1NGcMWU2g50M341SJ0BGZsGXgs4:qMToiDXtg7wecMFogJ0BAV81suqdpE
Score

1^/10
behavioral19 behavioral20
- Target
  
  ByteFenceService.exe
- Size
  
  157KB
- MD5
  
  b7748eb9fd8de26917eed1f341e3cd99
- SHA1
  
  275ad76abb350fbb0c77050d99fff8c8696b0de3
- SHA256
  
  ee8b257ada017afdec76c7bbaa436afa2d77ac6887c6ff84431866517396a956
- SHA512
  
  0c343c1a7f7bdff2f5652350e05dfff1f9ae3424c70302d4abdd1693660581414a5ea5db712cfa266f4e35e12a2af7447dd0538186ae6654c4c0e7cc4c83d9e4
- SSDEEP
  
  3072:rzUhP2vWKB4IsWyZpiOpEFzsfDuBurPm3/IheRy:nUhOvvyzxpEF8K32
Score

1^/10
behavioral21 behavioral22
- Target
  
  Microsoft.Diagnostics.Tracing.TraceEvent.dll
- Size
  
  985KB
- MD5
  
  d09b4a4509907f75f506b996a5ff7554
- SHA1
  
  bdb299cf617da297cbcfea321879f669e465069a
- SHA256
  
  6f8a2f1d045efb952c1ea9988bb5dcc72555eccafe9b32c2c51b439ea1f28453
- SHA512
  
  ea29579f19aa55429e7254a7a6953f127a7520c43ad1e15dad7e4b25d17a167218997fe98d3096606164284616963c81a53f10eeaada7163472a6102e66de478
- SSDEEP
  
  12288:Y+TaIGsAE3CBF4vgwWNjVYUQjwciLzR3Sx+1FfNJyPnKrA:ZT2VESLEUQjXiLXNJy/
Score

1^/10
behavioral23 behavioral24
- Target
  
  Microsoft.Win32.TaskScheduler.dll
- Size
  
  303KB
- MD5
  
  1802e6df96046cfee62c63c4c8469a3e
- SHA1
  
  c5d6444fcd8f46e1832c99614f5e71adff582f6d
- SHA256
  
  cc6c472f666239ed270cc3754852f536b8981d6fd22e4ad1ee15a1aa788a3ba9
- SHA512
  
  339f5b917c4afbc25175bd173cebefdd8f4671e157ecfb8a9c21b78db9d34fd9757787c231575e8849509cac59162c6c67fb32af6febd6903ec285e21c0fd304
- SSDEEP
  
  6144:pSNrAMLv8oXq9/7hbTD9S9XFiU5xsM2N0b9tCud+FrXSaG5rcfFr79E:CH8oXq9Dhb49ViU5xsTQd+FrXSJ5eFrZ
Score

1^/10
behavioral25 behavioral26
- Target
  
  amd64/KernelTraceControl.dll
- Size
  
  217KB
- MD5
  
  23ff4b3eadf12465e19f39b0c19c4361
- SHA1
  
  ce0f61dfc428532dc645d2aaed9153d79dbd27d5
- SHA256
  
  2005f94acc7c541771066ed98aff6321b911d10c59d2544b853446dbe91f25a5
- SHA512
  
  cc618b926c22cabeb2156fe9d82dfa0a181e9bb03e9f1d823f68f656a72fa56fecb92fafbe84ec3712805ec0bd5a903fde6ea33cd05dfc57027800bc516c7538
- SSDEEP
  
  3072:nX5gE72vcK8s7pTxEl7Onygi9wDO4z4WSYB0JuPr8AjT//PqLVFUYYBHoC:nXX20y7HNz14RU0J1ALqDUBHoC
Score

1^/10
behavioral27
- Target
  
  amd64/msdia140.dll
- Size
  
  1.3MB
- MD5
  
  c241e5b86b651da6e2b8fd9b07660635
- SHA1
  
  bc7317c284770245116b4a77c6d454970625fd19
- SHA256
  
  25a17a77163d1f18d780b06546dbe53c49d184c08cae60598b81cce655c53e34
- SHA512
  
  1b8e06fc562413b110f2ed8ee752f704948a77c4f4b8d855d1f14a91f9d3cbaaeead625b11d82d655613e89b7345c3299ddadc0fa9bcdad400068916587894be
- SSDEEP
  
  12288:Ppo5lxPC6r9vjOqfmX/yyOZWS6ggBwCX0dX007AedX0oHQUcV8gv2MQo0pzx:xo5lxdoz/yl4rEdE0cedrQPV8gut7x
Score

7^/10

persistence
- Registers COM server for autorun
  persistence
behavioral28 behavioral29
- Target
  
  protobuf-net.dll
- Size
  
  205KB
- MD5
  
  1ef639ae78e59f44b0ef43bbcbb893f4
- SHA1
  
  a78cc9f87e611a017080ad9b28d0c344d58bac0e
- SHA256
  
  ce817ea26d88d86ab917460039b0bfabb311790cd702285c92f977ca6c293508
- SHA512
  
  3b7d7e57b2db0a5c68e38ab2494995098d91ed32de4bb092a4947e17cec800c725d879aa8a106b46c714945b2358d2e37e62813d88d772bc4a9c1ee05bc12559
- SSDEEP
  
  3072:cDS6s11CNtSu01ck48ChK8CShUlNIUAQwXaQ5edod9hoiexKcMva3rdYg8CUD:zzWMGN8CckUnAt5edod9hoisKbvydDUD
Score

1^/10
behavioral30 behavioral31
- Target
  
  rsEngine.dll
- Size
  
  5.3MB
- MD5
  
  5efe47270e2ad4111ff66f53a0502cb5
- SHA1
  
  896ace118b9224eb2bb62e2c1964ea506291f619
- SHA256
  
  bf7d8e6051c13f8b20f87c11103ab153e692ef26c409fea9893d4f7d5223dac5
- SHA512
  
  32782f15ad6491bc358264cc6373ed3e8039fcc428263e3b6498c48c19eff2cea3294d3cb0085418d896a81a27f73f80e7ea85a05bb5ce5aabf35d7db63e8ab1
- SSDEEP
  
  98304:MQOQ1D5RJP/WaqS5xJ/9lO2L8qnwIaDpMtDMRmxfMx5qIaB9Ic6:/pFRoat5xV9lJ80a9MCRC0x4IaBR6
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Virtualization/Sandbox Evasion

T1497

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Enumerates VirtualBox registry keys

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Looks for VMWare Tools registry key

Checks BIOS information in registry

Reads user/profile data of web browsers

Checks whether UAC is enabled

Enumerates connected drives

Registers COM server for autorun

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32