1a0b08df8b00187140cba1f2643cfcd5b912b1fd91249064d1fc7320759f88e7 | Triage

Sharing

General

Target

658e8407e9f68028acd01f749fae5fdd_JaffaCakes118
Size

1.5MB
Sample

240522-b3qy6sge3x
MD5

658e8407e9f68028acd01f749fae5fdd
SHA1

b6bb04659551ca77a5174ee0f34d51d9dc56e635
SHA256

1a0b08df8b00187140cba1f2643cfcd5b912b1fd91249064d1fc7320759f88e7
SHA512

1b0b0271fb4b80df957f03ed0d637cc7ffb458b8a233d45c6e9fc0456cdfeabe8ee4d34681d7886d4f4cbf59913a6c91db91c95415076510d6fd035903a9477d
SSDEEP

24576:xaTstd4Y2e+WA6KOGGeRY2lrWE/eNZ+8+THJr+PD7RhgqkvjE1zabQgNMlIOtuoM:wTWQ3OGGeN/KPdhzabQgNMlDtuF52E

Score

7^/10

spyware stealer upx

Malware Config

Targets

- Target
  
  658e8407e9f68028acd01f749fae5fdd_JaffaCakes118
- Size
  
  1.5MB
- MD5
  
  658e8407e9f68028acd01f749fae5fdd
- SHA1
  
  b6bb04659551ca77a5174ee0f34d51d9dc56e635
- SHA256
  
  1a0b08df8b00187140cba1f2643cfcd5b912b1fd91249064d1fc7320759f88e7
- SHA512
  
  1b0b0271fb4b80df957f03ed0d637cc7ffb458b8a233d45c6e9fc0456cdfeabe8ee4d34681d7886d4f4cbf59913a6c91db91c95415076510d6fd035903a9477d
- SSDEEP
  
  24576:xaTstd4Y2e+WA6KOGGeRY2lrWE/eNZ+8+THJr+PD7RhgqkvjE1zabQgNMlIOtuoM:wTWQ3OGGeN/KPdhzabQgNMlDtuF52E
Score

3^/10
behavioral1 behavioral2
- Target
  
  $TEMP/TeamViewer/Version4/TeamViewer_.exe
- Size
  
  1.4MB
- MD5
  
  fef783b93197986c60cd34c9b385bb91
- SHA1
  
  9784dabbbb4b2e0b25a00c2ffbdc6bc348813a25
- SHA256
  
  1db4fdc98e47ff1e9c2d242d010760425b9997ab75b6fa32848c388f8d41e29a
- SHA512
  
  e048882c97f87a10c302ba74d42d8a9e3830d333b95033fca748c0ad93b5c0def54104b986388301a60f44018bdeb1eae4ff0d8415028e4159401a0168e4a72a
- SSDEEP
  
  24576:uaTstd4Y2e+WA6KOGGeRY2lrWE/eNZ+8+THJr+PD7RhgqkvjE1zabQgNMlIOtuoZ:VTWQ3OGGeN/KPdhzabQgNMlDtuF52B
Score

7^/10

spyware stealer upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/Base64.dll
- Size
  
  456KB
- MD5
  
  9459a28dbb2752d59eaa8fbb5cf8c982
- SHA1
  
  4ad7eb230cf6d05df967037225fa19dd385bf7cb
- SHA256
  
  4688dcd01db816485a770cb8fc047fef9a408f3dbec5a2c83752fee115ce6963
- SHA512
  
  7dff6414f4215aa4c7a168158b4ac5dd422c7dd35c6af58bce658c6bf9bf5a3545a5ee0db5f5d47a17c7ae53cb54551b98b492137e36c73e684b2041d775cd97
- SSDEEP
  
  6144:NbK5zygAJ/kzt5KdaoOj4uhorVoK9omsgL204E0bm+J7iOi6rG:5KlnAJ/CtkgPlSVoVgLYbxJ7iOi
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/GetVersion.dll
- Size
  
  5KB
- MD5
  
  c6910d6e78c2e5f9d57d0bc6d8f6b736
- SHA1
  
  a395099062298b3f3c015359b227ca02a72c6e2c
- SHA256
  
  b2c32af2b0d75dfd08ae4e1ad7c5897957240b32bf7a16855d6a46512d272b9b
- SHA512
  
  4cd45b887ce5b7fecfd863cae83817465d7378cc9f5b50f5762d5f209c55a37257d94e91dea4c91c66f2c5bf22cdc1f5545eeef52a090f05cceeedf59bbd2a10
- SSDEEP
  
  48:SQQhmkBkC+LRYvRPyIPm/QtO1l3NSphgPNy6C3xNsbj51SBNE46AQubLQlI:eRBkTLSvRtC5SpSM6MxOnSBi46AQuP
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  12KB
- MD5
  
  cba76738860b6d501ce742d0a6f2fbd8
- SHA1
  
  c1b9987f56244d9e8c3a6e2e52d2446fef026496
- SHA256
  
  17bc8aa627f3d71a81f3f698ca7c2768138178b7875afee4fb8d6144fd91f9a1
- SHA512
  
  ab2460149e7034843cdb28b1203a0b2082ce9ddfc3d9d8c09994ef5f392ba62e7b6c4125c181489d6b02f1a9ef4eb408d366d6c5e98a552ea724f48566cd73b7
- SSDEEP
  
  384:axHcylos+6YH6raH8JzJJx7q6aVUkTTAo:axHcyOs+enlj7/aVUkTTAo
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  0b96e50e5fd9b241435cfec46600b5a7
- SHA1
  
  1f79688c6bdd78b4e1812b110fd16d27c59b32d5
- SHA256
  
  10841d8d0a0fa457a62be63af7e30e72ffaec265470dbe16c0d61cc5b111d1e6
- SHA512
  
  01a5884ce81a622f81da23c4075aef4cbe68d18471908bb6082ad98bfd002c8a6c2b8069d250df0320cde22ad76eedc14a5d9369b370c2012d58575720da48b7
- SSDEEP
  
  192:yO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1a7gMO:nKAFERdlxhGRYUzqZa7
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  15KB
- MD5
  
  f6864bd1708daa67dc0e47d5624e8938
- SHA1
  
  dfbb5a96f13ab36712349d7c56e2e7fc9ab73819
- SHA256
  
  2bc962a7f596a0c0a40bf3c3dfcf77c4e8dfc49830115e636b720ab68094606b
- SHA512
  
  d935fb87b2ed6e668e80627f21d965df7b73dfbf47c33e02721f02cbab2c525c0f5a36eb2a84573af2fffe5db43ac8823079607b9b70bb2bf51b0df8195ff01b
- SSDEEP
  
  192:uMtWEALVfpLcBB5yoOINGaZYjWigGcr2fNxhRUNFd5dMAW5s+2oAw/8tox:xtpAL/G0zIBZqLlZUNXHMAW5BL/o
Score

3^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  fcad39646b416b4c2e0ea259554c3ec1
- SHA1
  
  8cb881913d923de35e6e131c2329b20ce51fe84f
- SHA256
  
  bc3872dbafefc41db2191b11b7371e988736dc12c9913bead1aa953dd28ef62b
- SHA512
  
  d81e00ac4828cce4ada42d28845d91601a98a6647d7b4fabad23e45b1aa529297fc554771b8cf8e484525e91a58f892ba5836263a81d6c061a54801abf0beecf
Score

3^/10
behavioral15 behavioral16
- Target
  
  $TEMP/TeamViewer/Version4/SAS.exe
- Size
  
  53KB
- MD5
  
  bf3bcd752bdabfa1f1e84b7462738103
- SHA1
  
  34cb8ea7d47467cace271e03b7869f37b0ecb30a
- SHA256
  
  90fe790e189c384f2ab82958057f91fdf40888c2ed3c0471bd7b85d5b36c7810
- SHA512
  
  6d5362c4d354319845f4522e0d1132c32a6779efc4c013c8c7bd489fddf39cbb5dfb72b135487b660d156d7774e5be4acc03c3fcecdb6dabcfad12630a3f5955
- SSDEEP
  
  768:bA3C0RkYbVJEhDPCVbvv1l9OlKX8v8XAibCxHRgPjchVCK5EOahtZLXbdHa:c3CSb3E12VOp8Qi2xCP3KjytZ/dHa
Score

1^/10
behavioral17 behavioral18
- Target
  
  $TEMP/TeamViewer/Version4/TV.dll
- Size
  
  64KB
- MD5
  
  4b030749eef3498b8efbaf2877a59fb5
- SHA1
  
  70d65a57582fa7145bcf7198e0751e5a3bfffcc5
- SHA256
  
  ee4f367a4074fa13d15eb17ae9e140d38b249959a29d6e4146c0577df2fed01b
- SHA512
  
  9a265c06a377bbcaba9b6b0e2752657701fd1fb82613d7ba520e4739108951d0059e1c8d7533a3e94928e5971a9d2fc575d3adc67f4ac768f844c63a5e11e8c7
- SSDEEP
  
  768:DwneoYqWGp6ja9akpdyRsi7Z3/HVtcM2:DJ+sIaIyP7FNtcM2
Score

3^/10
behavioral19 behavioral20
- Target
  
  $TEMP/TeamViewer/Version4/TeamViewer.exe
- Size
  
  3.4MB
- MD5
  
  84a8afd4d54164c1e6e9cdf0dcd28eaa
- SHA1
  
  3943120c742d3adc2060e5d4479ebafd0102cee5
- SHA256
  
  9ade5287b8a8b0910a01235f8c5be41bf3d19b89e92ca6416bf7827c0dadbd30
- SHA512
  
  0e0783974c031d5098141a4d5cabf9f74ba60cf73e2e7e8ad8141488700df87538af5a89d6ee30152d04ed04dde0146d290bf87fd4e268f3fa82ee7dfbd035f1
- SSDEEP
  
  49152:0VSl5yAhOffG+diT/IfiX7CcLxYVfRi3PNNu+axk/jNjovY7icVJJe46C/oSR4:MAhOf0c/yxYBRi3T7yvY/z6CZ4
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral21 behavioral22
- Target
  
  $TEMP/TeamViewer/Version4/TeamViewer_Service.exe
- Size
  
  181KB
- MD5
  
  82ea3814431d24fbc692f27ea67e176b
- SHA1
  
  0d0f1ee84a381728c65569e5ea3822b0c67fff3a
- SHA256
  
  9581cadfc5715729787b65d025d7fdeebaa9893b987a0dd3aeeb3db310ff9827
- SHA512
  
  d0c0a55506f1ae11e115d03b7ed76f918ce545e9e3efd11fa27a846182148e6031988a1056dde72dea921e732c9bd35d4b99a8192a40d87ff196c522f6d7a285
- SSDEEP
  
  1536:4EkQAbDmJCIemdRpF0l5cW1QJhXPB2dUoWeTj1UG+avo2Cv9wm/6PTulmI05W4qT:ecR/t/oWeTj11Y05W4NtTfA
Score

1^/10
behavioral23 behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

spywarestealerupx

behavioral4

spywarestealerupx

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24