7a2e6f998920931de03d76bc1fc5087a22becd02301713342a78957afa80b652

Sharing

Copy URL

Twitter E-mail

General

Target

65975f0ec8f73437db3a5374b09a441b_JaffaCakes118
Size

6.5MB
Sample

240522-cas4hage89
MD5

65975f0ec8f73437db3a5374b09a441b
SHA1

e5d72c831e501e7a049bf743ddb335c67028d8b8
SHA256

7a2e6f998920931de03d76bc1fc5087a22becd02301713342a78957afa80b652
SHA512

f01e46387933feef3013c1e6b8b7575f699b9cfc5f0c7e444ee4934c1ba16086685cc706ead2ec7939c893e0ddb1a6e3de88c57a37f564fa3326ad9077809bbf
SSDEEP

196608:XfHYzcMRkypFxLyhiEK6iJ+NXeleJZclLsH5me:PocMR3oFKJJ+NXuwch

Score

8^/10

Malware Config

Targets

- Target
  
  65975f0ec8f73437db3a5374b09a441b_JaffaCakes118
- Size
  
  6.5MB
- MD5
  
  65975f0ec8f73437db3a5374b09a441b
- SHA1
  
  e5d72c831e501e7a049bf743ddb335c67028d8b8
- SHA256
  
  7a2e6f998920931de03d76bc1fc5087a22becd02301713342a78957afa80b652
- SHA512
  
  f01e46387933feef3013c1e6b8b7575f699b9cfc5f0c7e444ee4934c1ba16086685cc706ead2ec7939c893e0ddb1a6e3de88c57a37f564fa3326ad9077809bbf
- SSDEEP
  
  196608:XfHYzcMRkypFxLyhiEK6iJ+NXeleJZclLsH5me:PocMR3oFKJJ+NXuwch
Score

8^/10

discovery evasion upx
- Blocklisted process makes network request
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  23KB
- MD5
  
  8643641707ff1e4a3e1dfda207b2db72
- SHA1
  
  f6d766caa9cafa533a04dd00e34741d276325e13
- SHA256
  
  d1b94797529c414b9d058c17dbd10c989eef59b1fa14eea7f61790d7cfa7fd25
- SHA512
  
  cc8e07395419027914a6d4b3842ac7d4f14e3ec8be319bfe5c81f70bcf757f8c35f0aaeb985c240b6ecc71fc3e71b9f697ccda6e71f84ac4930adf5eac801181
- SSDEEP
  
  384:TsuiXfwnOEFMUgKWSeMPe3+6a+A6PcPpntKfh00g509nj:efwnLFMUGMPenA6Yuh9Xj
Score

3^/10
behavioral3 behavioral4
- Target
  
  Tools/modules/bugreport.hta
- Size
  
  27KB
- MD5
  
  492b077cd9c947c4cccab9acd25e6c43
- SHA1
  
  b34ba31c78d48fd1ccd4e43cb2bec1db3155a97c
- SHA256
  
  14763e4336a3f96fa2d9aeb5a55dfad39672ba2ce68114c582c56d874350c386
- SHA512
  
  37127dfcd39c3ed973c4e1ba1d0aca9b11b719fbb9c29b668128a50ef44217e16621a7f8e20b924320fb63ac603f19836ec861695f4a5f486f5b7747b309b669
- SSDEEP
  
  192:cZGGdaWZf6bORA1bwDtGaTi6I9BcwlnXLH8goq7i31GsRr8hd4S1JLMAHgPx0HS6:cdZKORA0tGp6iBceX7B7i3Yq8hd4fu
Score

3^/10
behavioral5 behavioral6
- Target
  
  Tools/run.hta
- Size
  
  2KB
- MD5
  
  d0e69969ac10cee9ac933c3223542059
- SHA1
  
  7f9246b3bcb6f1cf1b5d9f26ad7a747dc4fbceb3
- SHA256
  
  11abb36beb797e400f6d5fc924f8ae07f40ec41aeb1b1b43f6583bb60a875cd5
- SHA512
  
  4bd2df510345263952df26c7b6c9f2fc57e1af4046919d68f8a9aa3c8b1d60127a4bef6b75bf915710287e8a1e442437dde135eb3ac7d4dc10321ffbf97dc2d6
Score

8^/10

discovery evasion spyware stealer
- Blocklisted process makes network request
- Modifies Windows Firewall
  evasion
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral7 behavioral8
- Target
  
  config.js
- Size
  
  3KB
- MD5
  
  8be11d79a3a34088a7d7dc7732e7b367
- SHA1
  
  ebd04615a0460a95cd637efc2ff32ab7367d2b83
- SHA256
  
  e65ed786b887b3e028bda74c649f1fe84b2dc64f6d59f9cecd01e9aa3c8fe54f
- SHA512
  
  d4d04a28aa693c9d3994abec520332641c533db0c62aa6eead48078f544fe175ad77c040fd238e824754eb1104aa9e766333d90fa44b7173af8623572f19857c
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  drp.js
- Size
  
  3.4MB
- MD5
  
  5f388dd7663808c1c9d060fda99ea4e2
- SHA1
  
  02d151571871d251ac27679a212dd1977e4b865c
- SHA256
  
  9780da3ec181f013488f93b0385b1dec1087794c5eac63e11a402877626f1987
- SHA512
  
  6060fdcf90f4250f3d3b7ee19d31ef8ed1c7c2d9c825374906a2602d5706cee3ec3a206e30f0556d70d1dd0798edfa29c339f7102606e3d4fea77e08456cfacb
- SSDEEP
  
  49152:DhMKu4JZAt2LFAFGHWzUeb6zSEN9/cTqawhgrC4rKN5Lgy7zzy1hNZGAcwJlCDzK:p4b
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  js/soft.js
- Size
  
  76KB
- MD5
  
  0f4e7dedee3a85b93e20c41b0b644ad8
- SHA1
  
  e1a126f5f583f81f49e8eec436ae2bad2378fbfb
- SHA256
  
  777524fc9190f0b5e424e0510e33f36e9fc79101f5d57ff047d41b23b3a0a856
- SHA512
  
  f7cf110e2f17dca08f71d0f0933071a5c279ee273bf37c7772d393ed123f5bddb72ee39166fec58ac66a946fead13503c80eabaf8f674755e10d3a248330fb45
- SSDEEP
  
  384:RxHo7ouhAiGuhVl0uhAXuhVlIokuhAr0uhA4FtYJtUj1n3suBF9zxSvBwK+gzG7i:HaFt04wRPWYBtUXJZoGESaC
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  languages/ar.js
- Size
  
  68KB
- MD5
  
  668f36ad72a2ea2b002fbe7857b06298
- SHA1
  
  136bd40e54fed28a5d5767a4137de8799da1797a
- SHA256
  
  31f958f26de20c29f9dd75678d62941d5f2384b6996b1b0700115890504b3271
- SHA512
  
  a0765c04ae34de71283f9bdfe8b5c2088b572567ffe0d99975d1109ff4269be02b347a4b3a3f6610355957bb0c2a31bee12d7f01635074d47a7e8dfe078524b2
- SSDEEP
  
  1536:EjO4P0k5PcjqUeVM9z0tlqlrGQB3Lql7R2jQg1HqlC/t8Dd8Dr1riPsjnjiW69eP:EjTMk5PtF+B2sjbd0OcT239
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  languages/az.js
- Size
  
  62KB
- MD5
  
  e10cd6174c53af336a74c8e1b7c15661
- SHA1
  
  28bd659e7f99c4a709972243605217d754845032
- SHA256
  
  71d62b8da4564098d9745dfb0f0dd805d5d1bd34c3b68b1dfb8fa4b1046dd128
- SHA512
  
  2a05478a7621d132dfde79684ba298ce36848284b2fd9b387d91f3abdf93ae4421ae4af8213d873cc7a5a9cdc8ca298e7627fea2dfb62d5257d90666068e8f1e
- SSDEEP
  
  1536:MqNVGWURh3wAHz/2BHysUWPTvnepoIzRHlcL9hC+s7UGZPHIGPsogjHx71ly4o1O:MqNVGW0hgAT+Ysq11LotFSfS
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  languages/be.js
- Size
  
  75KB
- MD5
  
  e74b286b507b14d203439155c65905f8
- SHA1
  
  7f1635267d1ccb588748322d08c3a2d33ba183f2
- SHA256
  
  9c420b9d29482bb7d6206eb111fa39c261472c3e11443be043d1ea4c42fee9ed
- SHA512
  
  530a320f7e1cadebd80dc34c0269921a7f1eae056a1fbebffef464bc2dffb886f094ffbaff9422a5983fd5e50ca73df38e25103c8b5fa4d1803349c5589ae9d2
- SSDEEP
  
  1536:y9xuQkeE69vmb7mnUDtlwE7l5/e1pNFZ5kl98Z+FU5ZU/bfqcAbf1Ijy/XnUqsPV:y9xuQVFZFpIQWO37mF
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  languages/bg.js
- Size
  
  74KB
- MD5
  
  01e14defb02ef0464275566b7e0426b6
- SHA1
  
  ddf47989547983fc5e65028e2a9d4d637b197c2f
- SHA256
  
  5e2486820a10800e1dd33a4630ffafca099801405ba471056322416b76273fab
- SHA512
  
  9fb688df6a17608fd49e2803c50f61a4087d49e99fd35714aa58db307797503cc9ab6bd5bb744272f78ff1c610d0f57c1c607018b502270bf6850711b4645398
- SSDEEP
  
  1536:ixdzqEe/o9zfIlrW6ZsJZ2iTWM4XXhurQWPsG0V7DkdyWeJI/A8qlo6YjoiDEgzx:ixpq12jt3M1Y
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  languages/bn.js
- Size
  
  87KB
- MD5
  
  32e1cc875aab0ca4da70f85f4b35a4d7
- SHA1
  
  8dbf76417fe42fc37d805fca012c3f6ee18612bb
- SHA256
  
  fd790dc3de0a4934ecda042c27be47d4dc5902c49b12104bc8f9f30e7c7bb76d
- SHA512
  
  8995a64fcf8a3cf1fb194011a3ba3a5664b9028c06e5c4d806e6976c8d34a5849e8080b88badc3d4186ff6d0448fe57202a8bb3fb54c3e86fdce4871e6be21be
- SSDEEP
  
  1536:gKjsuujaehj9z/1lCySRNuZp5Hm4px8gjFiFr4EKHSm2cgT3y8DwLZS2EkzGF++H:P7oXdqd7
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  languages/ca.js
- Size
  
  56KB
- MD5
  
  9ebce00c112dcf5cd8a4770d32dd2f8e
- SHA1
  
  f42f7dc35bfdc2cadcd9709de372bf5c35ba163b
- SHA256
  
  07df1e3bdb4f6b0d53f9dfe00a3502168accf69695851ac92e3de0c3dc361b1c
- SHA512
  
  2154e914b8252a2e956bd46edcd132847cd1ba8303ab95b0544e084522e25a9a227eb94eae5dd5a3cf940420d779dc7abf34aa8e24a050b0ffff322be215a793
- SSDEEP
  
  1536:f3eNqTtcpUGwbDuerJ9JmAqmVpPgH8CfWME+s25HBa0vG5+DoQTJamzGom+1+oT6:f3HTQZwXz2amE+pgB
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  languages/cs.js
- Size
  
  53KB
- MD5
  
  bfd3d979857335937ff82f5af766fb65
- SHA1
  
  25d207bbb3b12be0510c5a0e8fb72d053a16c5af
- SHA256
  
  047543f76bcc25cb34e3ba328aa4321122519124bc2beb6c6c3c52d7a39df6ea
- SHA512
  
  4de4b620d31c812b97c9e56f33e8e0c0214f78fd1793e33ea125063791c84d09d28dc97897a2b1b71c63ba5953ca0c33f8bd616c552a18785e5b8513d46586f1
- SSDEEP
  
  1536:poHaaxTNPO/eZ19zVQl3fTI8FO6bH+hbMD06ymbQquzn6LD3CONtmek0bE65A7bA:+jtNWmidRH/
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  languages/de.js
- Size
  
  55KB
- MD5
  
  579336b0fc67949daa17b880549f402a
- SHA1
  
  2b2aa9378d68bd10e1cde81136111aecb43c0ff9
- SHA256
  
  73b86880a25fbbd243d39fdeb63a1f64aaec231379cae181b17fbe18f2ae4617
- SHA512
  
  ef1cbe0e2e9034b36d5aed0afd28a771637096ea7ac94865ac89402e672f1c6f17ac9d139174e259c20f06d439ee925f446f322ad2e4f2c07f6b4a13587fa373
- SSDEEP
  
  1536:MRJ2Xf8Y09UUIeZIhvzjZlSmvPavPCD+/lhu5ztVIRhCqMWHEPoyXMHWyEZ+Ktfs:OUsed9BmV
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  languages/el.js
- Size
  
  61KB
- MD5
  
  9aa0c35214ba859c6b088b32ae482e33
- SHA1
  
  2f083132417b295b447205ad8b6fbab48e740cfa
- SHA256
  
  d5df0a88e9861621028fa48f56542f5e42dbab98a7a769869219ed85ad239edf
- SHA512
  
  5bd1d773ae080406e419e2dd90737e8dbd7bc80c9aa3d04d5a9f76c1e4444bc1a1a83ed3b4cb2d0545709f2c12b2d1f86cbc48d73c0f99954d37d55c7fc4a46f
- SSDEEP
  
  1536:BAXiQCqAvnpkjchnC9NseYr9zVQl3foUTzO/xm+hbMX2JyKh+h5JAi/f0m91ONte:6SQCRvnpGchn2NN1z9ERHG
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Blocklisted process makes network request

UPX packed file

Downloads MZ/PE file

Modifies Windows Firewall

Blocklisted process makes network request

Modifies Windows Firewall

Reads user/profile data of web browsers

Checks installed software on the system

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32