96e0f2a803195e87752de63e91566dfe74b565d80e3c36efd90d85ec1b3be632 | Triage

Sharing

General

Target

6c2c5d6659efb231d9ad581c9bc2a98e_JaffaCakes118
Size

436KB
Sample

240523-zb633sfd95
MD5

6c2c5d6659efb231d9ad581c9bc2a98e
SHA1

feab504fed043f6c76af14a090496b19fef75f44
SHA256

96e0f2a803195e87752de63e91566dfe74b565d80e3c36efd90d85ec1b3be632
SHA512

da89c4d71aa5251dd94e382488cc35ed23893c8c0fe7bf724108acde6775ed63db01f621337cc8c7f291c9b380769452f9558379ff391729f2dbe507747d9ace
SSDEEP

12288:ZnISpUE+pgz1ON4gwT+tBMjFzrAyxA46elD0I0/UiQTN:ySOE+pgAuOcz7Ak0/UiW

Score

7^/10

collection persistence

Malware Config

Targets

- Target
  
  6c2c5d6659efb231d9ad581c9bc2a98e_JaffaCakes118
- Size
  
  436KB
- MD5
  
  6c2c5d6659efb231d9ad581c9bc2a98e
- SHA1
  
  feab504fed043f6c76af14a090496b19fef75f44
- SHA256
  
  96e0f2a803195e87752de63e91566dfe74b565d80e3c36efd90d85ec1b3be632
- SHA512
  
  da89c4d71aa5251dd94e382488cc35ed23893c8c0fe7bf724108acde6775ed63db01f621337cc8c7f291c9b380769452f9558379ff391729f2dbe507747d9ace
- SSDEEP
  
  12288:ZnISpUE+pgz1ON4gwT+tBMjFzrAyxA46elD0I0/UiQTN:ySOE+pgAuOcz7Ak0/UiW
Score

7^/10

collection persistence
- Loads dropped DLL
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  34466cab38abcbc09ffac768d526f896
- SHA1
  
  2684f5f6c2b005cba812fc8cc1157777554fa3a3
- SHA256
  
  8b4a1e7bf076c20240eb0a46cbdc8b835cfd89265fb78a3c1c5339ab820d2c1c
- SHA512
  
  5c6ae996a81f0fd9d3efe4e61c8683eb833cb203a476772c06eadb48e10e34d05a8fc2c837cf663dcc3a37713bd86694c8eb251868aa5bb42c4b21ba8c8e8fc7
- SSDEEP
  
  192:qcOqW13v5z+dHeMR2QwHu5S9i/yULWWBZYJCSJyejAK72dwF7dBKEw:qcw13v5SdHeMRRKkwsejA+BV
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  6affaef1473695eb1325129879b5d12e
- SHA1
  
  626f362d322bd12543d1255678c70b577b0e916e
- SHA256
  
  df361cd0f1b68f3cfb0aa97a04a6d28eaf2ed4713e9717dbc86b25d46ddb0634
- SHA512
  
  f1d5a4c51e0bd2a644939df3722024d646f9bfc679b04964fc638f00e5191b8c02872f5a298c16f59a59a234d3cf6f929c98daec4d03c757e68ea8ee99580f6c
- SSDEEP
  
  48:im1mAjq8W2MPUptuMMZvx/cmzycNSCwVGfOY0vXpXt/JvR0JTof5d2:F1qBl9RZHzycNSCwV8T8jZR0Id2
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  a436db0c473a087eb61ff5c53c34ba27
- SHA1
  
  65ea67e424e75f5065132b539c8b2eda88aa0506
- SHA256
  
  75ed40311875312617d6711baed0be29fcaee71031ca27a8d308a72b15a51e49
- SHA512
  
  908f46a855480af6eacb2fb64de0e60b1e04bbb10b23992e2cf38a4cbebdcd7d3928c4c022d7ad9f7479265a8f426b93eef580afec95570e654c360d62f5e08d
- SSDEEP
  
  192:aVL7iZJX76BisO7+UZEw+Rl59pV8ghsVJ39dx8T:d7NsOpZsfLMJ39e
Score

3^/10
behavioral7 behavioral8
- Target
  
  $TEMP/glossitis.dll
- Size
  
  72KB
- MD5
  
  38e1a078aaf0a8feea3d3a6317b6e85e
- SHA1
  
  5b35cbdd235366eac93d409e7b5cfe43db444f64
- SHA256
  
  c193d53bc725e9ddcea48506f4f48bea90e665fa145a12ac1a6d1ddd0f6e113b
- SHA512
  
  2b7987f4598d9831e3f53182117e0ca49ead034358211b8fe5ae13377d9950591bf87468c12e315caf575db82cc5d0c46f0d67059d340d4fe2543dba0bc98c35
- SSDEEP
  
  768:v3nHgLuguUvuwnoARRwgVGKwbP8/bt3k86K0V/s+qzJd+8JYK:fALnca1RRwg8KQq76S+iv+j
Score

3^/10
behavioral10 behavioral9
- Target
  
  uninstall.exe
- Size
  
  87KB
- MD5
  
  33a31007ff9cb4f4a2fef2e22b33ca5e
- SHA1
  
  1be6277e76984da795471a7dc5e173a767720025
- SHA256
  
  7ab2d70344ebd729c369e366ce5011ee906bfae9b648a0528eb66764da256aa1
- SHA512
  
  c9dfab5bd3ca5204c28270861da695975b72df46a805f4fb9068b55f032978e253921bf407840834e3ed47443eaebcf336b1d42bbf840b224013af62d8b1e485
- SSDEEP
  
  1536:WoM1dKyOSoYNXoK3LX78JBXJkUFh8gdLeAyN21tRrWsVqQTNAO51WVdh1NW6sM:HM1BjoYNXoKDIJBXJPIceAXMQTNAO7M/
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  34466cab38abcbc09ffac768d526f896
- SHA1
  
  2684f5f6c2b005cba812fc8cc1157777554fa3a3
- SHA256
  
  8b4a1e7bf076c20240eb0a46cbdc8b835cfd89265fb78a3c1c5339ab820d2c1c
- SHA512
  
  5c6ae996a81f0fd9d3efe4e61c8683eb833cb203a476772c06eadb48e10e34d05a8fc2c837cf663dcc3a37713bd86694c8eb251868aa5bb42c4b21ba8c8e8fc7
- SSDEEP
  
  192:qcOqW13v5z+dHeMR2QwHu5S9i/yULWWBZYJCSJyejAK72dwF7dBKEw:qcw13v5SdHeMRRKkwsejA+BV
Score

3^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  6affaef1473695eb1325129879b5d12e
- SHA1
  
  626f362d322bd12543d1255678c70b577b0e916e
- SHA256
  
  df361cd0f1b68f3cfb0aa97a04a6d28eaf2ed4713e9717dbc86b25d46ddb0634
- SHA512
  
  f1d5a4c51e0bd2a644939df3722024d646f9bfc679b04964fc638f00e5191b8c02872f5a298c16f59a59a234d3cf6f929c98daec4d03c757e68ea8ee99580f6c
- SSDEEP
  
  48:im1mAjq8W2MPUptuMMZvx/cmzycNSCwVGfOY0vXpXt/JvR0JTof5d2:F1qBl9RZHzycNSCwV8T8jZR0Id2
Score

3^/10
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

collectionpersistence

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16