a52ba33e7b386e933d1a6ae99f257315935d4c68cd21f91e987d327683f9c990

Sharing

Copy URL

Twitter E-mail

General

Target

6d2252d1f81e4a89059e7fbf6d4d0ecf_JaffaCakes118
Size

8.8MB
Sample

240524-djz4vaah98
MD5

6d2252d1f81e4a89059e7fbf6d4d0ecf
SHA1

fd182a7b2236b0bf447ac940d26b230fc75c54f3
SHA256

a52ba33e7b386e933d1a6ae99f257315935d4c68cd21f91e987d327683f9c990
SHA512

cfa5ead005026c01a3a72eca8d1a50ccce02283146f6e6ba99945d3e25879b7314a392cb342e8018b860b16dc10ff6db08168815a4fad84a49f9cb43f4676871
SSDEEP

196608:EwWfZ4PDKMxSIFQColSp5oNeW7f9VBQWwigouggCJEmvPjUide:1WfZ47X4QolSXglfiouggC2m4D

Score

10^/10

Malware Config

Targets

- Target
  
  6d2252d1f81e4a89059e7fbf6d4d0ecf_JaffaCakes118
- Size
  
  8.8MB
- MD5
  
  6d2252d1f81e4a89059e7fbf6d4d0ecf
- SHA1
  
  fd182a7b2236b0bf447ac940d26b230fc75c54f3
- SHA256
  
  a52ba33e7b386e933d1a6ae99f257315935d4c68cd21f91e987d327683f9c990
- SHA512
  
  cfa5ead005026c01a3a72eca8d1a50ccce02283146f6e6ba99945d3e25879b7314a392cb342e8018b860b16dc10ff6db08168815a4fad84a49f9cb43f4676871
- SSDEEP
  
  196608:EwWfZ4PDKMxSIFQColSp5oNeW7f9VBQWwigouggCJEmvPjUide:1WfZ47X4QolSXglfiouggC2m4D
Score

10^/10

discovery evasion execution persistence spyware stealer trojan
- Windows security bypass
  evasion trojan
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Creates new service(s)
  persistence execution
- Drops file in Drivers directory
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/IpConfig.dll
- Size
  
  114KB
- MD5
  
  a3ed6f7ea493b9644125d494fbf9a1e6
- SHA1
  
  ebeee67fb0b5b3302c69f47c5e7fca62e1a809d8
- SHA256
  
  ec0f85f8a9d6b77081ba0103f967ef6705b547bf27bcd866d77ac909d21a1e08
- SHA512
  
  7099e1bc78ba5727661aa49f75523126563a5ebccdff10cabf868ce5335821118384825f037fbf1408c416c0212aa702a5974bc54d1b63c9d0bcade140f9aae1
- SSDEEP
  
  1536:CPDzpyvLtmY7SeAmhPzV8+i7kRuACUxHf91MionF9JTwrLPG5zfO+lP7:UZl1e7L4ARzC3dwrLPG5zG+lP7
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/MoreInfo.dll
- Size
  
  7KB
- MD5
  
  80e34b7f576b710d100f6e7c0bed0c2e
- SHA1
  
  2b5b895034d41ee0d0d01bf650594ad0d1346662
- SHA256
  
  569d62345f6c915236772fa2575d1806cd2bfe089505807cb477618f1eeccf99
- SHA512
  
  f5970c192b7089040fd1cf26e5cab131879b91722dff0216cdc735f9cfde1eda061409b579eb0f11e3b32e5513e34bbedd4050b75bb1b2acc81be814c2c6c59b
- SSDEEP
  
  96:lvIIAHGrJ65YtNxxDuekBSE4OTpsxKaVK4:5IVA65CNxIHk9ayxKaVK4
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/NSISList.dll
- Size
  
  97KB
- MD5
  
  2e0785f18f8714393bc4bc1fe170eadf
- SHA1
  
  1efba431c0fac46c6cb6f60dc08f65a0e23ccf3d
- SHA256
  
  e68d65626b24e7c1f6fbe1001f43174d0243095181025736f37ad704662f4351
- SHA512
  
  8a272bb264fa066960a4f34411a81652839eccdbc6fa25be20c0b94d7d10b16cb568338abb5d1a96c155cbc4bc7923d0387fa36bed69c1021296cc6cc5fbb45e
- SSDEEP
  
  3072:MoENnpXlyqLIslzjPfJ4/EiJtu0s+8Q0wRwFP:MoEf1ySz6Jsx5
Score

1^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/brh.dll
- Size
  
  840KB
- MD5
  
  355c877b0a9c80d27eca9a480bf5fd5d
- SHA1
  
  af1d07a1d11d7f3e24d84324cc0cf70849da9338
- SHA256
  
  2e484b9053b5e155608fd10da190d4ee92c2286eea2a3f2ee6c564f24e8c1bba
- SHA512
  
  b2f115824617c9c23ef9df3b89f0cba6852071cd997ecb543cf1ca9c72fdefa636a74d25393c70c4ae2f602f499d5704c0917e8036c81537f8e07f0c0ee50250
- SSDEEP
  
  12288:FvnZF0XRBJ+csqI7I82c9LOsgxzO84KLdOsG6y8f:FRF2RBJ+qoXkI84KgN0
Score

1^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/inetc.dll
- Size
  
  21KB
- MD5
  
  d7a3fa6a6c738b4a3c40d5602af20b08
- SHA1
  
  34fc75d97f640609cb6cadb001da2cb2c0b3538a
- SHA256
  
  67eff17c53a78c8ec9a28f392b9bb93df3e74f96f6ecd87a333a482c36546b3e
- SHA512
  
  75cf123448567806be5f852ebf70f398da881e89994b82442a1f4bc6799894e799f979f5ab1cc9ba12617e48620e6c34f71e23259da498da37354e5fd3c0f934
- SSDEEP
  
  384:oW4gLK82JvtosNCPhXKJ18hcEP1+f+pvMPbkdTg1Zahzs60Ac9khYLMkIX0+Gbyk:oW4i/2JloB5IQ9AhkwZaKRu
Score

3^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/md5dll.dll
- Size
  
  8KB
- MD5
  
  97960d7a18662dac9cd80a8c5e3c794b
- SHA1
  
  4c28449cefa9af46bb7a63e9b9ea66a2de0ea287
- SHA256
  
  e0d1dc6e4c5cc13fb2db08fc741da0d08b315ebc8d3b53baa61552625d19b9c3
- SHA512
  
  1baab7b5378f3a396b31bf63b01b7905759c9f1d17d71882af63338d64eceda1884c947d93e4d9ef911bded1ef061043c873a88b8272f1aa296731aa745e756c
- SSDEEP
  
  96:+X4qYlYGflug0Dvxn6GuKM9sh1gdrN9+oB7FT9ez3vzrGogZcko5N1:+XMhugRK8hl+jvnZkKP
Score

3^/10
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  acc2b699edfea5bf5aae45aba3a41e96
- SHA1
  
  d2accf4d494e43ceb2cff69abe4dd17147d29cc2
- SHA256
  
  168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e
- SHA512
  
  e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe
- SSDEEP
  
  96:M7GUb+YNfwgcr8zyKwZ5S4JxN8BS0ef9/3VI9d0qqyVgNk32E:eKgfwgcr8zylsB49Ud0qJVgNX
Score

3^/10
behavioral17 behavioral18
- Target
  
  $TEMP/$_144_
- Size
  
  3.8MB
- MD5
  
  7ede9c63f9a5134eb50eb928c0c5aabf
- SHA1
  
  86d2cf7837cd460043835e8661ae5239c6f59fb3
- SHA256
  
  fdc3ac6e64545a4d500e7649203c9fe058c571065e98ae8a0002524879ba3c77
- SHA512
  
  7786a98dd74b769bae06e8679b093c134adffeb9bb29d89fc716498fcb900e000c320bfca178610126d5f6a3eeb9a450ac9ea0c8d292a7e6e01ccecd109a9389
- SSDEEP
  
  49152:oexhc4FrUKxYoDjU8foiL0ZN6wo5jsoYWEToHIouelzxQjAU4+vHhrv/Trah:pxK4iKxYsI8jNs7hTeBVQ0UfvBrv/qh
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral19 behavioral20
- Target
  
  $TEMP/$_1750_
- Size
  
  3.8MB
- MD5
  
  7ede9c63f9a5134eb50eb928c0c5aabf
- SHA1
  
  86d2cf7837cd460043835e8661ae5239c6f59fb3
- SHA256
  
  fdc3ac6e64545a4d500e7649203c9fe058c571065e98ae8a0002524879ba3c77
- SHA512
  
  7786a98dd74b769bae06e8679b093c134adffeb9bb29d89fc716498fcb900e000c320bfca178610126d5f6a3eeb9a450ac9ea0c8d292a7e6e01ccecd109a9389
- SSDEEP
  
  49152:oexhc4FrUKxYoDjU8foiL0ZN6wo5jsoYWEToHIouelzxQjAU4+vHhrv/Trah:pxK4iKxYsI8jNs7hTeBVQ0UfvBrv/qh
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral21 behavioral22