bb6b7ebf49d7bb71b60768215b64e7883a8995dd9f145155f3f012874c226ae4 | Triage

Sharing

General

Target

6f0c27e170dd1f14b3f1bf7dc2528beb_JaffaCakes118
Size

6.0MB
Sample

240524-tb2wgabb6z
MD5

6f0c27e170dd1f14b3f1bf7dc2528beb
SHA1

8fbe19631525f33bee06a99e0b67c2c5d26e61f5
SHA256

bb6b7ebf49d7bb71b60768215b64e7883a8995dd9f145155f3f012874c226ae4
SHA512

ed6b78042c51d507a36ce297cd84a232c8242b2fbf6947131c90da8b86fb82353022b267984ee8f0c857ccbe76edf739deef66360ea3856b65addbec6b6d3a58
SSDEEP

196608:IuJQYsSgOos32OkFy1kJZRMrHT6PdkzKEpayJ:NJXoJcidMrzEuNayJ

Score

7^/10

evasion execution spyware stealer trojan

Malware Config

Targets

- Target
  
  OfflineExplorerEnterprise/Offline Explorer Enterprise/BuyNow.url
- Size
  
  148B
- MD5
  
  51e8da89c9f5544f69b22dcb51f54ee5
- SHA1
  
  69ce8f634cbf4375cfe568aae6a0f19b3c192c15
- SHA256
  
  baded27968679c18d7dd46f9fd5853e7df5c6ae55b328f8dd9193bff7fa106b2
- SHA512
  
  1d58fd68d7cb65e313708294863378872b25eff870bb7e32225c5135f959863aaa35218b1ac8bab611bb317ac05d9ed0d944b518cbad51fc4d6a98f020ae3417
Score

1^/10
behavioral1 behavioral2
- Target
  
  OfflineExplorerEnterprise/Offline Explorer Enterprise/OE.exe
- Size
  
  2.8MB
- MD5
  
  5b03cf6713ab28d368a88d0c158f900e
- SHA1
  
  2f7bad10c29a171e4e18ff36ec72e977ad0047fe
- SHA256
  
  725f51fdf6139c5f49010475f049054953cfce930d665b861a806b752e114d6d
- SHA512
  
  f58bfd1144b56422e148fde38daebdd20a2e9e1a8070e40ac8c9b6f42b2c7d625fbe1f93c92ed6592410d585c2742e166cc2b6fc881749d78dd399996b21b499
- SSDEEP
  
  49152:crYeBJcn18Jq5kgRrY0Cbdr9jJe5bqRqnLRwUqfxVL6ARKaIoJkmnEliD7tcwro:oYcq80lRbURdehq66ZVWR3ovXxFr
Score

7^/10

evasion spyware stealer trojan
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks whether UAC is enabled
  evasion trojan
behavioral3 behavioral4
- Target
  
  OfflineExplorerEnterprise/Offline Explorer Enterprise/Support.url
- Size
  
  126B
- MD5
  
  dc36ac81b0e7afecbe363584241154b3
- SHA1
  
  8e3ab3654892e215709f26002c10d687c383a924
- SHA256
  
  d2f3ff51e7b7036303dec9c090b117b0449e75a67f36141db36deb5b55754161
- SHA512
  
  e0591579836130d549eb80d696c45625b813bafe234f8b423fe4f6b1ca2d8882d88b2144edeee5794ea44e9351f5ffa74762c48f705bed2982c2a0a9f7c0543f
Score

1^/10
behavioral5 behavioral6
- Target
  
  OfflineExplorerEnterprise/Offline Explorer Enterprise/VBSample/frmMain.frm
- Size
  
  6KB
- MD5
  
  6094ad96969084cb50201205a9baec51
- SHA1
  
  5fe9f33d33b91dc91d0102ec45f784c77b08d623
- SHA256
  
  0ed437b5b59ae6c69572bb18b80bbaca5e6450fb443f72940180fa98ab773fcd
- SHA512
  
  494dd08fe8a7892787f1455e80ae6cb49e89963bcadec3eb1d17cfd222e2a2aabb628e45b09acca423e0290563d5f6f1df02be6112ba5fa224a1f14e534ad510
- SSDEEP
  
  48:tcUGevPac96sqfVxSKNEx+LqD/UGsyHsGgo8QcpQyUXn67XsbhsdzovwivbfBwBk:tckPaaq+KusrCbWdWpMKayDR1Jjv/sQ
Score

1^/10
behavioral7 behavioral8
- Target
  
  OfflineExplorerEnterprise/Offline Explorer Enterprise/VBSample/oee_sammple.exe
- Size
  
  252KB
- MD5
  
  82a8d10c2d5eb5640ef8769a93ec29f6
- SHA1
  
  f3631b8dc7cae171aede589dd2c213d4daf81698
- SHA256
  
  18b4e0248e82684d5a22a926a772cdd85b764a3001d394865c8090deec00586d
- SHA512
  
  d52ea6c93e37df9dac67442d6512382c06b4e7c0b2639f0fd81d426c5bb8868cbca3df50015bfc9d657bd2b2a76750151268aefaf46b0d1c9b1a3f76a76fcd46
- SSDEEP
  
  3072:3G8Ngxuwn/2T/JeyA/ndPxeKKgy6tMH6nFrqPUoGi7dVE5bzrdKlATE8AiH/D:2ag5n/P/ndPxlty5utqPUZc+3tE8
Score

1^/10
behavioral10 behavioral9
- Target
  
  OfflineExplorerEnterprise/Offline Explorer Enterprise/WebSite.url
- Size
  
  145B
- MD5
  
  6d7fdd0577d9f7633f4b1e1014e45e84
- SHA1
  
  218c778f85d5ceef7671fdb021f86032add3cf09
- SHA256
  
  044f2148d2f52db17ab2acdedf4bc81a5c99867f402c3af3dcbc3bd11d0cbdef
- SHA512
  
  fe14215670b07176c97053ee1f1ae701ed79257edcbf2b2a820bd5855f4544019f317ae9c9f4c66e360ad141f17736c8c6fafe3eeaaa114317db0875022f7e1c
Score

1^/10
behavioral11 behavioral12
- Target
  
  OfflineExplorerEnterprise/Offline Explorer Enterprise/ftpupl.exe
- Size
  
  257KB
- MD5
  
  e8696dcaa2b3825aac15fd98bd3777a2
- SHA1
  
  eeb7626db21399f490ba90095842516c9db26c09
- SHA256
  
  c20b94e6953f3c4ebf914d07787168abb8c5e94f66a9d910882bfc7682790f34
- SHA512
  
  9743a0223e290246aa0a01f8651274ec73fb59e2c652b2563ad31f2239c70f10cc40281a5bde3fe12a07446a7cc51b5b01bd1b4f9daf8b97651fad12c43636e3
- SSDEEP
  
  6144:C4iMV2gikaNxKziT0oiKkdK2xOiUlq5Zvi9GPdOe:7io2gik5oiKKzN71F
Score

1^/10
behavioral13 behavioral14
- Target
  
  OfflineExplorerEnterprise/Offline Explorer Enterprise/gdiplus.dll
- Size
  
  1.5MB
- MD5
  
  81246ebdc2139bad569503f10dbed1ab
- SHA1
  
  2f48937029647ea114c510e3337704ab5c995d6c
- SHA256
  
  0d0ca1dcacdeff34b62a299df13030aa0d5889576f971f990cab5c26c71fafc6
- SHA512
  
  b20f37c2a7ebab96b01f886a890cf0fb649e0d769e718060535ec4852739b08ceead7ba373f69f68b2015a5ac15ac37e928431c033b8089df815812cd9d33fec
- SSDEEP
  
  24576:0k18V2mHkfIE3Ip9vkWEgDecZV3W9kpOuRw8RhWd5Ixwzr6lOboU7j97S9D+z9lj:0ZNkf+uW3D1ZVG9kVw8I5Rv6lwH9+Iy6
Score

3^/10
behavioral15 behavioral16
- Target
  
  OfflineExplorerEnterprise/Offline Explorer Enterprise/keYgeN.exe
- Size
  
  240KB
- MD5
  
  329d102342793fb2a121f99bf681254f
- SHA1
  
  68cf06f843804d28f2807ac22ee386ee60eb6bab
- SHA256
  
  a820cc17d94d80b2988de58e998a33e500419ee26ec0c38e105cbb5fecc642ff
- SHA512
  
  f9425ee30613eb45aaff5736b75360285bd166d3c745a6d0d7de273f16241d8dfc8375bf96d6abd62c64d1462ddd4745cd2a882754dc4dc33147cf0eae21cb0e
- SSDEEP
  
  6144:GBgoxV3jx4SHWD54k+bSwd9s59VEcAoo6A91exSd9odYThjFX:GBgoxT9k5PK9o9i6AH/dwYThjFX
Score

1^/10
behavioral17 behavioral18
- Target
  
  OfflineExplorerEnterprise/Offline Explorer Enterprise/lucene.dll
- Size
  
  395KB
- MD5
  
  c46cf8f3dd4404bd77f60ed24d043465
- SHA1
  
  19d1d5aba7aa50604f142e84c862c6039144fafa
- SHA256
  
  95401de50a76ca568a7870f80f38a25ae3210c7a338d8f61e98383a89bc9b837
- SHA512
  
  d8469258f52da6ff39f9590a2f1b6c1e33c044dc1b73a3078c48790e3bb9addae7afc5426e05db97602034c534070f71912df06a8517190ad5b56e035589d157
- SSDEEP
  
  6144:G9vjIfkBWHhIv9UfQKR0NETCAJDn4IWFdOjG9RvcvYfAODvumKcHeG:G9vUfpBIvqXz43FdyYfxvVKc+G
Score

3^/10
behavioral19 behavioral20
- Target
  
  OfflineExplorerEnterprise/Offline Explorer Enterprise/mfile.dll
- Size
  
  140KB
- MD5
  
  5bb8d0e82e86c9109e6e65a5c292e6ed
- SHA1
  
  7892551993f8f1acee6b33e27b157af24dc5ab50
- SHA256
  
  62c0fbb7d57b37f41a962afa3273b03a3fa06d564e897422e9355f1e9d1393f7
- SHA512
  
  a1333f2080363f84e79aad7f20f1283a58f1283ea3b9779c2dd495e7b3617dc31b6d61bae3429a09695baf8578b8c57748026184111a7866450f37044dc615e2
- SSDEEP
  
  3072:AcUn1hDcNbheRYgw0K6Ag0FuHaQchKFE4:AcUn1hDOQYgwn6AO6
Score

3^/10
behavioral21 behavioral22
- Target
  
  content/mpint/mpintDOverlay.js
- Size
  
  4KB
- MD5
  
  6f43f8007b942ebc2a4ebe36e0279b46
- SHA1
  
  929602d005db11e8a3e202a6d752b2ea7b43f8b8
- SHA256
  
  6b6ed4586f56e1b36b1a4632fc58a473c157b591b67e0212dab7cbcac72cbb47
- SHA512
  
  7f1c1007611221c2635db77db30aebfda2be77ee19257352f79f1e6ee6b427aec983910e3db3d37bf7395e545f5a5566cdeb373b617d022bb7c4dbab77b66cc6
- SSDEEP
  
  96:qLopjn1xHjA1Uu8QFLMQFofGuPC4MwLCiP68R0Fy4hJ5QFCM9g:qLqjn1xHjA1Uu8kMdOuhfJPnT4hJ53M6
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  content/mpint/mpintOptions.js
- Size
  
  4KB
- MD5
  
  29798feb475974e6a59c031ce2d8dbce
- SHA1
  
  a5d2f5d4bac5c2a06e4544e68e901ae04eedf398
- SHA256
  
  551d3ff1ecf7dc77098492017b8bc8198504c99491d6577cfdf2506a3bcaa64e
- SHA512
  
  d52c73769f6462c4772f4cb22e2efc8a2827debcf39945fb4e0c2314899e797736d7fff5ba63965178da8beee87b84f7398572b644418f428f5fbce65839c12d
- SSDEEP
  
  48:mSwnfImJBNWWJcRdYf371uZYuzDg0igH/DmZveU5ArveFo/UkIyZQDIX7DNrcrMW:PsXgZxXrrmZvexveFoc+ZQ2vhIL
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  content/mpint/mpintOverlay.js
- Size
  
  6KB
- MD5
  
  24a23b55298886421ba7339dc82a23f2
- SHA1
  
  06191c731b52e7176a7a9fb027f325f460195ced
- SHA256
  
  71278b2db762f791150f3e0612db029f634aa35ab91eae30a6748a5f151dcbfc
- SHA512
  
  2ccf7f7c9d67bc08047062583d88fd7662c2bf14d62eda03228bda932c2945590415c7d3d3d077c373ea7639ec6953344ad423df6ae7ce697ab0a46cdee7b426
- SSDEEP
  
  96:6Wi7/51bCJsub5yjgKFR1q7Ejwg/66pRxy8GiSNrf:6H5FCKub5ogKH1q7Uhi6pLGisrf
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  content/mpint/mpintcommon.js
- Size
  
  19KB
- MD5
  
  aa3796f99e6538f8cb93ff5172189319
- SHA1
  
  ec81447fb210c3b9745550d3efd64a9bc4c58d8e
- SHA256
  
  f1ea1d079c64c35300de4adeea44052b8d0a77ff22f68daf2a1769fe48289e7d
- SHA512
  
  95cbee517e17693c9cd60624f0fcfaa22b02cdd9f5f0ce47be0b245190058d9dd20d4962b12cae6674d8e5fafba1a29ae36dbd75fa336057061c55c8ef9bf32c
- SSDEEP
  
  384:Cs0MkQ28yTRE24GRgyvx1B6xx9jG6gafHlwUk:dyLhRgyvx1B6xvHHlwUk
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  components/mpint.dll
- Size
  
  28KB
- MD5
  
  de1aac5c7189ef5007f18224b06a886f
- SHA1
  
  f214d75b8961840dab4da1509f7d0192d805b1e8
- SHA256
  
  be9a6355e8758e511a8517ddee4ab8082040ac0caa076c6ff099d7ee04e0c64e
- SHA512
  
  6187c4711863d6df081358d280a8e76169c51fd606b3fb2d5c9376346b2c4ae06b9a2e2ad386a2198334de4fda07f453245716e78bd617abdc9c8ff9a3b7a4b1
- SSDEEP
  
  192:8EI8VgSEug1FpNIiOGZfFKN7gcvRJNtSIsp6ZhjVZT3N1nM7gDryfo//1v5I2uzP:3EjRhZ9KNEWf26ZpTvnM7gDryfeIfzP
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

evasionspywarestealertrojan

behavioral4

evasionspywarestealertrojan

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32