General
-
Target
74c54f6cccb6d924bba618c68031d411_JaffaCakes118
-
Size
1.9MB
-
Sample
240526-jhjncscc98
-
MD5
74c54f6cccb6d924bba618c68031d411
-
SHA1
1a85dea4001ec2de1bba0cd04eb09e74a261ca64
-
SHA256
cd8efeeac9e3a9efe818dca544bb0b692f6003799c713d2e965a78b50e112760
-
SHA512
978c724f2e7b5bb324b45b229c4e23232a304bf97851add67b7b32842ff0f280b82069550429385cdfc566adb78e4c3746349e6a74bfbf2f90cc474beb6f24f9
-
SSDEEP
49152:s+VH+OIpKO8+0IMS6iOMryKrA7bRmtjHBZjL:nVHN6KO83gfDyKrA3Rmtjfn
Malware Config
Targets
-
-
Target
74c54f6cccb6d924bba618c68031d411_JaffaCakes118
-
Size
1.9MB
-
MD5
74c54f6cccb6d924bba618c68031d411
-
SHA1
1a85dea4001ec2de1bba0cd04eb09e74a261ca64
-
SHA256
cd8efeeac9e3a9efe818dca544bb0b692f6003799c713d2e965a78b50e112760
-
SHA512
978c724f2e7b5bb324b45b229c4e23232a304bf97851add67b7b32842ff0f280b82069550429385cdfc566adb78e4c3746349e6a74bfbf2f90cc474beb6f24f9
-
SSDEEP
49152:s+VH+OIpKO8+0IMS6iOMryKrA7bRmtjHBZjL:nVHN6KO83gfDyKrA3Rmtjfn
Score8/10-
Creates new service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Registers COM server for autorun
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Drops Chrome extension
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$PLUGINSDIR/NSISdl.dll
-
Size
14KB
-
MD5
254f13dfd61c5b7d2119eb2550491e1d
-
SHA1
5083f6804ee3475f3698ab9e68611b0128e22fd6
-
SHA256
fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28
-
SHA512
fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7
-
SSDEEP
192:t5ZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRYgsfA:fBo/680dCI5adOjFOg9//p27uNw2bo
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
00a0194c20ee912257df53bfe258ee4a
-
SHA1
d7b4e319bc5119024690dc8230b9cc919b1b86b2
-
SHA256
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
-
SHA512
3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$PROGRAMFILES/OnlineInstal/2345.url
-
Size
232B
-
MD5
5a194ffdb3a15d875cf39c0dd9cae829
-
SHA1
ee9bf37250f731903ecf1004e59f1ec9207c65e8
-
SHA256
d22db7f123314dc9a7a3354237c0544a166fd470def8bce90d2eb99fc218a086
-
SHA512
b1c1d7366efb1e4356ff2e6cff0d9a4d89167396ab4fbd92d7a2f8a31cbb049f3a3baf30d0d57d6bc3feea13716ae954c8340f63dae6b2a73605d53c73f9289f
Score1/10 -
-
-
Target
$PROGRAMFILES/OnlineInstal/TTK_7160010020140313_v142.exe
-
Size
1.3MB
-
MD5
c16810b408101624dd321c5928dc4ad7
-
SHA1
5708db9d835aeee0615347d743c00574703f30ca
-
SHA256
d3f07cf241add089b2343d3f41b21612eaa34fc4051dad8c5fb3f3af2eb1f1d2
-
SHA512
bb7d0f03fd64f9d61c7ba7e6f042cce4066928d50fe859077bf07b7a8e55d1f5fe73a53a3d7444b9580858bb4ddb7e0f24a047cb2e4ffa4d23833fe2352df2be
-
SSDEEP
24576:p2XuaQW2H2V++KzvW3oPROy1q34SYOrko8IBRRlUNEDIb:UXB2p+hNyIVcIBQEcb
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Registers COM server for autorun
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Drops Chrome extension
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
325b008aec81e5aaa57096f05d4212b5
-
SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3
-
SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
-
SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
-
SSDEEP
192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
c17103ae9072a06da581dec998343fc1
-
SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
-
SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
-
SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$PLUGINSDIR/TTKInsAssistant.dll
-
Size
525KB
-
MD5
fb68e5c27265be945468aae0828c0831
-
SHA1
c386266e6755273bf69e45072b55afe5bfec2947
-
SHA256
3e2a5aec6416ac6c1a597240203c11cfad7eecf9dc7dfb5584ebeb590dead6c4
-
SHA512
eda06d197ce8520c11bc8da118a729064843b1b28ffb90083be61b33b4f62516415a80d3edc5b42b85de364a28b7f24894bb9971af0b3baff7b1365e1bbb9b78
-
SSDEEP
12288:/D/KJSIl0maioxr//nXHFM6PcBA4H3zxXA:IJamIFrqhHjhA
Score7/10-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
c10e04dd4ad4277d5adc951bb331c777
-
SHA1
b1e30808198a3ae6d6d1cca62df8893dc2a7ad43
-
SHA256
e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a
-
SHA512
853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e
-
SSDEEP
96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420
Score3/10 -
-
-
Target
TaoTongKuan.dll
-
Size
14KB
-
MD5
2a701a3ff0d3c86621d4481e42afd667
-
SHA1
4705660a124608d2f24972944adb9afee2a9df35
-
SHA256
c39ce24980e04038c28580f33fa2ced819d268b7bb03a0e8375361ff0c0587a3
-
SHA512
9097b27a737540afdfb7b2de9abc4d8c5733ae77f25ee57155774b62f0525500d546da6291d5b4626829aa8068ae97ba2b6b27a5f961f0d4f04cc2eb34ae4809
-
SSDEEP
384:qxbiTcTPIjKPOI71N2YL0MCP7J8BoumeMg:qRTP4GffL/HBn
Score3/10 -
-
-
Target
TTKInsAssistant.dll
-
Size
525KB
-
MD5
fb68e5c27265be945468aae0828c0831
-
SHA1
c386266e6755273bf69e45072b55afe5bfec2947
-
SHA256
3e2a5aec6416ac6c1a597240203c11cfad7eecf9dc7dfb5584ebeb590dead6c4
-
SHA512
eda06d197ce8520c11bc8da118a729064843b1b28ffb90083be61b33b4f62516415a80d3edc5b42b85de364a28b7f24894bb9971af0b3baff7b1365e1bbb9b78
-
SSDEEP
12288:/D/KJSIl0maioxr//nXHFM6PcBA4H3zxXA:IJamIFrqhHjhA
Score7/10-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
TTKSextIns.exe
-
Size
66KB
-
MD5
4f9c50ab4ae9ecaff4487dcb8e47b813
-
SHA1
19638f6f041df51d5b3e3d906e1cb3ff2e55d43e
-
SHA256
ba92402097ca71cc20bbf26b618f90ec7d186183fd33d47e56034288453b53d9
-
SHA512
3b5eeb70547fc7bd06b9d08287dba596b48eaa0aca052174d4e366a72e218260731a7d9172b159f38cd8ba584f0bcbb339892c3cabd70e767295a5b30508e13f
-
SSDEEP
768:cuXkP7XfdDb9pYaBvICW04EpT6F/CC3nBT/vjtsHMKbtflHBc:vUP7lb9+alICW0Q/CUD7fwtflhc
Score1/10 -
-
-
Target
TTSIEPlugin.dll
-
Size
120KB
-
MD5
ac16704c77593786c65b273e0719400f
-
SHA1
6d2f5c0f4cdf9c8326b87232627d1eb9699efdab
-
SHA256
07e95ec9e72347f83e1fde63812fb85b36c0f8770effc34bbb574b259cb3ba97
-
SHA512
9f763b192a909d0fa9a38e540fe5a8de0bcc5fc7e621b69d1d254f62820dde3b72c81a69ea70ac44f10ec0fd421d076d7f299370d7af1f55e1a00ad7570b7501
-
SSDEEP
3072:Yri3/UtvEcUzeNK5t0f0RXGg1ZRnmkLDNJqfnQf3m:Yr+/wUqUtFXfZkMBW
Score6/10-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
-
-
Target
TTSIEPlugin_64.dll
-
Size
145KB
-
MD5
40063a55aa8438de2b5aba42218cd81d
-
SHA1
864961262feea4014b5b359cef099778b4cc3e98
-
SHA256
2de26cb75e41daabc16dcb917aa37507e0b334e2d5c5b44763fcf85f0cec48d9
-
SHA512
d406c77aa1377f82c1a4d1426158637fe8d4f1915939006fde4d5fb623b18c3969c45404b92287b9c4701bafb27b5a9a664cee8a5027882156c8b14a65a719d6
-
SSDEEP
3072:xQJxhQcoNwOf0yprdkIgTeeY8bOgNhuWnwefuOiyWQV:x8wPwOf00SNTeeY8fNIn2v
Score7/10-
Registers COM server for autorun
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
-
-
Target
TTSRegPlugin.bat
-
Size
73B
-
MD5
c7e8d764bb3afd9d90122c1e67ab04ad
-
SHA1
4992549ce2c208c804a0b053b798b07dd5e102a1
-
SHA256
92d0cfb9d06cd867d169f4b9f9eb9ccf82ef7d72605a5066e4c2415b667254a8
-
SHA512
89fcc9989ad422b3bb7be906c19a8b42ccddc842def42075aba53203564eaef6ea991162a78f264b819c881927ad4dbbf1b6cf69ca9e2e67d729b0a039ddf08e
Score7/10-
Registers COM server for autorun
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
-
-
Target
TTSUNRegPlugin.bat
-
Size
78B
-
MD5
2e4bbfa4398f945c51b88dd06908b575
-
SHA1
6fe340fe002b328800eb15441bdec0fe9e593c36
-
SHA256
57be3272230d1e47995dc46f511233597436beb8f4c836c64f0de7336312c7d2
-
SHA512
f22c1d63f6f50269e40575920ced2fff05cb01592915dd4b2dee1b85f93355599aefdb05cf57ab9fe78bf922d443d37ec6456ecaa3f8fff7547072dce6e8c474
Score1/10 -
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
4Browser Extensions
5Pre-OS Boot
2Bootkit
2Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
4