209a4474cb7f906d4fd6c7df839841b7944b4917ec5f65bc0c92acfa552f9040

Sharing

Copy URL

Twitter E-mail

General

Target

7c370cb3eb7c9e2efb5f9b053ec3065f_JaffaCakes118
Size

2.0MB
Sample

240528-jk2lysce62
MD5

7c370cb3eb7c9e2efb5f9b053ec3065f
SHA1

21eb73bf2731ebd7b716bbc0e22498eb7dd00115
SHA256

209a4474cb7f906d4fd6c7df839841b7944b4917ec5f65bc0c92acfa552f9040
SHA512

c81f35d70702c3bd36dde354c456bc11644858400e95ff07f16d8310d75c971e2f939c487d01a05487dfc4b82186bcd446fbc7b1a133b210e0c09c6894047452
SSDEEP

49152:eaft/3yR4Epqwlvj1CPExyS+vXqKNoM+iiNH:jVqkmvjDy1N5+iid

Score

9^/10

Malware Config

Targets

- Target
  
  7c370cb3eb7c9e2efb5f9b053ec3065f_JaffaCakes118
- Size
  
  2.0MB
- MD5
  
  7c370cb3eb7c9e2efb5f9b053ec3065f
- SHA1
  
  21eb73bf2731ebd7b716bbc0e22498eb7dd00115
- SHA256
  
  209a4474cb7f906d4fd6c7df839841b7944b4917ec5f65bc0c92acfa552f9040
- SHA512
  
  c81f35d70702c3bd36dde354c456bc11644858400e95ff07f16d8310d75c971e2f939c487d01a05487dfc4b82186bcd446fbc7b1a133b210e0c09c6894047452
- SSDEEP
  
  49152:eaft/3yR4Epqwlvj1CPExyS+vXqKNoM+iiNH:jVqkmvjDy1N5+iid
Score

9^/10

discovery evasion execution persistence spyware stealer upx
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Blocklisted process makes network request
- Drops file in Drivers directory
- Modifies Windows Firewall
  evasion
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  23KB
- MD5
  
  125aebb055446fb52aa5956cf99e8a9a
- SHA1
  
  6b58fd08a8ff2763219cc6b0dcdb875f9970f850
- SHA256
  
  2e1b11ee20e5061ea86dc6b01e3efc659e887540afcab7317cdfd6a8eff87ec3
- SHA512
  
  5f85e48bd3ae2fd2be0595b93cbf74674e0281210688dcc73691178b295a702e8d43898afb6e5d8b7e82de98b4ee28194c9838ddf8279cde85f7fe48d34dc8b7
- SSDEEP
  
  384:7AQ5GjarYFU76ffyEIPb9p206QrHwIl8ToknCLJy4k9KyFkKCKWin/aY+:72XixPbPD6gQikUywWkKx/aY+
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/ask.exe
- Size
  
  174KB
- MD5
  
  fac0274b791a442b44a6bdb052afa88d
- SHA1
  
  7b36694b1c61a820e54d04df6e28e83b54b32de8
- SHA256
  
  b03adb8851703fad0dfc74f21e537c8834f1305cfd0cfe765b107407794a0b5f
- SHA512
  
  9e7f75d8332d0d580bbb554de7e05dc1bf0d16eec881571dd17c21e0871b2cd5f7cf6f90ef888fcb481951a0aab387174d563c7e2b993850b7b890a5760c0ba9
- SSDEEP
  
  3072:4X7DItrfaocyTgfsqQOlJI0glTLiyIwmTWzec6E83No7G+97gIWpq:4saocyLCAlXiyTmTW58Nepcjpq
Score

8^/10

execution
- Blocklisted process makes network request
- Loads dropped DLL
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  23KB
- MD5
  
  125aebb055446fb52aa5956cf99e8a9a
- SHA1
  
  6b58fd08a8ff2763219cc6b0dcdb875f9970f850
- SHA256
  
  2e1b11ee20e5061ea86dc6b01e3efc659e887540afcab7317cdfd6a8eff87ec3
- SHA512
  
  5f85e48bd3ae2fd2be0595b93cbf74674e0281210688dcc73691178b295a702e8d43898afb6e5d8b7e82de98b4ee28194c9838ddf8279cde85f7fe48d34dc8b7
- SSDEEP
  
  384:7AQ5GjarYFU76ffyEIPb9p206QrHwIl8ToknCLJy4k9KyFkKCKWin/aY+:72XixPbPD6gQikUywWkKx/aY+
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  11KB
- MD5
  
  790d227d847f7571c8d58a79057a469e
- SHA1
  
  75c347b1441383c61166b615dfd6e7e65b04629f
- SHA256
  
  37e99ab9db0045870e31db147438cf0c69b6fcdec4f3737a9743c447cbc0c3c0
- SHA512
  
  5821605bfb3e57ddfcc1a74829968814aae92b13cb713ef3628913d9112d493117e8aa9cc437770facdcd2d4bd1e53a271d491e6b4d3e4cff53bd027f4b07f4c
- SSDEEP
  
  192:WyeiCdfR0gDj2dtr03OOM9X89jqcZNckLYKFaYWOdIyHWsK:adpjHY0tM9X892nkLJvWOdTHWs
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  8KB
- MD5
  
  249ae678f0dac4c625c6de6aca53823a
- SHA1
  
  6ac2b9e90e8445fed4c45c5dbf2d0227cd3b5201
- SHA256
  
  7298024a36310b7c4c112be87b61b62a0b1be493e2d5252a19e5e976daf674ce
- SHA512
  
  66e4081a40f3191bf28b810cf8411cb3c8c3e3ec5943e18d6672414fb5e7b4364f862cba44c9115c599ac90890ef02a773e254e7c979e930946bc52b0693aad7
- SSDEEP
  
  192:r/QeHNWSvUTfWdXw08LYKFaynLb3MRlbOVlR:7jBvwudT8LJxnnMRlyVlR
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/ping.js
- Size
  
  497B
- MD5
  
  17f3d5334f9123558915c180f73ebbbe
- SHA1
  
  423a865524b2d5981deee06197430ccb47444506
- SHA256
  
  34d45cff2d0b7d11472fde24e899bcd277e396b29e7ac6ca88662889f4433057
- SHA512
  
  240dfeae556717448d8882373b46839802938242dab18c4d819337d0f9769411afffba0986430508209c6c411d9cfa9b7384c435bc4b3b0e03decd10edd09776
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/md5dll.dll
- Size
  
  6KB
- MD5
  
  0745ff646f5af1f1cdd784c06f40fce9
- SHA1
  
  bf7eba06020d7154ce4e35f696bec6e6c966287f
- SHA256
  
  fbed2f1160469f42ce97c33ad558201b2b43e3020257f9b2259e3ce295317a70
- SHA512
  
  8d31627c719e788b5d0f5f34d4cb175989eaa35aa3335c98f2ba7902c8ae01b23de3ccb9c6eb95945f0b08ef74d456f9f22ca7539df303e1df3f6a7e67b358da
- SSDEEP
  
  96:GL2PcvGn5olZMTZxEp8agTsflVwn4GogZcko5N1ub:U2Pxn5UZMTZipyaw4ZkKP2
Score

7^/10

upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  11KB
- MD5
  
  790d227d847f7571c8d58a79057a469e
- SHA1
  
  75c347b1441383c61166b615dfd6e7e65b04629f
- SHA256
  
  37e99ab9db0045870e31db147438cf0c69b6fcdec4f3737a9743c447cbc0c3c0
- SHA512
  
  5821605bfb3e57ddfcc1a74829968814aae92b13cb713ef3628913d9112d493117e8aa9cc437770facdcd2d4bd1e53a271d491e6b4d3e4cff53bd027f4b07f4c
- SSDEEP
  
  192:WyeiCdfR0gDj2dtr03OOM9X89jqcZNckLYKFaYWOdIyHWsK:adpjHY0tM9X892nkLJvWOdTHWs
Score

3^/10
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  8KB
- MD5
  
  249ae678f0dac4c625c6de6aca53823a
- SHA1
  
  6ac2b9e90e8445fed4c45c5dbf2d0227cd3b5201
- SHA256
  
  7298024a36310b7c4c112be87b61b62a0b1be493e2d5252a19e5e976daf674ce
- SHA512
  
  66e4081a40f3191bf28b810cf8411cb3c8c3e3ec5943e18d6672414fb5e7b4364f862cba44c9115c599ac90890ef02a773e254e7c979e930946bc52b0693aad7
- SSDEEP
  
  192:r/QeHNWSvUTfWdXw08LYKFaynLb3MRlbOVlR:7jBvwudT8LJxnnMRlyVlR
Score

3^/10
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  4KB
- MD5
  
  05450face243b3a7472407b999b03a72
- SHA1
  
  ffd88af2e338ae606c444390f7eaaf5f4aef2cd9
- SHA256
  
  95fe9d92512ff2318cc2520311ef9145b2cee01209ab0e1b6e45c7ce1d4d0e89
- SHA512
  
  f4cbe30166aff20a226a7150d93a876873ba699d80d7e9f46f32a9b4753fa7966c3113a3124340b39ca67a13205463a413e740e541e742903e3f89af5a53ad3b
Score

3^/10
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/nsProcess2.dll
- Size
  
  35KB
- MD5
  
  6e96ea8b0dfdb326c0852a5b64d920a6
- SHA1
  
  5ea182cb6ae5c104ca064fa8464df8ed1904eaa7
- SHA256
  
  b8762c09c2b45fc836c65a9052951de05177651d278e4cf154c754d9f5573e7a
- SHA512
  
  02d0bd8f16ddad829b80764926f1e6dcfb35b60fbce02bec0a7fc2011164d86f633074af012de71fae33b90732ec4c7633f8a70ab24c19717926757f9c56fb4f
- SSDEEP
  
  768:TTc0PYmtVrjWQ7P4hEnn2OEDgzAwvc3F:Pc0P7VrjWQMw6Z3F
Score

3^/10
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/ping.js
- Size
  
  497B
- MD5
  
  17f3d5334f9123558915c180f73ebbbe
- SHA1
  
  423a865524b2d5981deee06197430ccb47444506
- SHA256
  
  34d45cff2d0b7d11472fde24e899bcd277e396b29e7ac6ca88662889f4433057
- SHA512
  
  240dfeae556717448d8882373b46839802938242dab18c4d819337d0f9769411afffba0986430508209c6c411d9cfa9b7384c435bc4b3b0e03decd10edd09776
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  $PROGRAMFILES/Bench/BService/1.1/bhelper.dll
- Size
  
  52KB
- MD5
  
  72b1a3d56f812839ae5ba3420a5ed812
- SHA1
  
  0fadb783c6c38284e5819bcaded2a1c50503f7af
- SHA256
  
  cc54e42139a9f01777833c5fbe9e545e008c74b6fa0abbc37d6d29d9976098be
- SHA512
  
  5bca01f36822e4345c792e9a65cb9823bed6ab8e7406906e089731c464056b9330dee014a968a5b4c069e72f682cf8167b131e6cc5cdb5478eb36aef6994b2b8
- SSDEEP
  
  768:/pPo7MYMiGRHPG0QXBfEte2LhTkk1qDJi22SvOUnDEDDmIGgEKA:0MYMieHofidTkepaFKA
Score

3^/10
behavioral27 behavioral28
- Target
  
  $PROGRAMFILES/Bench/BService/1.1/bhelper64.dll
- Size
  
  108KB
- MD5
  
  1ee6f52ca4a576a5a21f11bc91634fa1
- SHA1
  
  cc88403e0541a0f8ab9ebc3beb4eef27132cee1d
- SHA256
  
  eee40028b8d3074cdd8c44714c04ee514578fddc21bcad9fb35624b4ab3e7865
- SHA512
  
  1295e08d0cc43c6297ede90aff02f75783939dfe39b6a93de0a701de2e2c84325e6b17374e4adcdf975579935c2cbd6ba39c840ec2bbe2e0bb5908921298d106
- SSDEEP
  
  3072:NJHbTyRbZEkU8lQYU8j6A6pTmAFWnv23iNQtm:z7Ty5gMQYU8j6pgAF2uQQt
Score

1^/10
behavioral29 behavioral30
- Target
  
  $PROGRAMFILES/Bench/BService/1.1/bservice.exe
- Size
  
  51KB
- MD5
  
  a7bea13873210cdfccb51f54c2799a83
- SHA1
  
  ccfcd73f208f834c854e46e6f31db11aada5cf08
- SHA256
  
  e5f5765909b57d992640fb4a48815b0b4e84588b98eef61423dc77e8dc1afa26
- SHA512
  
  435a16fda6cc3b9e5087e3747a262e05341f89a96529eea182875ca86f23fd23f21a0759973c3f08a8114f2cd2fd589401f3188f08481730deb06fac8d5d00fe
- SSDEEP
  
  768:zH+3XoM2+oSDwnCP09fAnu4hgrWh8Nrn29ED355STkRkoI:wXoM2+1MCs94nP2N7LsYko
Score

1^/10
behavioral31 behavioral32