General

  • Target

    89c55b3ce90e0aa737ef7f77326ac316_JaffaCakes118

  • Size

    13.4MB

  • Sample

    240601-jf1tvseb8v

  • MD5

    89c55b3ce90e0aa737ef7f77326ac316

  • SHA1

    9d4f9b5b7f2548b488cf5ad977731d96d5ec89a4

  • SHA256

    1102534d7ed22c361f26d196c9170d977ea3b0eb8b4ce5746236e3e2418451a4

  • SHA512

    2894c813252a73ba494f059c1a25d92abb033f22e6c56ef23b9694fb1ea9f81f8ba141d7d097f93f8463d2fe72288eebc589355bc831fa713a46b08f26c30a3e

  • SSDEEP

    196608:npe6XKEkziIokPfo+tIcQ9wBgh72SWHr3WpHAVoZ+obe4TIm1GaNWmdPoZfW:npeWp/c4+tIhsg9W3W5koUoLTIm1GQv

Malware Config

Targets

    • Target

      89c55b3ce90e0aa737ef7f77326ac316_JaffaCakes118

    • Size

      13.4MB

    • MD5

      89c55b3ce90e0aa737ef7f77326ac316

    • SHA1

      9d4f9b5b7f2548b488cf5ad977731d96d5ec89a4

    • SHA256

      1102534d7ed22c361f26d196c9170d977ea3b0eb8b4ce5746236e3e2418451a4

    • SHA512

      2894c813252a73ba494f059c1a25d92abb033f22e6c56ef23b9694fb1ea9f81f8ba141d7d097f93f8463d2fe72288eebc589355bc831fa713a46b08f26c30a3e

    • SSDEEP

      196608:npe6XKEkziIokPfo+tIcQ9wBgh72SWHr3WpHAVoZ+obe4TIm1GaNWmdPoZfW:npeWp/c4+tIhsg9W3W5koUoLTIm1GQv

    • Enumerates VirtualBox registry keys

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Target

      bytefence-installer-5.4.1.3.exe

    • Size

      13.4MB

    • MD5

      c4951a516fe1b3a8a579e73877a4b1a4

    • SHA1

      400acb837edec53c746be0ccb2bb9d774fa150e9

    • SHA256

      61dc83d20af7bfa9458a4ee7b08bc05fc33b09aa5f04bf655f9f607125d1934b

    • SHA512

      a6933dab647728a2ccfaabdcb7561ab804efdf9ba6193d920712d04c842400b6c975bb0c0228a03f2a3b7dce3019397615267e2905cda73441abc6ef1978faeb

    • SSDEEP

      196608:0e6XKEkziIokPfo+tIcQ9wBgh72SWHr3WpHAVoZ+obe4TIm1GaNWmdPoZfWA:0eWp/c4+tIhsg9W3W5koUoLTIm1GQvA

    Score
    4/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      b0c77267f13b2f87c084fd86ef51ccfc

    • SHA1

      f7543f9e9b4f04386dfbf33c38cbed1bf205afb3

    • SHA256

      a0cac4cf4852895619bc7743ebeb89f9e4927ccdb9e66b1bcd92a4136d0f9c77

    • SHA512

      f2b57a2eea00f52a3c7080f4b5f2bb85a7a9b9f16d12da8f8ff673824556c62a0f742b72be0fd82a2612a4b6dbd7e0fdc27065212da703c2f7e28d199696f66e

    • SSDEEP

      192:4PtkiQJr7jHYT87RfwXQ6YSYtOuVDi7IsFW14Ll8CO:H78TQIgGCDp14LGC

    Score
    3/10
    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      eac1c3707970fe7c71b2d760c34763fa

    • SHA1

      f275e659ad7798994361f6ccb1481050aba30ff8

    • SHA256

      062c75ad650548750564ffd7aef8cd553773b5c26cae7f25a5749b13165194e3

    • SHA512

      3415bd555cf47407c0ae62be0dbcba7173d2b33a371bf083ce908fc901811adb888b7787d11eb9d99a1a739cbd9d1c66e565db6cd678bdadaf753fbda14ffd09

    • SSDEEP

      96:oXHqZ4zC5RH3cXX1LlYlRowycxM2DjDf3GEst+Nt+jvDYx4AqndYHnxss:oXHq+CP3uKrpyREs06YxcdGn

    Score
    3/10
    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      1f49d8af9be9e915d54b2441c4a79adf

    • SHA1

      1ee4f809c693e31f34bc6d8153664a6dc2c3e499

    • SHA256

      b22c8f676dec58be8d25fbad1a37835ffc4029f29aaf79f4dc0337ca73a38782

    • SHA512

      c60827e322e3168a79795ffd4beb0b0039842128255100d6b005d261402d2ff570f3866f441f3d3c063097c71d44bc5ae80d177fa91ef4e46fc8c2d97de27aa4

    • SSDEEP

      96:67GUxNkO6GR0t9GKKr1Zd8NHYVVHp4dEeY3kRnHdMqqyVgNo3e:kXhHR0aTQN4gRHdMqJVgNv

    Score
    3/10
    • Target

      $PLUGINSDIR/nsisdl.dll

    • Size

      14KB

    • MD5

      a95c7af96416b2cd084fed4c07c8c291

    • SHA1

      0c62c2fd843ccb59784404ed36369784dc557671

    • SHA256

      a1e09fb1739ef7557d18104b0d6a4c7725e1ec293f5404c80402f57ff9ebb9d0

    • SHA512

      427ef14b116b574c5558cc6bb0ce03ab37f891f2d7ab0f130e3cddd0265e6bd269c598ce93230e56cd41bb9d2649bbbaa2fa2c654d8116c0c6f79a6f3419d1dc

    • SSDEEP

      384:9ck76gi51kE5aYOMLDC4UnDp9B0Jc5HNw2NE:9ck76gibLCMLDLCx04HNVNE

    Score
    3/10
    • Target

      ByteFence.exe

    • Size

      3.6MB

    • MD5

      ae114355b714bc831f641ffc1fd5d96b

    • SHA1

      52885c21ee681f3b0dbb7d13191fbbb141fdf906

    • SHA256

      517516b4fe19c58397a703bed0884cd439a6ad7ddadfd3de2b9d40d035659448

    • SHA512

      7db682dc63cae4ca91085f34788af53bc2cfd350af476749a4045ff2d751d810d5a8a140b28800ef284aed17cf87c5173f8bc107c73fe75555506fad66358dfe

    • SSDEEP

      49152:JG5ZVMGSL38t62Ei9Ts+Mq83+4w3aOX5xHm4Tcua9cGwYkf1VKHUKqHLmzdZXGwM:MMoTs/dw3TdTcua9pk9LLmfWl3KvS

    • Enumerates VirtualBox registry keys

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Target

      ByteFenceGUI.dll

    • Size

      834KB

    • MD5

      637e8fcc69c33392335ffeaaca446a1b

    • SHA1

      91a56d770a3731310c412cd0c9cea9439594f593

    • SHA256

      496378bea9a3d62401744cd3941eda5177dc54733cd45735acf0c373372b5c5e

    • SHA512

      ffd8deba9afea17cf93219774e5d576b4bb39c4db710caa9634e5821cbb40e000f446017bf116bbdd475243dc397d4f038bff8f236e1ad9c002604249761fa08

    • SSDEEP

      6144://DsH/j0S/6HYv5nAYwtQ5eF7yH4kwMQDtyeTTGvsOYu3uhaS2dK6mDFnsZdVPSj:XDsfjR/6HYBYD/0/tCDFsEuIt

    Score
    1/10
    • Target

      ByteFenceScan.exe

    • Size

      802KB

    • MD5

      0243c4daedbf30e3235e0ffe0424901f

    • SHA1

      a0cb6caf5cce9afd09d0e253c899990a96d6f0cb

    • SHA256

      26b66f533d698550985569f7e2b663238d0629ab87be94054c07be201b689b8d

    • SHA512

      ab4708f86fda031c1d7261bb6177dce74e03b213f39802fe77df2bca90a3388801f4bcc8eb21ee516d3e38e80c0727bd2c7d956584ae91d46ebb867aa3cb8bf7

    • SSDEEP

      12288:tyA83gBCl+54Q+OeO+OeNhBBhhBBFBEGxHmfCvFDGOUUY2a1f4/fS/TecKbFVcd9:tKQ+PfGfCtDxY2bmaHMigXu6rnXSK

    Score
    1/10
    • Target

      ByteFenceService.exe

    • Size

      152KB

    • MD5

      ac384df8fbe8a76815fab3a2659f4bc4

    • SHA1

      c3cf899ade1ec94e7d8a7a4dc64950de99096b4f

    • SHA256

      0e262b5c4390c353bf98298631877913f6940e9c5042c0979060fca6c964fc17

    • SHA512

      a27ba4f9d167ba81a053067de6e27d1a81646c640e5246f0036c8758f123209206f187fb8b3a073bf3f31717b80cafc3d78add7fc4e33204b87460e14fad4d90

    • SSDEEP

      3072:1VCk5BvWxvjdrJmAoIQelRqoTol8gJTrYobUXJNX/1D3YcpEmxUgAPe:1X5BulYIQsxToGqTrjuAcprxmPe

    Score
    1/10
    • Target

      Microsoft.Diagnostics.Tracing.TraceEvent.dll

    • Size

      985KB

    • MD5

      d09b4a4509907f75f506b996a5ff7554

    • SHA1

      bdb299cf617da297cbcfea321879f669e465069a

    • SHA256

      6f8a2f1d045efb952c1ea9988bb5dcc72555eccafe9b32c2c51b439ea1f28453

    • SHA512

      ea29579f19aa55429e7254a7a6953f127a7520c43ad1e15dad7e4b25d17a167218997fe98d3096606164284616963c81a53f10eeaada7163472a6102e66de478

    • SSDEEP

      12288:Y+TaIGsAE3CBF4vgwWNjVYUQjwciLzR3Sx+1FfNJyPnKrA:ZT2VESLEUQjXiLXNJy/

    Score
    1/10
    • Target

      Microsoft.Win32.TaskScheduler.dll

    • Size

      303KB

    • MD5

      1802e6df96046cfee62c63c4c8469a3e

    • SHA1

      c5d6444fcd8f46e1832c99614f5e71adff582f6d

    • SHA256

      cc6c472f666239ed270cc3754852f536b8981d6fd22e4ad1ee15a1aa788a3ba9

    • SHA512

      339f5b917c4afbc25175bd173cebefdd8f4671e157ecfb8a9c21b78db9d34fd9757787c231575e8849509cac59162c6c67fb32af6febd6903ec285e21c0fd304

    • SSDEEP

      6144:pSNrAMLv8oXq9/7hbTD9S9XFiU5xsM2N0b9tCud+FrXSaG5rcfFr79E:CH8oXq9Dhb49ViU5xsTQd+FrXSJ5eFrZ

    Score
    1/10
    • Target

      amd64/KernelTraceControl.dll

    • Size

      217KB

    • MD5

      23ff4b3eadf12465e19f39b0c19c4361

    • SHA1

      ce0f61dfc428532dc645d2aaed9153d79dbd27d5

    • SHA256

      2005f94acc7c541771066ed98aff6321b911d10c59d2544b853446dbe91f25a5

    • SHA512

      cc618b926c22cabeb2156fe9d82dfa0a181e9bb03e9f1d823f68f656a72fa56fecb92fafbe84ec3712805ec0bd5a903fde6ea33cd05dfc57027800bc516c7538

    • SSDEEP

      3072:nX5gE72vcK8s7pTxEl7Onygi9wDO4z4WSYB0JuPr8AjT//PqLVFUYYBHoC:nXX20y7HNz14RU0J1ALqDUBHoC

    Score
    1/10
    • Target

      amd64/msdia140.dll

    • Size

      1.3MB

    • MD5

      c241e5b86b651da6e2b8fd9b07660635

    • SHA1

      bc7317c284770245116b4a77c6d454970625fd19

    • SHA256

      25a17a77163d1f18d780b06546dbe53c49d184c08cae60598b81cce655c53e34

    • SHA512

      1b8e06fc562413b110f2ed8ee752f704948a77c4f4b8d855d1f14a91f9d3cbaaeead625b11d82d655613e89b7345c3299ddadc0fa9bcdad400068916587894be

    • SSDEEP

      12288:Ppo5lxPC6r9vjOqfmX/yyOZWS6ggBwCX0dX007AedX0oHQUcV8gv2MQo0pzx:xo5lxdoz/yl4rEdE0cedrQPV8gut7x

    Score
    7/10
    • Target

      protobuf-net.dll

    • Size

      205KB

    • MD5

      769d127c68a3610c54927317035ab647

    • SHA1

      f1c3cd0eecbde4e506ec17fe3e63062d704978c6

    • SHA256

      b6cad8c254404466afc57402bf9c69f92dcce2f76cdba19784cc1057e85e000f

    • SHA512

      23350def1e9c76f6d7d797674f07157ef3e6a1808bf19023737f5919ef6cced8ea071625dfcc34c0ad7b1a3e6605da71e6559e88ac6397f79e77b2a4293159c6

    • SSDEEP

      3072:fDS6s11CNtSu01ck48ChK8CShUlNIUAQwXaQ5edod9hoiexKcMva3rdY07c8cC:mzWMGN8CckUnAt5edod9hoisKbvydvwC

    Score
    1/10
    • Target

      rsEngine.dll

    • Size

      5.1MB

    • MD5

      38bfe41fef177604494f49ee8023b887

    • SHA1

      fca37c9a1f3b9eaa68b489b091020cff0f672e6b

    • SHA256

      65555310943571e3d7cdb37c8a5cfa6e332400397d4d1dcbe4033370a5db81f6

    • SHA512

      f0b3dd5b27893ccfce43a033cd89ae190bf9d016711e85cea2d3ecf8478db365d47a7f8b86c08bb0941ebff3522f0b6b093c9e5c9527c2737da7ded2614401c2

    • SSDEEP

      98304:njye+FAgokGVEfisnwbqgmHsCaJLVCxCB5aJ6sxTuWBgWWiJZUKPhoa:n0F+8iswrmHsCxO4JLu83J6KJ

    Score
    1/10
    • Target

      rsEngineHelper.exe

    • Size

      163KB

    • MD5

      0fabe08ae38aa4ef76fca861a80763d9

    • SHA1

      a3e6a9fe9b6e5ca39ecb027a1a8df7668bca8c3f

    • SHA256

      bd5d56e915446df38fb45e0f1e7a42870e0797c9321e790c237a02558cf60d61

    • SHA512

      7cfb14321e63c9a5b0aaf548eb12d745d7aa983b4b8d80704f03927c61b9a1c36f493c4dfe346a8a59bfc87712b80a6a1bb31a5b3055dc6a0f7eda4f4cef3eba

    • SSDEEP

      3072:pYUIWLFtsoAqhSvgscHrHog7EOGGg9cJvl:uUIWLTstvgsc7t7EkBl

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discoveryevasionspywarestealertrojan
Score
9/10

behavioral2

discoveryevasionspywarestealertrojan
Score
9/10

behavioral3

Score
4/10

behavioral4

Score
4/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

evasionspywarestealertrojan
Score
9/10

behavioral14

evasionspywarestealertrojan
Score
7/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

persistence
Score
7/10

behavioral27

persistence
Score
7/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10