Overview

overview

7

Static

static

7

8e5a9c3d90...18.exe

windows7-x64

7

8e5a9c3d90...18.exe

windows10-2004-x64

7

$PLUGINSDIR/IS.dll

windows7-x64

3

$PLUGINSDIR/IS.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDIR/NET.dll

windows7-x64

1

$PLUGINSDIR/NET.dll

windows10-2004-x64

3

$PLUGINSDI...lp.dll

windows7-x64

1

$PLUGINSDI...lp.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI....0.exe

windows7-x64

7

$PLUGINSDI....0.exe

windows10-2004-x64

7

$APPDATA/U...e3.dll

windows7-x64

7

$APPDATA/U...e3.dll

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

1

$PLUGINSDI...ns.dll

windows10-2004-x64

1

$PLUGINSDI...ad.dll

windows7-x64

3

$PLUGINSDI...ad.dll

windows10-2004-x64

3

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/Time.dll

windows7-x64

3

$PLUGINSDIR/Time.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...ef.dll

windows7-x64

3

$PLUGINSDI...ef.dll

windows10-2004-x64

3

$PLUGINSDIR/mt.dll

windows7-x64

1

$PLUGINSDIR/mt.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8e5a9c3d90623efe80c10728c56e2fd0_JaffaCakes118

  • Size

    3.2MB

  • Sample

    240602-rkq48afc49

  • MD5

    8e5a9c3d90623efe80c10728c56e2fd0

  • SHA1

    0488b6eedb78cebb378cbb19af028f3853e5ef5d

  • SHA256

    048bafef6ec2169084b1c8ebc79681275dcbbf3cb5c6617ab2c37e0d26fc3aa8

  • SHA512

    4fb933a51422c6c03ac82f0ad39c7a302c698d51157175c3ade604f169b905c6d3deb5a9b0ff57219ec039f2e2d33e20c8437ec314e8f3e9c81c9ff78e951c01

  • SSDEEP

    98304:Fc1k8VO82XHJBA+56Natnm6k7g4QTgDvasGps1:02XHJBVFtP4/DvR

Score
7/10
adwarediscoveryspywarestealerupx

Malware Config

Targets

    • Target

      8e5a9c3d90623efe80c10728c56e2fd0_JaffaCakes118

    • Size

      3.2MB

    • MD5

      8e5a9c3d90623efe80c10728c56e2fd0

    • SHA1

      0488b6eedb78cebb378cbb19af028f3853e5ef5d

    • SHA256

      048bafef6ec2169084b1c8ebc79681275dcbbf3cb5c6617ab2c37e0d26fc3aa8

    • SHA512

      4fb933a51422c6c03ac82f0ad39c7a302c698d51157175c3ade604f169b905c6d3deb5a9b0ff57219ec039f2e2d33e20c8437ec314e8f3e9c81c9ff78e951c01

    • SSDEEP

      98304:Fc1k8VO82XHJBA+56Natnm6k7g4QTgDvasGps1:02XHJBVFtP4/DvR

    Score
    7/10
    upx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/IS.dll

    • Size

      94KB

    • MD5

      c31b97adf54bdd6ac6d19ab85cc6bc57

    • SHA1

      7e458577b1fe49885c21f38ba981f77b00bdd59b

    • SHA256

      2e5af5577044835e7d1c526b1ef11dddbf660dbf265f3c8b533cbfcfd2a8b57a

    • SHA512

      9178ba7bfd3851b9622ffa7f5981f43b4ca654e3f85113f7c91ebd2ce417c1acb718e73737838c61496a255cee1f5ad9873ea88bce78a0cfe67bd2cfb1e71790

    • SSDEEP

      1536:040tQWYXj9hStyVl4d5VypW4s+qxcfAsWjcdcmeiFrNt:6SV5Ll4dLBZ+q8cmZFrNt

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/KillProcDLL.dll

    • Size

      37KB

    • MD5

      e0cba97d6c9203b638fe94402106091b

    • SHA1

      ba331d35ea9a19e0f5d228c8a0b6152cdb4c5c6b

    • SHA256

      fb3004f3e89257c0e13b9fe4b641e5ffccac45aca0a09d0d96146cbbadb55b62

    • SHA512

      7c12ab9704b6a9887dc12f09c03505721f2ee26fed621ca8ddee27e366795d36f61a0b5b6204374d9a4e6faea3c7dc82a29abc1b9b8723c9549af4ab2d8cfd7e

    • SSDEEP

      768:XzuIRePkNuMZmhBZYPdhZQqn2WEDFZjulJAsDo:qIVNUBW5wJkd

    Score
    3/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/NET.dll

    • Size

      92KB

    • MD5

      9adaffc2a1b579115e40407733d94dde

    • SHA1

      866bbb0dbbd217aa287fe3324ecaa828e8d7b622

    • SHA256

      b31d4e8af5d38991c692f219130fdfa92762a9a77e04e7ab05e44603af578555

    • SHA512

      214eedc4b314b48c192d3a847a64807bf41481e5cd06b1a627bad048dbac14a2c0d6b5b3c992616e18ec9f59f4107d68e57b8c4fd9da01e0695824ffc8030619

    • SSDEEP

      1536:YGm1qiWG5m2ftSFh/strsmDk+g6cLFsWjcd9VRqtOEVK:YG1ipptSqy+gzq96tOEV

    Score
    3/10
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/OCSetupHlp.dll

    • Size

      848KB

    • MD5

      9e4e850e12f2f4f869b2491dbbb17ceb

    • SHA1

      bd89581a89604b601c817ea680c2a224b46737f8

    • SHA256

      4d1ad8aaf803660ee9d989a8a9cb3129397a97e4d0fa4b50ba7fb700b9d4d7b6

    • SHA512

      9285472e8ed2e685dce357383842356e3011110a09f2e66b2a34ee6bf3c7457dbba834256d8b9b240c20666ec38b62d0ebd7fe4dec1fd9cbb812adc36ad724f5

    • SSDEEP

      12288:w3RHConJZh6lVfdxrHtgFl2nMLlKT2OIPL8mKqSTSTpz4cB8:wkuMV1xrHaF8nMI2RPL8STpz4cB8

    Score
    1/10
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      bf712f32249029466fa86756f5546950

    • SHA1

      75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

    • SHA256

      7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

    • SHA512

      13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

    • SSDEEP

      192:0N2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Kx:rJoiO8V2upW7vQjS/

    Score
    3/10
    behavioral11behavioral12

    • Target

      $PLUGINSDIR/ividi_1.8.23.0.exe

    • Size

      2.2MB

    • MD5

      8c271a4f3d22bab31657afef6d391392

    • SHA1

      73ca356b709eea6404ad8a997d4175894706430f

    • SHA256

      afc3a56884a203c8351098f217383d7397ede85580e1ce6dd54ad59f327bed69

    • SHA512

      cd433aae16749a0581761fed60d1758f80351d9a08219a256aae95711060f91a2189fbfbf7e5dd35202d8c1da92049c03357c505159c7b724c4896dd7a1cc832

    • SSDEEP

      49152:wLDJBvX6dkcGTsi5JmjUg/a4ttMPhvJNCUGZJYkPhgVr9WT:E/6dbiHmjUOa4tqxu1

    Score
    7/10
    adwarediscoveryspywarestealerupx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops Chrome extension

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral13behavioral14

    • Target

      $APPDATA/Unitech LLC/sqlite3.dll

    • Size

      265KB

    • MD5

      db4961bbb3c1cf487904b15ea5b5884b

    • SHA1

      d1c23d22e93d3f9b268f99519d38d010ff99ea6c

    • SHA256

      970ab5826883e15bd9ae33310dcfb00968a938eebbe7e8e1ba5c8b0c12cc5d12

    • SHA512

      191e365500a824c1b31eca9f82caecdc227471d09c1343390a2879bd9642cad1a57fe812eb0ab3f20b24941da763a24a76f5a4b0791af5600d283eae7f6cae7d

    • SSDEEP

      6144:XeuZevv40YGJbqYwOTfSED3HvE5+8jVAKZYOwr80B2:XEHGGJbXTaOX38jVX48

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral15behavioral16

    • Target

      $PLUGINSDIR/IEFunctions.dll

    • Size

      7KB

    • MD5

      46ee93cfce4dd2576579f45ad8c41b88

    • SHA1

      f34a4eb6df68e521debda61e5af46aaf461bc3ce

    • SHA256

      a8fbec39470467e43e3fbc48cceeaf11d5e2fe3b98c521ac71b5522e7b46a859

    • SHA512

      a2eb8ed29a819ee821c749dd76c04c2f3a5284a0063d08c43c9eaeb6f68a7c9034b846cb3cca26608cfe28b5ddc07842ea70a6aeb9cb7c6c1b579c3d05e40a5b

    • SSDEEP

      96:fCOzwoO5dacVRNoYVhawoXA8B2oKhYVhrigWV6PM7qCtQp82:fAVV/cwcAMnAqrlWV6P0dQpL

    Score
    1/10
    behavioral17behavioral18

    • Target

      $PLUGINSDIR/InetLoad.dll

    • Size

      18KB

    • MD5

      994669c5737b25c26642c94180e92fa2

    • SHA1

      d8a1836914a446b0e06881ce1be8631554adafde

    • SHA256

      bf01a1f272e0daf82df3407690b646e0ff6b2c562e36e47cf177eda71ccb6f6c

    • SHA512

      d0ab7ca7f890ef9e59015c33e6b400a0a4d1ce0d24599537e09e845f4b953e3ecd44bf3e3cbe584f57c2948743e689ed67d2d40e6caf923bd630886e89c38563

    • SSDEEP

      384:nUOPTbiJmdztwwKq8W1cyMjPzV0Ac9k+LMkIX1+Gn+XHdjf:nTikliwKq8W1rMjPzz+f

    Score
    3/10
    behavioral19behavioral20

    • Target

      $PLUGINSDIR/Processes.dll

    • Size

      56KB

    • MD5

      cc0bd4f5a79107633084471dbd4af796

    • SHA1

      09dfcf182b1493161dec8044a5234c35ee24c43a

    • SHA256

      3b5388e13dab53d53e08791f492ed7d3094a0cee51e9841af83ce02534e0621c

    • SHA512

      67ba90ec04366e07d0922ffb4dbbb4f12f90b6785b87700adaae29327db9ec2a03d750b229f858db0594f439499d6346fbf1ebc17c77162bf8da027515219ee3

    • SSDEEP

      768:WmswCIbuzwEmd7Fp4KpDAKngV9tV3rJy63JgaVwoz7si4uYqUYWu1gYwmj552RFB:WmswCIbuzwEy7n3YD3Jgw7shKrp55io

    Score
    3/10
    behavioral21behavioral22

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    behavioral23behavioral24

    • Target

      $PLUGINSDIR/Time.dll

    • Size

      10KB

    • MD5

      38977533750fe69979b2c2ac801f96e6

    • SHA1

      74643c30cda909e649722ed0c7f267903558e92a

    • SHA256

      b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

    • SHA512

      e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

    • SSDEEP

      192:oNcwTweFbs9t2n2Sgiga65/aHdaGZavaJIYX4Hw2:oNcwBFg22SEw47CPU

    Score
    3/10
    behavioral25behavioral26

    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      7579ade7ae1747a31960a228ce02e666

    • SHA1

      8ec8571a296737e819dcf86353a43fcf8ec63351

    • SHA256

      564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

    • SHA512

      a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

    Score
    3/10
    behavioral27behavioral28

    • Target

      $PLUGINSDIR/chrmPref.dll

    • Size

      208KB

    • MD5

      b2bff24dcb4606c6c8474f979bfb4858

    • SHA1

      5671b867df8ce726d1075909cd40f3934d680da6

    • SHA256

      82d89574b1019c60d6bcf97318b36f8e4bb535bb68334c68253b6306d9dbe4af

    • SHA512

      e7187607c909a9416ede056c10e83d4a0b8f8bb33a8653009630d5f36f80c8be145658d1c2d9df3ede48ce1e9bdf20d192dff45ebe0c6fdc50f241e81df4c874

    • SSDEEP

      3072:R09yocgUKjfjp0CF45n1FAFbqz2Yoz+wThF4hW0OJ5XR+LbA1p5oonej12lS:R0MpgUWfFg4Fbc+ThihW55XiA1bW

    Score
    3/10
    behavioral29behavioral30

    • Target

      $PLUGINSDIR/mt.dll

    • Size

      7KB

    • MD5

      4fae8b7d6c73ca9e5fc4fe8d96c14583

    • SHA1

      10865e388f36174297ec4ecdafd6265b331bfdcd

    • SHA256

      069db1a83371dcd2dd28a51def6cef190edcac6bbf35b81b7ee3c52105db210f

    • SHA512

      73a5547c6d83227a08e2427f2e5eb6abf429d4b5b7e146fcd59b9fb8c9cc6eb9ff61347a3d46f83d0c7adbaff15e94e70bf40660c217f48e9a46a6e310aaf6b1

    • SSDEEP

      96:Q934+YOERFWe2B1ZVtKW5A8V6dIUTY02J6qCtX:24FdL8vN5AHdIUTRw6dX

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

upx
Score
7/10

behavioral2

upx
Score
7/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
1/10

behavioral8

Score
3/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

adwarediscoveryspywarestealerupx
Score
7/10

behavioral14

adwarediscoveryspywarestealerupx
Score
7/10

behavioral15

upx
Score
7/10

behavioral16

upx
Score
7/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
3/10

behavioral30

Score
3/10

behavioral31

Score
1/10

behavioral32

Score
1/10