2397ac46ad9b52de1b72d6821ce44f6fd4815ea6abe449d1b731120d1e0c5ce2

Sharing

Copy URL

Twitter E-mail

General

Target

a0f26553dde5cc1d8ff54d6c92c86dd4_JaffaCakes118
Size

6.7MB
Sample

240612-rg79bsxgpc
MD5

a0f26553dde5cc1d8ff54d6c92c86dd4
SHA1

62a8a34ce8a7c7dd4ca42bfdc198adfa0657d4cd
SHA256

2397ac46ad9b52de1b72d6821ce44f6fd4815ea6abe449d1b731120d1e0c5ce2
SHA512

33b49ea87267895ce6c67ae10b6085d6cfdf963f24222c316ac2b96b9592aba0dc8ff0912351d1909fc599d49de9ff0f371eb9ab8a9dbe99d3314d3fb8aa9c6b
SSDEEP

196608:EQU04EBkFK95xMQtICDTh93p4ehtaTfOEnt6DbPwCwHTZ:E7XFaEQjPz3HQTfh6fPwf

Score

10^/10

Malware Config

Targets

- Target
  
  a0f26553dde5cc1d8ff54d6c92c86dd4_JaffaCakes118
- Size
  
  6.7MB
- MD5
  
  a0f26553dde5cc1d8ff54d6c92c86dd4
- SHA1
  
  62a8a34ce8a7c7dd4ca42bfdc198adfa0657d4cd
- SHA256
  
  2397ac46ad9b52de1b72d6821ce44f6fd4815ea6abe449d1b731120d1e0c5ce2
- SHA512
  
  33b49ea87267895ce6c67ae10b6085d6cfdf963f24222c316ac2b96b9592aba0dc8ff0912351d1909fc599d49de9ff0f371eb9ab8a9dbe99d3314d3fb8aa9c6b
- SSDEEP
  
  196608:EQU04EBkFK95xMQtICDTh93p4ehtaTfOEnt6DbPwCwHTZ:E7XFaEQjPz3HQTfh6fPwf
Score

10^/10

discovery evasion execution persistence spyware stealer trojan upx
- Windows security bypass
  evasion trojan
- Creates new service(s)
  persistence execution
- Drops file in Drivers directory
- Stops running service(s)
  evasion execution
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/CCGylfvpPId.dll
- Size
  
  352KB
- MD5
  
  41061901c1afc95553800c7203a31cd0
- SHA1
  
  38fc9f859502166bf5e356b8820ed6a48b060f6d
- SHA256
  
  cc0dc4f6b1bf6627532a8c8ab42ad087f3302000632d22713950f0a8c95e8f05
- SHA512
  
  c54f0bf158938fa332d482b1190e66cc7856465080fbddc5f7b95ff1f00491d29fa28c49854e6dda73a8e1e11cf2e845754033eb5cfe77327e1625039946c2eb
- SSDEEP
  
  6144:xp/0ex8EJOlAvXP/gcRrTVHLATBwD5QG9l:tx8aOlAvXP/gcRrBHLAT29Tl
Score

1^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/gHbMwlFrsMB.dll
- Size
  
  493KB
- MD5
  
  31eafd1f2c5bceb7761b52ea85cf6c26
- SHA1
  
  51045a6eeddc1832a9a71fe95bb746192b1bbb2b
- SHA256
  
  27e62f38be7bd86e3144888e68ae6dd3cd9afccce244825929409b4e94623dd6
- SHA512
  
  4aa675ad91e655cb36adabab706d9af07b91e1b0d71799f0a4068f02765d6010cdc15ef59eb15758e569cede0161d5e8797f4f39b7dcbfb97b95770acc18e4a8
- SSDEEP
  
  12288:WwORL0u2QfuN7N5Mf9eLB6OBOBOBOomzxNrO76nwX:bWL+QI8k4zxNrO76nwX
Score

1^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/lDerpvVTsgA.dll
- Size
  
  650KB
- MD5
  
  e4bdc739307f32b968e32fcebc9c01f6
- SHA1
  
  5f3d406f01579e3e8a67c05d2e31ec369e14604c
- SHA256
  
  17d489476f1f2fbe95a5ddb2a95a788528db842153c5582457133a79eb0756e0
- SHA512
  
  494ab1baf1ba59aa6cb4209dae8d493b784d289c74ba66b34d826aebb4014bb2fdfa3f30680650408048d9197cab5b945936c36cac9529c220048cef4704224e
- SSDEEP
  
  12288:CTCku/rrJa/ou0Jjppg9Zpnin6QCZeK+YhzyO7LO2TllcrSNCCaBO4m2JEMS7aKd:CWfFrK+Y/7LH+8P4mH7aKKK4O
Score

1^/10
behavioral7 behavioral8
- Target
  
  $TEMP/auBVPavMwbA.js
- Size
  
  356B
- MD5
  
  a35b87106725234045494a6404a003f9
- SHA1
  
  f4d1a2529a271946382c17132a5ebea6449a753f
- SHA256
  
  17aa4126885d2299ada9a5e3fa5c21dc52e133bfed72a25a96e0152044ea2cd4
- SHA512
  
  7924482b9e20801dd8d7abacd6fc4d2a1f182e4f663b0a519518e33c04b482d35d17d277af1e9555f9e8a3a92e67935dabbc5302507b2924ac4cc9b34546dd17
Score

3^/10

execution
behavioral10 behavioral9