62785bfab54aff8b4099c82fb0e47513803f90b424fe7aa60c4c3130e43094cd

Sharing

Copy URL

Twitter E-mail

General

Target

ad1af65ae75d3d4a3720b8f1a57e03fb_JaffaCakes118
Size

12.8MB
Sample

240615-gthjbsvamm
MD5

ad1af65ae75d3d4a3720b8f1a57e03fb
SHA1

569b5add3e119a317fa0414fb17f6546a0e17628
SHA256

62785bfab54aff8b4099c82fb0e47513803f90b424fe7aa60c4c3130e43094cd
SHA512

ee907d8173a961a39e6c0c41541960679c2fb84406f5be3cd62a0c7253a3ae96839d0d5a8b265f41bb4306450fb7e0cdf61874df61f88726922464f0125a0cd1
SSDEEP

393216:61MRhCobRSmt1QaoHR6iCqAddRpqqvMW99LHDlXOlK:66OWuao3CqAd7RvMWnx+A

Score

7^/10

Malware Config

Targets

- Target
  
  ad1af65ae75d3d4a3720b8f1a57e03fb_JaffaCakes118
- Size
  
  12.8MB
- MD5
  
  ad1af65ae75d3d4a3720b8f1a57e03fb
- SHA1
  
  569b5add3e119a317fa0414fb17f6546a0e17628
- SHA256
  
  62785bfab54aff8b4099c82fb0e47513803f90b424fe7aa60c4c3130e43094cd
- SHA512
  
  ee907d8173a961a39e6c0c41541960679c2fb84406f5be3cd62a0c7253a3ae96839d0d5a8b265f41bb4306450fb7e0cdf61874df61f88726922464f0125a0cd1
- SSDEEP
  
  393216:61MRhCobRSmt1QaoHR6iCqAddRpqqvMW99LHDlXOlK:66OWuao3CqAd7RvMWnx+A
Score

7^/10

discovery execution persistence spyware stealer upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $APPDATA/Reimage Express/cpuidsdk.dll
- Size
  
  1.3MB
- MD5
  
  5bbf77961224a6773df7ddf52579e91d
- SHA1
  
  b87b986b8280ba36486a85cc5a949c03f076b5b8
- SHA256
  
  92fd15b429e281a4950cb0b60f25e84aa0648f51288132661cabf0ccad77f76e
- SHA512
  
  bc7517b7c5b637a6e770e88f4b8d3e1338944e7547fd87e96ee8acde3f9b28bf15458181ca5f530b39bc07b4c78b2ea28a06fa34ec7ef20847d6a5399a50e021
- SSDEEP
  
  24576:UQXbFpQRuZug5xUKjtljx51pRJxZ2EUBFKdNTFtLAK2XyMm7TWDOPD8wa954coay:U0pguZl5xbtZx51pRJxZc4xMB+QjbotD
Score

1^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/DcryptDll.dll
- Size
  
  156KB
- MD5
  
  4c373143ee342a75b469e0748049cd24
- SHA1
  
  d4e0e5155e78b99ec9459136acece2364bc2e935
- SHA256
  
  b4b5772a893e56aa5382aa3f0fef7837fa471e3b3e46db70b8bc702f2037e589
- SHA512
  
  569f92c3ff9a6e105cf9b3806d8b696442a5679dfa5d7c9362b0649a67cbea2478ca28a5da6c3bd0edacdb634509d8584c6959a4cc13c38d596458f372832f61
- SSDEEP
  
  3072:etvFO3r5Unb7FQwdkb6ckt+bBwmhqKUuWxvt+9/dh:etvAtUn3ewWc+
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/ExecDos.dll
- Size
  
  5KB
- MD5
  
  0deb397ca1e716bb7b15e1754e52b2ac
- SHA1
  
  fbb9bcf872c5dbb4ca4c80fb21d41519bc273ef5
- SHA256
  
  720be35cd1b4a333264713dc146b4ad024f3a7ad0644c2d8c6fcedd3c30e8a1f
- SHA512
  
  507db0bee0897660750007e7ce674406acf9e8bf942cf26ded5654c07682757b07c9eb767bead0966478abc554dc9a6461c4288dc35d12cacfadad4c128f1bb7
- SSDEEP
  
  96:J++xDiP4p7t7dNOt3stxtRFFXxGD6qxlnKE6ttdH3r3:Rx9pJ7jQs5toD6Cln/6tt1
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/IpConfig.dll
- Size
  
  118KB
- MD5
  
  a75e3775daac9958610ce1308e0bca3b
- SHA1
  
  d83ce354cde527c2e20fb425415f6d4795dd4cd4
- SHA256
  
  fe2093ff4bfa1d7259c922aca1e7bb219c4d234e469942446d9e2f8086b7d720
- SHA512
  
  48168a91ec90df262b1e158f32b4bc2a6d6ce10022eb96d4a6f3c755b977e5c104558626adaa214bda29d7f1d246f19e2df59b9a338982aa1c623e1bdd5714c6
- SSDEEP
  
  3072:oa/4Ftm9rSlia00FW96LOsWNQmtQ9WVx95+tTIJ:t/4S9raiae8DSDtQ9W3utEJ
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/LogEx.dll
- Size
  
  44KB
- MD5
  
  0f96d9eb959ad4e8fd205e6d58cf01b8
- SHA1
  
  7c45512cbdb24216afd23a9e8cdce0cfeaa7660f
- SHA256
  
  57ede354532937e38c4ae9da3710ee295705ea9770c402dfb3a5c56a32fd4314
- SHA512
  
  9f3afb61d75ac7b7dc84abcbf1b04f759b7055992d46140dc5dcc269aed22268d044ee8030f5ea260bbb912774e5bbb751560c16e54efa99c700b9fc7d48832c
- SSDEEP
  
  384:w4NSXFjXCATBAQR4F1Y5u6I3wa4W7KNP66BjLjyXB0JyuDchv8EnohgSil2X:woaF+ATCQye/I3KWmxj00Jyb8Enov
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  bf712f32249029466fa86756f5546950
- SHA1
  
  75ac4dc4808ac148ddd78f6b89a51afbd4091c2e
- SHA256
  
  7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
- SHA512
  
  13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4
- SSDEEP
  
  192:0N2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Kx:rJoiO8V2upW7vQjS/
Score

3^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/WmiInspector.dll
- Size
  
  92KB
- MD5
  
  1a0b4ff3847dc729ed2ee669c8ac0519
- SHA1
  
  a179ca7c5adabd0e1aaa7fe36309770d774ffa43
- SHA256
  
  fe268b2259429b6d5efdae9a5dfe621214b2e2c22f03087b2f5f7132596f9f8d
- SHA512
  
  118f82fc4e90a03a18f7dccc1facf35eb5a8f0fe092ce4b4b7b1ddb7987efcc9d50674418e004b992a6be35c5e18e7d659843a1bdce9694e5435060c158cc416
- SSDEEP
  
  1536:vRhrWA5HRhMz7n8eA9G9gVoAdqszdwKKEPdLQndOpP6nSBEkD7MvvyIXiD:vnSFjLEPdUdOr4SIX
Score

3^/10
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/inetc.dll
- Size
  
  31KB
- MD5
  
  5da9df435ff20853a2c45026e7681cef
- SHA1
  
  39b1d70a7a03e7c791cb21a53d82fd949706a4b4
- SHA256
  
  9c52c74b8e115db0bde90f56382ebcc12aff05eb2232f80a4701e957e09635e2
- SHA512
  
  4ab3b1572485a8a11863adada2c6ec01e809a4b09f99d80903c79a95b91f299b8f2cd6cceaa915567e155a46291a33fb8ccb95141d76d4e7b0e040890d51d09f
- SSDEEP
  
  768:FRci+9MscTJMR2+d8heiwhSruaFajMGbJDVVG08:Fg9sTJv+AVwhl25ci
Score

3^/10
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/md5dll.dll
- Size
  
  6KB
- MD5
  
  7059f133ea2316b9e7e39094a52a8c34
- SHA1
  
  ee9f1487c8152d8c42fecf2efb8ed1db68395802
- SHA256
  
  32c3d36f38e7e8a8bafd4a53663203ef24a10431bda16af9e353c7d5d108610f
- SHA512
  
  9115986754a74d3084dd18018e757d3b281a2c2fde48c73b71dba882e13bd9b2ded0e6e7f45dc5b019e6d53d086090ccb06e18e6efeec091f655a128510cbe51
- SSDEEP
  
  96:5mArJv6F3TqDmgK4ghEin1US36eHQZDUDgGogZcko5Nt4AMP:5XJ63LhR6inZ6dsgZkKQT
Score

7^/10

upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/nsArray.dll
- Size
  
  6KB
- MD5
  
  89d40ecddf3ce6f3b0e6a84f40936912
- SHA1
  
  97af44bb909a7701f46ec0b4bc9a52f27140ca21
- SHA256
  
  05d59fa3f6cf237c999b5f73b7d6a4d8ec6a4eed4d0d9c6a12cf08944f2bb770
- SHA512
  
  bfa23ae2d42831783a4132c313d7d4fbd1e91eb1445a4a82be3b577284e830b5282f85bbc9261291370e6673f7f0e2e17aae0b0e41495a618f22905026e82ea1
- SSDEEP
  
  96:rXfjvtzPsqb8iI/ZK0DoeUWUZ7P5tWycDVIzfBG1IfA7gfMxLfAdGOL:HJ1b8iWZ/rUWoRMy2VYJGP0M2dGa
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  132e6153717a7f9710dcea4536f364cd
- SHA1
  
  e39bc82c7602e6dd0797115c2bd12e872a5fb2ab
- SHA256
  
  d29afce2588d8dd7bb94c00ca91cac0e85b80ffa6b221f5ffcb83a2497228eb2
- SHA512
  
  9aeb0b3051ce07fb9f03dfee7cea4a5e423425e48cb538173bd2a167817f867a30bd4d27d07875f27ca00031745b24547030b7f146660b049fa717590f1c77e1
- SSDEEP
  
  96:M/SspqrIYxLPEQhThvov3TE4/2Sa5P9QFFYzOx4uF3sbSEI5LP39sQvM:M/QUG7lhvov36S5FcUjliSEI5LuQ
Score

3^/10
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/registry.dll
- Size
  
  24KB
- MD5
  
  2b7007ed0262ca02ef69d8990815cbeb
- SHA1
  
  2eabe4f755213666dbbbde024a5235ddde02b47f
- SHA256
  
  0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d
- SHA512
  
  aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca
- SSDEEP
  
  384:W2mvyNjH3rPnAZ4wu2QbnC7qB7PnrvScaeYA4CIDEge/QqL2AQ:/75w/OfrzB4CUxuQfA
Score

3^/10
behavioral25 behavioral26
- Target
  
  $PLUGINSDIR/stack.dll
- Size
  
  10KB
- MD5
  
  867af9bea8b24c78736bf8d0fdb5a78e
- SHA1
  
  05839fad98aa2bcd9f6ecb22de4816e0c75bf97d
- SHA256
  
  732164fb36f46dd23dafb6d7621531e70f1f81e2967b3053727ec7b5492d0ae9
- SHA512
  
  b7f54d52ff08b29a04b4f5887e6e3ae0e74fa45a86e55e0a4d362bc3603426c42c1d6a0b2fc2ef574bec0f6c7152de756ff48415e37ae6a7a9c296303562df4b
- SSDEEP
  
  192:83fHQmgb2DOJi22H/+zNXdA5uv4bunXuDYuzumJucuVuXfugutbHvr:83fwVriWAWiQXWYKPRGaHubH
Score

3^/10
behavioral27 behavioral28
- Target
  
  $PLUGINSDIR/xml.dll
- Size
  
  182KB
- MD5
  
  ebce8f5e440e0be57665e1e58dfb7425
- SHA1
  
  573dc1abd2b03512f390f569058fd2cf1d02ce91
- SHA256
  
  d1aaacc0aaf477b6b9f084697adcb444fc2333b32e8d99d224dca89516e762a7
- SHA512
  
  4786c9124973b6543d7291047d4c4a06c05282a3766212dbd3b8ce9b9560afddca20c491f791db2258c14ab767d5d3f480daa4706492949eae2ceb4a35aaef85
- SSDEEP
  
  3072:Slq7cnzRLdesQbC7ojAqmiGxKUQ8hJgWWHFbit4Gs43YSIFWt:SlYcnzRL8BbwojAzRRQ8hJxahif5wE
Score

3^/10
behavioral29 behavioral30
- Target
  
  $TEMP/ProtectorUpdater.exe
- Size
  
  362KB
- MD5
  
  a5cd4828b244d8a019cad5b39834073d
- SHA1
  
  dbd08733f1b22ffeb66ea1b0f4f4313b2d9ba36b
- SHA256
  
  4465dc9a641bcee44fa490f33ba9859b834e2d1677a1563843fc717fb123a56a
- SHA512
  
  98dcfb6a9f68830e694e5bb2abd3145a885d4313a7615f6078ce12388a7e76fa59ecd5a458153e48e1b8088991ac729800938578276594bea7a7e7a087b3eaa1
- SSDEEP
  
  6144:N50gUCRNY6k3lqK3RTGzh2hQ8E9QcwtzH+gTBxnlimMb8GVNVOaj7g0EgVZ22U:P0gFNY973RT7E9YzewxnlelOq8s2/
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

ACProtect 1.3x - 1.4x DLL software

Reads user/profile data of web browsers

UPX packed file

Downloads MZ/PE file

Enumerates connected drives

Drops file in System32 directory

ACProtect 1.3x - 1.4x DLL software

UPX packed file

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32