b474b15d0895ef9f6bd317c0aa884878360701f96e98ed5006529e2c53acb8cd

Sharing

Copy URL

Twitter E-mail

General

Target

b155bc0fe5e27121ec1a6f8a23992726_JaffaCakes118
Size

4.0MB
Sample

240616-cyp2razcql
MD5

b155bc0fe5e27121ec1a6f8a23992726
SHA1

d0c4345974ceede74670036a89af9061f6f42e56
SHA256

b474b15d0895ef9f6bd317c0aa884878360701f96e98ed5006529e2c53acb8cd
SHA512

b27dfcbe1530dba99247d4f5386564e7db304b7520cfe5fa6daa1cabfac322ee5f1d28b8221f430db0b933d3f20eac500152cc033873a8e4545b1275b9334a90
SSDEEP

98304:X7J54jjrClrspscKRdyhr4Ntw+IWWbVF22fzf2B:X7EGlrOThCnoFX2B

Score

8^/10

Malware Config

Targets

- Target
  
  b155bc0fe5e27121ec1a6f8a23992726_JaffaCakes118
- Size
  
  4.0MB
- MD5
  
  b155bc0fe5e27121ec1a6f8a23992726
- SHA1
  
  d0c4345974ceede74670036a89af9061f6f42e56
- SHA256
  
  b474b15d0895ef9f6bd317c0aa884878360701f96e98ed5006529e2c53acb8cd
- SHA512
  
  b27dfcbe1530dba99247d4f5386564e7db304b7520cfe5fa6daa1cabfac322ee5f1d28b8221f430db0b933d3f20eac500152cc033873a8e4545b1275b9334a90
- SSDEEP
  
  98304:X7J54jjrClrspscKRdyhr4Ntw+IWWbVF22fzf2B:X7EGlrOThCnoFX2B
Score

8^/10

persistence spyware stealer
- Sets DLL path for service in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2
- Target
  
  SkypeC0SvcService.exe
- Size
  
  7.7MB
- MD5
  
  f5fe906f801d99fafa8a9e0584a37008
- SHA1
  
  a80175b91e3f9606e63dd0d9a9271e23bbe10321
- SHA256
  
  10b12825603dc3f1946bfd4e7cbebda5885fe4fccaeb0df8b6e862ad3dad720b
- SHA512
  
  ae149680b212cf0b7f11d841cede275d8e510d3af86c96d75ff75802a8543773a5b7fc9d4c84d4d5fa486d2ddf27129cc42e70d0ea34ca2624f14152ba7497de
- SSDEEP
  
  98304:aj7VmLVY+KTszb9eg6eXP+WFtJpoWHy+k6Rftuqy5HnoBWQ4O8fIZr3v7vo+15e9:aj7q5BeDofvyZe4rItfM5fyEFP
Score

8^/10

persistence spyware stealer
- Sets DLL path for service in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral3 behavioral4
- Target
  
  TeamViewer_Desktop.exe
- Size
  
  2.2MB
- MD5
  
  36738935b6eadbdf570002ee44990360
- SHA1
  
  2621f86a0307a6be7032266db868c7af981bc016
- SHA256
  
  46aa5507bf0866d924a7974e7dc9255db21efb8ba5dc15e3c1a19c5b408ad29c
- SHA512
  
  5737edd344008832b1925972913cb2ba49d1e177a331a5419c5f6cb966f7da735fff1722acf59d5514cf63c2834a5f49d9784b70996fb0186cbbab6de3835f14
- SSDEEP
  
  49152:A3FLe1ieG8rYXp+9yu+78ieJ9f3QyqOipQV:iqil8r2p2iePV
Score

3^/10
behavioral5 behavioral6
- Target
  
  TeamViewer_Resource_en.dll
- Size
  
  285KB
- MD5
  
  5850b0e30cb6493170ea8d073f34766c
- SHA1
  
  d80b0181edca5be738f8c1c4355c4785d0360d06
- SHA256
  
  97f8b0f6307156c0c74f3309195c376e5d816b3dbd65048c241a8b7e9233eeda
- SHA512
  
  a1a8ee334ef763a78214fbc6a915e9adbf0cdbafb6694fac6e70cb68f2aacfcad945c7b4629bf3b729e8b9b3fcd7956c04a63c89fb6bda7111f41f9c8cb96144
- SSDEEP
  
  3072:2E/DdofYRxYv0sSpMU4HBMCsBZdtkFv4+87GC+duoS99g4cLH3wSZG0/VS8435:YSh4H+PZdXevzK
Score

1^/10
behavioral7 behavioral8
- Target
  
  TeamViewer_StaticRes.dll
- Size
  
  2.5MB
- MD5
  
  4202e46ac536822fd7043c38e66d0ec8
- SHA1
  
  c8908477b539931168e9437d4e17e7c33fb10141
- SHA256
  
  542075ba11aaa6c1961985818dc4bb9e1a13afffeaef3514389444db18938fb4
- SHA512
  
  20210b8dd54b7ca527e69699ae02d6b1c1733e8e3c8ae797994d24b2134e91d4dbc8345b9a4757ded6a34f460d9ec88b1c133202718e342c9045c77de2bd784d
- SSDEEP
  
  12288:7CAl7FRMxerSauRDWjeeqnXaqiYCPE8L+YoBSNPramjvT1VgQr7G:7CAtprSajTqEVL1T1S3
Score

1^/10
behavioral10 behavioral9
- Target
  
  msimg32.dll
- Size
  
  70KB
- MD5
  
  0b4279955a1709d04838fc3183d7342e
- SHA1
  
  747b72e37d21773f9cf50d914033b153a0940975
- SHA256
  
  1948fe4befb8f7846a7461e01f1c60a0096a941afd7fb16e47794c26a89e99a8
- SHA512
  
  c5a05c7613613636aaa82ba497e0372d08e5748484bddfebd5073f5084e79a3d1567b2a9475c1ef8688eb15d2ac8c48fca23b9491b056594b2294811d05154ed
- SSDEEP
  
  1536:q5SeXu8TbCf7xPxJEZUGC27MiKu6WupSo:q5kGgta/CvM6k
Score

1^/10
behavioral11 behavioral12
- Target
  
  tv_w32.dll
- Size
  
  66KB
- MD5
  
  55b4875e6dd84b1a547a91a789515dfb
- SHA1
  
  ad598670ced636134f85c744f6283a16e3766d1f
- SHA256
  
  a0791b2f732fdd0c26483d9ef2d77e720d9ba267f887eccadff227bcf247a0a9
- SHA512
  
  d9dc737c25a56503bba8f3a2fa030c3dc1fe62f4313cb307203cdcac164fd6bb2fa2ab87be6806d4cf3d1ed1ec880a1c7f3d866e61c3a6005ca400ff9f99459a
- SSDEEP
  
  768:jSiTqh7w4Hj/jf/NJ5IGuQiK8BQAHPcDutF91+B/amykhJT/WyOOYP4Xd5:jTTqlzbNJEnB0Du/WB/rbWlPq
Score

1^/10
behavioral13 behavioral14
- Target
  
  tv_w32.exe
- Size
  
  104KB
- MD5
  
  c16719e5c670b7c18aab69dea8ea8c66
- SHA1
  
  95c9c3b44dcca278b42cb20b1e27d88ae4006f39
- SHA256
  
  c23d33f637c3c90ce0e3fc366fce034c5592dd80b660f469619e38b255532689
- SHA512
  
  9bae42f6e6ace1e1f0d923894399817a017a1e52e2b01bb780d2a7be20f82ac341b1c9f6de680f16a0b8d5532c0f77f495dde2ad0c95ff85118021785dcd3b3b
- SSDEEP
  
  1536:PQLuOPf3QAlDOuWenLNqESuRcC/KJzwUDivp5JM6/+rbs2:YLv3QABNpzUEvpX/+rbs2
Score

1^/10
behavioral15 behavioral16
- Target
  
  tv_x64.dll
- Size
  
  80KB
- MD5
  
  6f68147027ba59a8af86ffe1b8fc6899
- SHA1
  
  99bb32e1d752a2b93bcd9db36b8a4f3c01ba6458
- SHA256
  
  07413a73f7566173b462d7a4de2ca74d211f0872682160afafa618e656cfe9e6
- SHA512
  
  5011e05ebcf6e86a988ba79e3f0aec2f240b14c5a602260edc53fa1c4b11c23495171213fe30ab8bf53f9e0c15e6dffa6a463105d1d558a3def50fdc28e571d2
- SSDEEP
  
  1536:YFUOyl+9lQrc3BCEvCp/m/prxlZHlDCvxTHW6ufvj:YFUtQ0J/uprxlFAWxfvj
Score

1^/10
behavioral17 behavioral18
- Target
  
  tv_x64.exe
- Size
  
  126KB
- MD5
  
  8e50a67752bd070fec717216b9376a7f
- SHA1
  
  19c776fd0fe89d6cb3f372d89cac4adf65dabe24
- SHA256
  
  f7b239c4101db7c974eef31ba2dd42fba0e898cfa762b1e969f76a7a37aa3d8b
- SHA512
  
  be16f2fc675d1231275fd618ea101bfafa71c31b2cea92c5fb1197384bd0ea764e4567350bc1309d9d83439a977ed7600c57c4f5be81bf7170b2d5e59fe1ef46
- SSDEEP
  
  3072:GUwSVG88g4kZsVlg2QBkc+DnDKPUQmlZKzyspAO5v:GI+VlgJB5+KPUQ4ZXtmv
Score

1^/10
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Sets DLL path for service in the registry

Checks computer location settings

Drops startup file

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Adds Run key to start application

Sets DLL path for service in the registry

Checks computer location settings

Drops startup file

Loads dropped DLL

Reads user/profile data of web browsers

Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20