577a7ec9e58665b9b840ce9618e2d330c065dc9a7d7b2109f52e392b77e839c4

Sharing

Copy URL

Twitter E-mail

General

Target

02620653340ad8d2a425b5e5f8af258f_JaffaCakes118
Size

1.5MB
Sample

240620-dw63xszhkk
MD5

02620653340ad8d2a425b5e5f8af258f
SHA1

94f8d4cc9ec4615cfd4a790549e23870f7c8f7a8
SHA256

577a7ec9e58665b9b840ce9618e2d330c065dc9a7d7b2109f52e392b77e839c4
SHA512

cbf3d33fde12a9d2347550a4a462d1d604fea3b72ffc60ccd51234241b8f1f79ee7923c00b4c762204b473411f082726c2daa950736ada322b8f6baf4c9cb6d3
SSDEEP

24576:V2xjlqM8GzLDG8tTo2Rig30oPQ1xTufJLckEY/fudN9GQcCeIRLhlAB2lX:ErqYzGRoqChcC/fkGQwIRLhlKS

Score

7^/10

Malware Config

Targets

- Target
  
  02620653340ad8d2a425b5e5f8af258f_JaffaCakes118
- Size
  
  1.5MB
- MD5
  
  02620653340ad8d2a425b5e5f8af258f
- SHA1
  
  94f8d4cc9ec4615cfd4a790549e23870f7c8f7a8
- SHA256
  
  577a7ec9e58665b9b840ce9618e2d330c065dc9a7d7b2109f52e392b77e839c4
- SHA512
  
  cbf3d33fde12a9d2347550a4a462d1d604fea3b72ffc60ccd51234241b8f1f79ee7923c00b4c762204b473411f082726c2daa950736ada322b8f6baf4c9cb6d3
- SSDEEP
  
  24576:V2xjlqM8GzLDG8tTo2Rig30oPQ1xTufJLckEY/fudN9GQcCeIRLhlAB2lX:ErqYzGRoqChcC/fkGQwIRLhlKS
Score

7^/10

adware discovery stealer
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/TypeLib.dll
- Size
  
  3KB
- MD5
  
  56abaa41368ddf53d01421760f9d72f4
- SHA1
  
  68a4e41d46366e8116bdfeba34d94b628fc6fb45
- SHA256
  
  75c206fba2ec5d344ca514e6451d8892f939f15e8afc1c132bbc9eca886ed1de
- SHA512
  
  98aaee865ee756f6193fb89f35aaf019953c597f92f0e6d3f4a8ead27d5c09f8ac9d39b547a655f2eb4ce6b8867b4e12a20f43749bce3bc2a5f7e668378649d9
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  acc2b699edfea5bf5aae45aba3a41e96
- SHA1
  
  d2accf4d494e43ceb2cff69abe4dd17147d29cc2
- SHA256
  
  168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e
- SHA512
  
  e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe
- SSDEEP
  
  96:M7GUb+YNfwgcr8zyKwZ5S4JxN8BS0ef9/3VI9d0qqyVgNk32E:eKgfwgcr8zylsB49Ud0qJVgNX
Score

3^/10
behavioral7 behavioral8
- Target
  
  $R0
- Size
  
  173KB
- MD5
  
  ed9849f48772d4ec5e908d734c00c961
- SHA1
  
  b0a0f33eceefcdc18da32a67297637610fe9054c
- SHA256
  
  8899425303feb63b583a562189f50458d16c805f1d363a61fdee0444833ab644
- SHA512
  
  3ce061c449c6379fa0f7178280b69aea3ebeb97fec24eb54984fc78f1fd1d8fa66be8a3347a07982bfae566feb93b28da662061cee8ddee5cfa6f34811ae3190
- SSDEEP
  
  3072:SjBQd3XAoj5hVaOwS5WGZzr889gZ2X+ubHIvNrGE8UZsn0:BdeS5WGZeZDNZjR
Score

1^/10
behavioral10 behavioral9
- Target
  
  $R2/NSIS.Library.RegTool.v3.$_2_.exe
- Size
  
  5KB
- MD5
  
  1f694e53532eb452ce7ae7f4523fde76
- SHA1
  
  59609431a30f3a01aa07003dd09e9600961fbc2f
- SHA256
  
  13e8d49e4729e2e6f71956770582c1ec2b632068a3cc9eb8fdc7a3428bab151c
- SHA512
  
  046334e0ea75227938c706c2fa7a7ca64cc10433eeeb1835a045f5a079beceb1a059e44f348d2f1d6e2797de966c3004f3a9c37b78a1b18c90fb851edeac38f9
- SSDEEP
  
  96:GFw199Edyn/3sxi2sS8HVrqbdC9Xh+MClQGZ56:D19CgfsbsS8HVWbd9XlQGZ5
Score

1^/10
behavioral11 behavioral12
- Target
  
  $SYSDIR/DWSHK80.OCX
- Size
  
  200KB
- MD5
  
  956041a95acf9738b712c71c55672094
- SHA1
  
  84959e2c0b07d631de4f71da32e1c3c301285e68
- SHA256
  
  8413fe7000baca9e7a2fdef33922d17d97ef9d16799444b945b3c73fee953c6b
- SHA512
  
  c93085f6e4159e3a75e9167e036214930a3ec3960d5eb3e0812f164a841f60b1c3454bcc7a2227b7d0e80c303db11d322a1e6862d643a614c32e4d6b1798b298
- SSDEEP
  
  6144:BE0Jarr0dWt86FKhOO1ITPKFD7Mq0BTv:+0c3mWi6ElKR
Score

1^/10
behavioral13 behavioral14
- Target
  
  $SYSDIR/MSVBVM60.DLL
- Size
  
  1.3MB
- MD5
  
  88ef14f379e050e8df3ba9a9462945e9
- SHA1
  
  b965d2bd4e3528d7b76ad465ae2c75a83507cf4e
- SHA256
  
  0202ddcf449dc8a0b4c56e786222da56c23c97bdc721d751fb169881df2626fe
- SHA512
  
  5efe90bd5ad79b833f94ce51a4b6fafbe26e09497ecbefff03bff7a8d9d2d4c4dbd30c74ac445e53cbce183fd992176226a3408cbbb677c6e69ba10d1b6f683c
- SSDEEP
  
  24576:CnsZfH8WK6FuXqt5K8whx12tnqIVB62ezzV8d/v3HTYTcfzBRKdfg6:Cim7x12tnq+62ezzVK3HTYoai6
Score

1^/10
behavioral15 behavioral16
- Target
  
  $SYSDIR/VB6KO.DLL
- Size
  
  99KB
- MD5
  
  84742b5754690ed667372be561cf518d
- SHA1
  
  ef97aa43f804f447498568fc33704800b91a7381
- SHA256
  
  52b64e2bfc9ee0b807f2095726ace9e911bcd907054ac15686a4e7d2fd4dc751
- SHA512
  
  72ac19a3665a01519dac2ad43eb6178a66ad7f4e167f2a882cbca242978f8debe3e15d0e210c3b0391590699999f33a1fd5de4ca6559ff894b4e6cb4ac1415a0
- SSDEEP
  
  768:J2rURM7RMwTQvsF51u5tyxwgyBEkLki6Ynb:J2rwWRjM0FCagQi6Yb
Score

1^/10
behavioral17 behavioral18
- Target
  
  $SYSDIR/dwsbc80.OCX
- Size
  
  167KB
- MD5
  
  456b24a38b8e2d2f3303e0b4d05cc929
- SHA1
  
  3c981bbac31706cc9189605959f9eba7acbb17a7
- SHA256
  
  242934d4d92948817dd00eec4e8592f7044f5bfc7b2ad2603c826c5cea7b09e5
- SHA512
  
  4476f50a9ade47c848f882b56758111d39a79e61ac62cebf09c8b8d7baaaa77767c11da6e6732caa383b372d0d8a49be116e111299f637e2ea722fa5fd978385
- SSDEEP
  
  3072:K33ebWXothdt1FFfPLyKq1YeoXijMkcI1SjX7iO1ChheO/n3hzOi:DN9LjgiiO1ChheO/n3
Score

1^/10
behavioral19 behavioral20
- Target
  
  $SYSDIR/dwshengine80.dll
- Size
  
  137KB
- MD5
  
  df901a23e6da0cad1981f0a7c13fbf24
- SHA1
  
  78f8f8e857e5ce4dce9fdc6658b5780b07167df7
- SHA256
  
  a8ab488c1ffeed943a68ce7f72fa2eb1b9b21b62c01fbd405a93906a4b357621
- SHA512
  
  1d530caccd728006b1c169a9684044b45384ff4caca02f95c26e15339c4bcfad00f70a85b9f3b6d6d84aed242536ecea454636688e33fa6c6558f67378fc8228
- SSDEEP
  
  3072:jVEYo+V9rYoQ7/pnDeZtVbbOtF4759qDD2:jVEYdHE/CbOto59
Score

1^/10
behavioral21 behavioral22
- Target
  
  UrlUpdate.exe
- Size
  
  152KB
- MD5
  
  df4c70adfe3ee8e7d0a7d396754681ea
- SHA1
  
  86d6bc8e6961a01aa689909d678512e0e3bc202c
- SHA256
  
  94a6a81ad5c12aec33d7274e43ed8197cd476bb9680724995631fd971e8a3d86
- SHA512
  
  94e8fa6c92cbb30320b2067158549e6079be66489c4a2c8008ec7675d9135cddd477137b3c08fe7e7a41d2da6fcc3732d9ae10e8bc47226108938249fa33fa4e
- SSDEEP
  
  3072:T6npLFsb893Sn3dkJht04WD2spOL/KGKlhcpguZh5pXK1zZcsbAM:+0nNke4WdUL/KGKlhcpguZHpXK1z0M
Score

7^/10

adware stealer
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral23 behavioral24
- Target
  
  efbbar.dll
- Size
  
  168KB
- MD5
  
  da641973a719e465fb28389c8277009f
- SHA1
  
  d3c808a07226304e6549eed80b87272e1bcda0ea
- SHA256
  
  acf3a2dc80f5deb6d81c674a5edc163ea8ba6e6898c750159cf74ae8f00199f2
- SHA512
  
  6bffd8ffe167b0426a5021ecaefd9f1473a401e73db88708ed0561f1f2cefe18ae1b958ba7e079622b62e10d25fa0b5cc5802642f627f95275d45cd524f8c40f
- SSDEEP
  
  3072:Wf3mtWDf4Jlt71YGCKPMEPHNE2I/1/7Fx:WPm2fw7q8PLPtnm/
Score

1^/10
behavioral25 behavioral26
- Target
  
  efsbar.dll
- Size
  
  149KB
- MD5
  
  26eccc32791911ccdfe0aec05f733cf8
- SHA1
  
  cf0ffd6ee73c6dcb7cd52f4a863b6a5e44c29cbd
- SHA256
  
  b4f5d03f1649f2631e122dba48a18e3ee705d073ce5800bda90730d0ad6a35c1
- SHA512
  
  6841d08827476416bdc8ee2a224c0f2aaa8827acc32a78e1ecd3fecd796fadc2fc4aaf78af11f9e14a6ffcbc70bf7205c482f34a36ec07d3cc412d45d62cdf35
- SSDEEP
  
  1536:Wr4H2HeDqt8Q7h3fKHiJdbYBsPV30tgyFicvjRvNLMzuH8UkUYjSzgUSYez2eJIy:WfHe68G3mOZxV3WgSZFCzuHMxrUnu
Score

1^/10
behavioral27 behavioral28
- Target
  
  iewindow.exe
- Size
  
  405KB
- MD5
  
  c586e5bf4514ad24b6a0002e13d6452b
- SHA1
  
  6d22ea2e2ae087864c0f91a602cf5b588c54126e
- SHA256
  
  813be8eb3e53948faa20f051023fa132fd564e977c7932d130f5ea7a19c0d5dd
- SHA512
  
  a917390bda68c91f82764eb93ea5d9ce9d330fda9fe24b6956ee16312f342bf4213e0c8f737d83feb8bbf70f82df41d2c7720d4cbaa92982a9584987ea2327e1
- SSDEEP
  
  6144:NzIHrlVzNOKvt9mI0E3BDh/9nk85ziUpUox/vb5FH7869Hbdu:xKQKHH0+BN/9HdiBohT5FoyHbg
Score

1^/10
behavioral29 behavioral30
- Target
  
  nnlogon.exe
- Size
  
  68KB
- MD5
  
  4f8ec9279ce71a9feafd811a2a0fe8fc
- SHA1
  
  8c5e103eeb3dec74297b41739a28eb0c1b4d0478
- SHA256
  
  8a730e05ec59ca9c2bea7b950b7178c5174da28d0843ba1f3f10b47e352b219d
- SHA512
  
  61c0b531b0530afba51138bc8d876a715e059fa716652b9155bead099c1e6dea9a972f219bc593d6e0ef4d7bc849a9108cb6cd99eb72e61d8d0f45e3199908c9
- SSDEEP
  
  768:G1UEOcy9lHXBT/J33p47yTeXeJIYwnbVYcWB5vUL6CdLQC2fQEH:G1UMERp47yTLJGnbVYWL7dLAQEH
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Installs/modifies Browser Helper Object

Drops file in System32 directory

Executes dropped EXE

Loads dropped DLL

Installs/modifies Browser Helper Object

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32

We care about your privacy.