General

  • Target

    029c63eb99a4c3caa96d49fef0a10cee_JaffaCakes118

  • Size

    5.2MB

  • Sample

    240622-rq17dawarm

  • MD5

    029c63eb99a4c3caa96d49fef0a10cee

  • SHA1

    99340b26ab24ff961e8711e4d188d5f0c35266ab

  • SHA256

    f9e5e2f2a786c852dfc7feb9c9e8a91c032af671d7a6bff4bdf4d872acf1b704

  • SHA512

    bb29940f02bca50892b8dc7dd622c17809983557930fbcf25e419d25035e650308976376c91888b73422285367b4d0488f3bb974a25c011972b72aaa588ec266

  • SSDEEP

    98304:VCve60G4Ab1qDodr5pX8DyrobF2oouGwZXAMIlPbgOQpl97LG:VC26VrYCr5pM+robF9AA3I1gO07q

Malware Config

Targets

    • Target

      029c63eb99a4c3caa96d49fef0a10cee_JaffaCakes118

    • Size

      5.2MB

    • MD5

      029c63eb99a4c3caa96d49fef0a10cee

    • SHA1

      99340b26ab24ff961e8711e4d188d5f0c35266ab

    • SHA256

      f9e5e2f2a786c852dfc7feb9c9e8a91c032af671d7a6bff4bdf4d872acf1b704

    • SHA512

      bb29940f02bca50892b8dc7dd622c17809983557930fbcf25e419d25035e650308976376c91888b73422285367b4d0488f3bb974a25c011972b72aaa588ec266

    • SSDEEP

      98304:VCve60G4Ab1qDodr5pX8DyrobF2oouGwZXAMIlPbgOQpl97LG:VC26VrYCr5pM+robF9AA3I1gO07q

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/StartMenu.dll

    • Size

      7KB

    • MD5

      a4173b381625f9f12aadb4e1cdaefdb8

    • SHA1

      cf1680c2bc970d5675adbf5e89292a97e6724713

    • SHA256

      7755ff2707ca19344d489a5acec02d9e310425fa6e100d2f13025761676b875b

    • SHA512

      fcac79d42862da6bdd3ecad9d887a975cdff2301a8322f321be58f754a26b27077b452faa4751bbd09cd3371b4afce65255fbbb443e2c93dd2cba0ba652f4a82

    • SSDEEP

      96:2fiqP7bO2qHkAC40KhvSE+6nrxtMn0iGd88qRLqtJ1tbRhElfRx2:siqP7OHX1Q4xtcf8qo/ttgfRx2

    Score
    3/10
    • Target

      $TEMP/iimapi.exe

    • Size

      2.1MB

    • MD5

      f97eecaff22fae9e00a95208738d0621

    • SHA1

      22314702e064c900f0b458ec9c24f7e27e18696a

    • SHA256

      340a963d338f5099515948887ff070f55173467fcccd489453668977b6deb319

    • SHA512

      d2077bc6db8a09339b2e375c8593d2ffa7e3540b910caf357ca4b9404ff75f484d986f67a5d060fa20eb8c3055c22d510fa8a4415b44349a16728cf2c22c6204

    • SSDEEP

      49152:kJ9Ox9fntLVbb4ZIVNUAwqtJq7D+xRiDhFuqnWXx3sfTnHgdYRRsi:kPMvb0iV4qzq3ycDhFuqWXRs7ZRii

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/Math.dll

    • Size

      66KB

    • MD5

      b140459077c7c39be4bef249c2f84535

    • SHA1

      c56498241c2ddafb01961596da16d08d1b11cd35

    • SHA256

      0598f7d83db44929b7170c1285457b52b4281185f63ced102e709bf065f10d67

    • SHA512

      fbcb19a951d96a216d73b6b3e005338bbb6e11332c6cc8c3f179ccd420b4db0e5682dc4245bd120dcb67bc70960eab368e74c68c7c165a485a12a7d0d8a00328

    • SSDEEP

      1536:0P43WZ4Ql60gam+2MwRmPeqFVHbQH0ZZ1Iet:0wU609VMH0T/t

    Score
    3/10
    • Target

      $PLUGINSDIR/Processes.dll

    • Size

      35KB

    • MD5

      2cfba79d485cf441c646dd40d82490fc

    • SHA1

      83e51ac1115a50986ed456bd18729653018b9619

    • SHA256

      86b302fa9c85dfa0c1c03ba000864a928365dab571f3355347dba02da22949b7

    • SHA512

      cca186a7f9c5cff3f4eca410fbe8cc13dad2514a7e36aec9b1addfbcb239ace9b9b2d8427771858e3fd11783abce7e24d43c286f98da9f8b17562ca095a4c043

    • SSDEEP

      768:uxEiycFoaj/+WSiJfmjvab7L/cUf7IIlMLRF:uxEm7sgfmjy//cgdlM/

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/UAC.dll

    • Size

      17KB

    • MD5

      88ad3fd90fc52ac3ee0441a38400a384

    • SHA1

      08bc9e1f5951b54126b5c3c769e3eaed42f3d10b

    • SHA256

      e58884695378cf02715373928bb8ade270baf03144369463f505c3b3808cbc42

    • SHA512

      359496f571e6fa2ec4c5ab5bd1d35d1330586f624228713ae55c65a69e07d8623022ef54337c22c3aab558a9b74d9977c8436f5fea4194899d9ef3ffd74e7dbb

    • SSDEEP

      384:59TzaeW+WyB8c7LX+OGkrwWvVrkUiEMAWm5nskAvXkq:5ZaB+W62Mr5vGUiEum5sk

    Score
    3/10
    • Target

      $R1

    • Size

      2.5MB

    • MD5

      8e52adb9b07b0ba0266f70e97807dae7

    • SHA1

      740691d0cf2368caaae17463593d54fd230bff53

    • SHA256

      f9effd950d92a1f65bea930d7e852e8eaaab8e4be3e7cb306c1b02f61489e049

    • SHA512

      c6f7a9473ca2a18af04c70c756b12447b0f02c8d29d2d7ed8058afd18dda4dd84dc11b0d1852a9ba1910e4fd79a3d04fafd7676c3eeda11e33db314bbff96930

    • SSDEEP

      49152:JiAiN9LGuYhJXJe4gxwY63DKBF23gh+qYMdIJKTT4jzyH4z:JgGuOJ4xhbh+qr14jzyH4

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Target

      $TEMP/locatr.exe

    • Size

      361KB

    • MD5

      4d6f52f74fefb04938e11fc5ec77d072

    • SHA1

      390d844f22613206cd7df84dbb162f1df7362175

    • SHA256

      de50b7aecefe844eddb7d0337624408e576a5279dcc4e0da25354e1d731fc3dc

    • SHA512

      7cdea2acf1e3009385f9abdd81d787b8d27f6283db5edde906f228c7fa24eedcaa1937eb2cedd224e3b0e434b5924eb0689b7d6bc3aa45728ee45d272043d7c3

    • SSDEEP

      6144:6sBcJn1sX6wvkNHK00t1YA+OY+YC7Ea2tPL5twt6nf8j/VpC//x8V31zMDElOegX:/K1sXfwHKNPFsfCAlctFbVInx8VFzMD1

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $SYSDIR/$_1_.exe

    • Size

      38KB

    • MD5

      74cea5bc4ca3e7a915225c6e62cb56e2

    • SHA1

      b392893ebbb6e80c9718d0ec897d92f8815f3190

    • SHA256

      ababe55d9b73e4d1bd234c05dc79abc2189c6659b4076cab99ecccb09a051c30

    • SHA512

      a3bf93e175b4982e92cd00ff8978b7014e51914b96a0834610c2b9a9d641b08c2775b51efa7569d39e3a6b44250016cc87c4428bc6e28f40409dffddf0f84a7a

    • SSDEEP

      768:c1cVhpQI2EQK0iPDh84nScF15GYbWjXO3XJDJRnm5vORTJ0p:6QpQ5EP0ijnRTXJq5wTyp

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $_5_

    • Size

      690KB

    • MD5

      7f46c88a46d3b571b5c56f94478a6988

    • SHA1

      d004bcd6c1a13d67c933989295111365f7e00317

    • SHA256

      a900c48f497be76b975a8896b884d8781b7ae477fb310c1b6ec4529e0ff99715

    • SHA512

      36233027d427cdd9a62b883017743a99a2aaf70661ed91fcc6a60435f6de00122c58ff09c78c1fb2cc1ba7ad8428ce43665ae8799a77e638d0a49bbe54a8c6b5

    • SSDEEP

      12288:Av784mLLT3sDKBlFOIETxoWOz87SfN7gZZCQYJn9o4SRQZj:875mLLT8DilFOIEzOeSF74ZCQYh9o4k2

    • Adds Run key to start application

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Target

      $TEMP/setup.exe

    • Size

      2.7MB

    • MD5

      0a866a5e466002ba335281ba16ed4a39

    • SHA1

      f1ed4bcc782d045847e226fb9116adda13a73ba4

    • SHA256

      c4e77428010973bf8aadc454e9533c1163e1f238c0f9f386731a7c2d97715fd8

    • SHA512

      f17f1e4d5aca0724e52ea302f5c505a08465200780ad577a803c5b918d6a4f43eeebff3e926d4ebf6748d11036908e00240614448053a16ec23e132c889e2673

    • SSDEEP

      49152:0Nl8iowXbyoqepwv4UQ58IV9yGU/5qOJrn074InikM+eBVbq:YlnoKGMV9dsqOJLvqinq

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

adwarediscoveryspywarestealer
Score
7/10

behavioral2

adwarediscoverypersistencespywarestealer
Score
7/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

adwarediscoveryspywarestealer
Score
7/10

behavioral6

adwarediscoveryspywarestealer
Score
7/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

adwarestealer
Score
6/10

behavioral16

adwarestealer
Score
6/10

behavioral17

adwarediscoverypersistencestealer
Score
7/10

behavioral18

adwarediscoverypersistencestealer
Score
7/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
7/10

behavioral22

Score
7/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

adwarepersistencestealer
Score
6/10

behavioral26

adwarepersistencestealer
Score
6/10

behavioral27

Score
7/10

behavioral28

Score
7/10