276fb9aaa5891fa085559bd168176203d14a1c97df09f05fd496fa060d79cb10

Sharing

Copy URL

Twitter E-mail

General

Target

26b4243db442d797e817c44953544e55_JaffaCakes118
Size

5.8MB
Sample

240704-3wv34ayfnd
MD5

26b4243db442d797e817c44953544e55
SHA1

b662ee7df1e0b040b8b6ba986c73a278647b94d9
SHA256

276fb9aaa5891fa085559bd168176203d14a1c97df09f05fd496fa060d79cb10
SHA512

b85958026650086e4be6023d3a7d0cc679ff8af734bd6ae10acd87bab902964099cf668456e177ec69c7d5b90718ee1b624e258eee3e169bbfb9956dbbb3ac7d
SSDEEP

98304:J5FCaCZBwYHfuJTczPN2vF9/bJV3yYsOvHtQF6InPSgfDJBNBpKZJT:J2BxmJTQl2vP/bJVCTVF68TNyPT

Score

8^/10

Malware Config

Targets

- Target
  
  26b4243db442d797e817c44953544e55_JaffaCakes118
- Size
  
  5.8MB
- MD5
  
  26b4243db442d797e817c44953544e55
- SHA1
  
  b662ee7df1e0b040b8b6ba986c73a278647b94d9
- SHA256
  
  276fb9aaa5891fa085559bd168176203d14a1c97df09f05fd496fa060d79cb10
- SHA512
  
  b85958026650086e4be6023d3a7d0cc679ff8af734bd6ae10acd87bab902964099cf668456e177ec69c7d5b90718ee1b624e258eee3e169bbfb9956dbbb3ac7d
- SSDEEP
  
  98304:J5FCaCZBwYHfuJTczPN2vF9/bJV3yYsOvHtQF6InPSgfDJBNBpKZJT:J2BxmJTQl2vP/bJVCTVF68TNyPT
Score

7^/10

spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/FindProcDLL.dll
- Size
  
  3KB
- MD5
  
  8614c450637267afacad1645e23ba24a
- SHA1
  
  e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2
- SHA256
  
  0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758
- SHA512
  
  af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  325b008aec81e5aaa57096f05d4212b5
- SHA1
  
  27a2d89747a20305b6518438eff5b9f57f7df5c3
- SHA256
  
  c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
- SHA512
  
  18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
- SSDEEP
  
  192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  a4173b381625f9f12aadb4e1cdaefdb8
- SHA1
  
  cf1680c2bc970d5675adbf5e89292a97e6724713
- SHA256
  
  7755ff2707ca19344d489a5acec02d9e310425fa6e100d2f13025761676b875b
- SHA512
  
  fcac79d42862da6bdd3ecad9d887a975cdff2301a8322f321be58f754a26b27077b452faa4751bbd09cd3371b4afce65255fbbb443e2c93dd2cba0ba652f4a82
- SSDEEP
  
  96:2fiqP7bO2qHkAC40KhvSE+6nrxtMn0iGd88qRLqtJ1tbRhElfRx2:siqP7OHX1Q4xtcf8qo/ttgfRx2
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral10 behavioral9
- Target
  
  $TEMP/ApnIC.dll
- Size
  
  240KB
- MD5
  
  ed92900bf225e26a4e54c2c14fa1424f
- SHA1
  
  e32aa2e78d2c8f0e9316080e71a714befe851e6c
- SHA256
  
  b284311140c80784af8f5b01550b0d7eb4b0d64cf2037800cc284856c1ff4740
- SHA512
  
  9e3c7571e2bd2a2ec6d842064b2b310a018bafa7125639135240485625252989d3c0ac5d18c7b4a88835aa8aac67ac2521237dbd757e0ae652ecf39b723e314d
- SSDEEP
  
  3072:pJ+Mz0fYrZiMVpqgQGF4nkpo/kVv6WNJHD9Koeajs0o2XhixrMIyxUkvsWfmbh:pUMz8nMVp+GokO/kt9KoTqxrMXEwa
Score

8^/10

spyware stealer
- Blocklisted process makes network request
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral11 behavioral12
- Target
  
  $TEMP/ApnStub.exe
- Size
  
  139KB
- MD5
  
  c36923084822c017f69396418a999d39
- SHA1
  
  fdc2005ced8acf86c68fe1b86b0698d0539e8ce0
- SHA256
  
  7a158fdeea8f7107be5ce40242546a503193aa1c278f74a4730871b8edd0ba76
- SHA512
  
  fb1106d4f4a138cad28a4282cb00c72688e03610be1d31a7cdd7b42b23e00e4f7ca9e731a7ab016d5920411707e165e3ee48164ef520112d8ac36fad85749c44
- SSDEEP
  
  3072:kchfXbup04LnomgmlgV5sUjbW/+lt5qqqqqqqqqqqqBYFpbO:BPbue4LP+V5f6U7qqqqqqqqqqqqH
Score

1^/10
behavioral13 behavioral14
- Target
  
  $TEMP/ApnToolbarInstaller.exe
- Size
  
  3.5MB
- MD5
  
  7cf1b0069d864d83b729445ad6c3c6a1
- SHA1
  
  613bdcdc4b16eb466124a549d021646eafb70b7c
- SHA256
  
  3d3da0c54c6d36f6f21aeb0fc076b6189d46ba24829dc729f8c4903e21971fc2
- SHA512
  
  27703365ff1c4b086e818334faeab0b7795298bb10abda92adf733318d16916e57d3f6bcb4bb9e4c9e862b048fd2894ff0ef012a262b79b877808c91eb4e67e8
- SSDEEP
  
  49152:GIXA/T1fkbVCs/2cex8CfdVY36EfrTzcZsepCKP5lwJr4a5RR2EArjKmRicekm0K:GUAhfjDYKEgZNCEmf5ArGmKbSH2r
Score

1^/10
behavioral15 behavioral16
- Target
  
  ImgBurn.exe
- Size
  
  2.7MB
- MD5
  
  9bb871708d51de6a6b72a47e569453fc
- SHA1
  
  ae7e7e1616f83425da8ebe5e23140417c7047e2e
- SHA256
  
  fa501963539ea9f70835d8d4f2004c8e0481127499e11c54959146746601b582
- SHA512
  
  4f250b48ff21eb0ef53e35f763bf1eda9bb35e1319560252e0c574728285d5a92b42dbaf1b05c8ace57af0aa1f849a9516b537ef73e9d43fe2b95597ab9421b7
- SSDEEP
  
  49152:pOn/RJc1sBKhC5cfSQNxA4P0vJ2m17LUFCiBWcwLGhrvoQ0rVTIQX5vzFt:pyYQQTdNxFoD1MFC6wL3Q0ZIQp
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral17 behavioral18
- Target
  
  ImgBurnPreview.exe
- Size
  
  209KB
- MD5
  
  c767843e49d828930ac7b9c36cd047f6
- SHA1
  
  bd721b718056825df692046a5259624da4d638d1
- SHA256
  
  6d83891fb8430d642582ba7bde76fc433266ebe6327ec9a43ee2101f0fd79706
- SHA512
  
  96a78312bf96ce3f64d8d89f84dddc70edd12399877e4c74ca0c02418a8944d66ea7bd11a76d13ef693733d7ccb5e08165be74db5a847d5cdb359b8a273eb174
- SSDEEP
  
  3072:vm1BzKL2lZ33qxjrzVcol6gUjywWHlGvakyvVuk2AQ4w/vvoutc:uLzL33qxjWoG19xCuzAQn/XoS
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral19 behavioral20
- Target
  
  uninstall.exe
- Size
  
  71KB
- MD5
  
  da943c4884b1375d00b226be923f0225
- SHA1
  
  b3947815a56c356490a2b54a42a51a2dc31ce503
- SHA256
  
  b3ba1664fae7d056d166889438cc897a731c78097ecec3cd122664206da8c8ba
- SHA512
  
  86e31c35f5e5d0b00763be7864889ad05ea6322f9ead8193ddb3be189099f0726ab6f634bbb4fd340df97172034169f8bb4f95f91ebedac1804bea05977a4f30
- SSDEEP
  
  1536:oQpQ5EP0ijnRTXJ88gg+SsN7buCryG4SDMw0zJR1s:oQIURTXJ88b+vnuCryG3YVK
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral23 behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Blocklisted process makes network request

Reads user/profile data of web browsers

UPX packed file

Enumerates connected drives

UPX packed file

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24