3cea23a0d9d9beac90a9840c0c44a9ee638ec376ab60621608b599f73387a236

Sharing

Copy URL

Twitter E-mail

General

Target

251fd694cde765aab1acc900f7e3f5d6_JaffaCakes118
Size

3.3MB
Sample

240704-jdmt8a1aqr
MD5

251fd694cde765aab1acc900f7e3f5d6
SHA1

89b7420838373d6ec5985f2cd2603dad20f5184f
SHA256

3cea23a0d9d9beac90a9840c0c44a9ee638ec376ab60621608b599f73387a236
SHA512

7c47380dda0fec590f46a24181fa5208230f353bcb04fc89f3472e8941bebd7998eed1031a8feb631adc980f9a28dde04a867932b8610bbab46556a6f97e9c90
SSDEEP

49152:8GPQ91PV3rFFjeeJ6j8Dwq81KDE33xxNpb/Nd5tCQ5UhQEhpd8pEOoLxvonbaUb6:8SEF1Z0h3x5nCd+AqbtbaUui3ppH8

Score

7^/10

Malware Config

Targets

- Target
  
  251fd694cde765aab1acc900f7e3f5d6_JaffaCakes118
- Size
  
  3.3MB
- MD5
  
  251fd694cde765aab1acc900f7e3f5d6
- SHA1
  
  89b7420838373d6ec5985f2cd2603dad20f5184f
- SHA256
  
  3cea23a0d9d9beac90a9840c0c44a9ee638ec376ab60621608b599f73387a236
- SHA512
  
  7c47380dda0fec590f46a24181fa5208230f353bcb04fc89f3472e8941bebd7998eed1031a8feb631adc980f9a28dde04a867932b8610bbab46556a6f97e9c90
- SSDEEP
  
  49152:8GPQ91PV3rFFjeeJ6j8Dwq81KDE33xxNpb/Nd5tCQ5UhQEhpd8pEOoLxvonbaUb6:8SEF1Z0h3x5nCd+AqbtbaUui3ppH8
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/Banner.dll
- Size
  
  477KB
- MD5
  
  7a7127c1c951833b9b752b5b55aecd1c
- SHA1
  
  86bdfd31cf14a831b89deb6852292ae012049a98
- SHA256
  
  7b66a639beb9754776bdf123b0a389c83de2003c416fbd9d0488ab32e3f1f921
- SHA512
  
  6b4631d294cdea1c76bfc2a7c9900364be7499e184eaf0be4cfcafe75c775ce057eb9940dcab85d97f6a75b4e29e8bde9c76d412366d9100623aaff69ba8f8b1
- SSDEEP
  
  6144:F3qujs8hR5ycAT21eRBfE6LzA8zjZGeCD:u8RyRAeXfECA8zlG
Score

1^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  14KB
- MD5
  
  a5f8399a743ab7f9c88c645c35b1ebb5
- SHA1
  
  168f3c158913b0367bf79fa413357fbe97018191
- SHA256
  
  dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9
- SHA512
  
  824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977
- SSDEEP
  
  192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/bundle.exe
- Size
  
  1.4MB
- MD5
  
  49a32310628c30cbaa72336cc8099ab0
- SHA1
  
  a19d4faca995632c421eb03c64a51145f26ea259
- SHA256
  
  b3b32999ef8e7a5484245edbb431c3849654947b5a854c66afa7a1e1a4ec752a
- SHA512
  
  dd11731b4338bf879b73f8de7fee87d39955048b54daf7d07a4d2c41b391ddb912d40e3d84474c45bf2eb51001058bcc41cb5acc4ea630b9ff68b6a26df9cc6d
- SSDEEP
  
  24576:N2sFAbLXk1hD2LY+5MPIvdNn44CdGkL12u58Vvp6rsB+3xCGUwaj6DQ671WmQks:TebuWYpwvo4KGi12g8Vvp8sBjGUvj68l
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  14KB
- MD5
  
  a5f8399a743ab7f9c88c645c35b1ebb5
- SHA1
  
  168f3c158913b0367bf79fa413357fbe97018191
- SHA256
  
  dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9
- SHA512
  
  824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977
- SSDEEP
  
  192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go
Score

3^/10
behavioral11 behavioral12
- Target
  
  yourface.exe
- Size
  
  1.4MB
- MD5
  
  2d1a8fe877c2c3a251d9b064438fa132
- SHA1
  
  af6eed972b2c3d819c20b1cca83b91b1819fb4f5
- SHA256
  
  c919043ac844a08523b83e22071824de50998307b11e719503d08cf2d532f847
- SHA512
  
  86d57ba82c93a1dea122b993b9f735cbf080efc6ce8bdea76f4585edc39a936ca043c05123976c15d5a9edaa6a55d0888fbf6434f2fea5c2d4e9eae30434f24d
- SSDEEP
  
  24576:GPOaKA8LjZ6hD2La+5mPIalInV/CpGkL7QB2BSAVv+6GsB93xXvAwsj6DQM71Wnw:Q8YWaDwae/oGi722QAVv+TsBDvArj68M
Score

7^/10

adware discovery evasion spyware stealer trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral15 behavioral16
- Target
  
  MainInstaller.exe
- Size
  
  531KB
- MD5
  
  9ce448dcd7cf13dd950725957361bdff
- SHA1
  
  5831ff31825ea82d90a2989e0fc0a33b859d5f97
- SHA256
  
  3dbc5aff076ef9c86a90ad30e963581f7cb22f8e212aa38db29d82cf45b73f80
- SHA512
  
  b4a175da3677cd3380cb3789f281f2afb10aa00dc9592217062d66eb9b5e73805886b692975d7244cdd439d8d5bcd0eb5810533284ba4b13ff02a20b792bf74f
- SSDEEP
  
  12288:z/8Ze69hm2S17Y/bv9VXXLVS+n28L6OdBCZrrf3xSEowuj6ZQM7gMWZQkN:zihc17YpVE+PGsB03xSEowuj6ZQM71WD
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral17 behavioral18
- Target
  
  PingMe.exe
- Size
  
  7KB
- MD5
  
  991cd458830ae2008be0c2d8e26c8bd0
- SHA1
  
  d519a7ffd8360a47450e60b7d665e666d9df89bc
- SHA256
  
  f2ecda9fb1b201d9a120c5906c6b0983205e4858ecea0065499841cf4047eb71
- SHA512
  
  e45ce313823e43726418378920c367a4957b2806ee8070d0f4acf63fd1fa893577fbe91fc859c81bd8d6984ca1c0fe9ef0b32200c79106a3f7dcff0b8efdb4aa
- SSDEEP
  
  96:GL1h5Q/B2JL1L5Ie79CCna2fLAyrLSc9Q0btWcmRXzNt:GRQ/EL1L5Ie9V5LAySc9Q0bw5RB
Score

1^/10
behavioral19 behavioral20
- Target
  
  Setup.exe
- Size
  
  505KB
- MD5
  
  5d8d0c08384ad73216d52a2eabc064f5
- SHA1
  
  0fa5c77fd6b6323b926c9648679e063d1bbc8bcc
- SHA256
  
  30522715240f4a05859099ac370dfb516097ab257402981c6a9ad31951f36cce
- SHA512
  
  42a3003019e39622082506c7ae50d8a27e2920fdfdf15eb9a8dbf7f1dbd49a02cd0390dabd74c136ed44e9d8ba270540ce9390f31aa84c2fc9fdfcc9e912dd57
- SSDEEP
  
  12288:6xPm2P17YJbq9VXMLVS+n78L6OdBRdrrf3xr5Uw1jcZQM7gMyZQU:6Jh17YYVV+YGsBH3xr5Uw1jcZQM71yZX
Score

7^/10
- Loads dropped DLL
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  325b008aec81e5aaa57096f05d4212b5
- SHA1
  
  27a2d89747a20305b6518438eff5b9f57f7df5c3
- SHA256
  
  c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
- SHA512
  
  18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
- SSDEEP
  
  192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score

3^/10
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/KillProc.dll
- Size
  
  24KB
- MD5
  
  6c2b245e89428fb917a5805815a4054e
- SHA1
  
  5bcd987700dd761f02d2d1d024b8f20077985051
- SHA256
  
  0558bbdfe61eefb680e8560a7d4b174447a9516098f9cd8b4c84bf1552cee5c5
- SHA512
  
  ecb3fb77532d6ffa1ca08df05a6a86b18138356e63cb40edf68f97fc7fdf2e781a4ebeb1efdb9f13f947304312dd19ef5c4a78ddc60843f5f726cde69b2c57d4
- SSDEEP
  
  384:DqIKV2NkzYqElRYhENOwN3uCyolsTMY29Goaz+QshqTPZHoErRZGAqcywHTswk4:D3KexROO3uCyow2/RA9VRZtBzLk5
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral25 behavioral26
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral27 behavioral28
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  4KB
- MD5
  
  faa7f034b38e729a983965c04cc70fc1
- SHA1
  
  df8bda55b498976ea47d25d8a77539b049dab55e
- SHA256
  
  579a034ff5ab9b732a318b1636c2902840f604e8e664f5b93c07a99253b3c9cf
- SHA512
  
  7868f9b437fcf829ad993ff57995f58836ad578458994361c72ae1bf1dfb74022f9f9e948b48afd3361ed3426c4f85b4bb0d595e38ee278fee5c4425c4491dbf
- SSDEEP
  
  48:iYXzAm8HGJLvwM8GJFd6I7W4JtT2bxNNAa4GsNf+CJ8aYqmtlKdgAtgma1QvtCSJ:lz2mJkpGR6GY74GQ1YqmstgGCtR
Score

3^/10
behavioral29 behavioral30
- Target
  
  2YourFace_Util.dll
- Size
  
  50KB
- MD5
  
  4cb05fd996f8c1d5142ec77f52b3eb93
- SHA1
  
  0d8122bc7b4f4991201dbc3e7313c51f38b40493
- SHA256
  
  c05a336d4fd4719ae002c3befc690f462c64930b50912a632441a88f85bec77a
- SHA512
  
  9682d34093e3e8bde0b289d3690722a3e590d7d9cdd058debb122f3c997493d52034aeb36adcc64b52d4805171d4054c9bec87e46e1ec995c6089d4d40d3e3bb
- SSDEEP
  
  768:eh2p6b6ezNEqyRo0Mhjww4EBYkkJnFjGUED3inLEjfOWU3soAdi:eh22bBcJk0fLgu38Q
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Checks installed software on the system

Checks whether UAC is enabled

Installs/modifies Browser Helper Object

Executes dropped EXE

Loads dropped DLL

Loads dropped DLL

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32