Overview

overview

7

Static

static

7

2a5e3f17fb...18.exe

windows7-x64

7

2a5e3f17fb...18.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

7

$PLUGINSDI...ll.dll

windows10-2004-x64

7

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ML.dll

windows7-x64

3

$PLUGINSDI...ML.dll

windows10-2004-x64

3

$PLUGINSDI...os.dll

windows7-x64

3

$PLUGINSDI...os.dll

windows10-2004-x64

1

BHO.dll

windows7-x64

6

BHO.dll

windows10-2004-x64

6

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

7

$PLUGINSDI...ll.dll

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2a5e3f17fb10a4563e7596f1a163c885_JaffaCakes118

  • Size

    703KB

  • Sample

    240708-ay4tsswene

  • MD5

    2a5e3f17fb10a4563e7596f1a163c885

  • SHA1

    faf136b60cf0bd620cfacf7e2cca0eae085eb00a

  • SHA256

    737dac882bbacfd5b483c79f559d4214cd06a45cfc21995acb21a496bf2f3254

  • SHA512

    5bc77f3f225d7ec0baccd786661af03114395d44a760b55052970de41a9997f4fdc934b30945be7a1c855f70a1d40071c7dca4642c31678f7c7e7d23a79356e7

  • SSDEEP

    12288:Sn3HSdtYaKtTRt9qQqn+oOaU3EfCuQLVOfpH5dZW04w9m8346dysK/Gq:S3ydtYRtdqM3BpohNWcRo6YX/Gq

Score
7/10
adwarestealerupx

Malware Config

Targets

    • Target

      2a5e3f17fb10a4563e7596f1a163c885_JaffaCakes118

    • Size

      703KB

    • MD5

      2a5e3f17fb10a4563e7596f1a163c885

    • SHA1

      faf136b60cf0bd620cfacf7e2cca0eae085eb00a

    • SHA256

      737dac882bbacfd5b483c79f559d4214cd06a45cfc21995acb21a496bf2f3254

    • SHA512

      5bc77f3f225d7ec0baccd786661af03114395d44a760b55052970de41a9997f4fdc934b30945be7a1c855f70a1d40071c7dca4642c31678f7c7e7d23a79356e7

    • SSDEEP

      12288:Sn3HSdtYaKtTRt9qQqn+oOaU3EfCuQLVOfpH5dZW04w9m8346dysK/Gq:S3ydtYRtdqM3BpohNWcRo6YX/Gq

    Score
    7/10
    upx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/UAC.dll

    • Size

      13KB

    • MD5

      29858669d7da388d1e62b4fd5337af12

    • SHA1

      756b94898429a9025a04ae227f060952f1149a5f

    • SHA256

      c24c005daa7f5578c4372b38d1be6be5e27ef3ba2cdb9b67fee15cac406eba62

    • SHA512

      6f4d538f2fe0681f357bab73f633943c539ddc1451efa1d1bb76d70bb47aa68a05849e36ae405cc4664598a8194227fa7053de6dbce7d6c52a20301293b3c85f

    • SSDEEP

      384:RlNMjIH4DnFnyJ0Dt5ZtmVWsSLr4z9VwzU:RlqMYzFnD/tmQFLrSw

    Score
    3/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      7579ade7ae1747a31960a228ce02e666

    • SHA1

      8ec8571a296737e819dcf86353a43fcf8ec63351

    • SHA256

      564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

    • SHA512

      a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

    Score
    3/10
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/ZipDLL.dll

    • Size

      163KB

    • MD5

      2dc35ddcabcb2b24919b9afae4ec3091

    • SHA1

      9eeed33c3abc656353a7ebd1c66af38cccadd939

    • SHA256

      6bbeb39747f1526752980d4dbec2fe2c7347f3cc983a79c92561b92fe472e7a1

    • SHA512

      0ccac336924f684da1f73db2dd230a0c932c5b4115ae1fa0e708b9db5e39d2a07dc54dac8d95881a42069cbb2c2886e880cdad715deda83c0de38757a0f6a901

    • SSDEEP

      3072:8CkSJJ30k1pn2T4ISnUGN+E8KnCOxA17jxLmRtWHyPDQFllOdJiSg:tkSJy+c30UxbKnA1hLKWSVdk

    Score
    3/10
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/inetc.dll

    • Size

      24KB

    • MD5

      1efbbf5a54eb145a1a422046fd8dfb2c

    • SHA1

      ec4efd0a95bb72fd4cf47423647e33e5a3fddf26

    • SHA256

      983859570099b941c19d5eb9755eda19dd21f63e8ccad70f6e93f055c329d341

    • SHA512

      7fdeba8c961f3507162eb59fb8b9b934812d449cc85c924f61722a099618d771fed91cfb3944e10479280b73648a9a5cbb23482d7b7f8bfb130f23e8fd6c15fb

    • SSDEEP

      384:XErRo4TdlKCdUk6qz46qu2vPqUcnlSHmkuPJOiya4fF0Ac9khYLMkIX0+GvBgK3M:XiRoW7Kc5bBq1qNlSHmkuPJOJa4f4CD

    Score
    3/10
    behavioral11behavioral12

    • Target

      $PLUGINSDIR/md5dll.dll

    • Size

      6KB

    • MD5

      0745ff646f5af1f1cdd784c06f40fce9

    • SHA1

      bf7eba06020d7154ce4e35f696bec6e6c966287f

    • SHA256

      fbed2f1160469f42ce97c33ad558201b2b43e3020257f9b2259e3ce295317a70

    • SHA512

      8d31627c719e788b5d0f5f34d4cb175989eaa35aa3335c98f2ba7902c8ae01b23de3ccb9c6eb95945f0b08ef74d456f9f22ca7539df303e1df3f6a7e67b358da

    • SSDEEP

      96:GL2PcvGn5olZMTZxEp8agTsflVwn4GogZcko5N1ub:U2Pxn5UZMTZipyaw4ZkKP2

    Score
    7/10
    upx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral13behavioral14

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      c10e04dd4ad4277d5adc951bb331c777

    • SHA1

      b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

    • SHA256

      e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

    • SHA512

      853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

    • SSDEEP

      96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420

    Score
    3/10
    behavioral15behavioral16

    • Target

      $PLUGINSDIR/nsisXML.dll

    • Size

      12KB

    • MD5

      aaf5a62051c11db6aa1a651bb9c295dd

    • SHA1

      75413fd14a67a468578c9d8fbd1c0a810c5044d0

    • SHA256

      55ec0f7d4c14b8b36e18203dad5604d066979e18017207f1165f17691845b161

    • SHA512

      f35a6c4e133d5dd396cc326f7f7365483de0477629e290a91b2200253cf7bb39e0d8ab700eda66d88c7b5568cfac069d4a7b277400ad776d64611a3723362466

    • SSDEEP

      192:QvqKNVSPpH4sI76ffQ+AEl+Nmq5i0ynCW3:QvqKPwW7GABNRi0i9

    Score
    3/10
    behavioral17behavioral18

    • Target

      $PLUGINSDIR/nsisos.dll

    • Size

      5KB

    • MD5

      69806691d649ef1c8703fd9e29231d44

    • SHA1

      e2193fcf5b4863605eec2a5eb17bf84c7ac00166

    • SHA256

      ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

    • SHA512

      5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb

    • SSDEEP

      48:6EyuygeHCfxwU5x+6kx/k1gONv27oBc2OkIrHHl:VeHCf2762kKsu7oGjkIrn

    Score
    3/10
    behavioral19behavioral20

    • Target

      BHO.dll

    • Size

      422KB

    • MD5

      d7dc7dfe31fa56bbf486e947d89c68f3

    • SHA1

      674356049964ef722e4282b06bca73f82a8ca28d

    • SHA256

      277b179862655d592587ad3597c1c5ebf8f99a76247a5b8561aec45d8e8edc33

    • SHA512

      b252f756d5cb86af57436b6eb73563d37c2b1e95df38e003df7c4107ead2503f69d8d33ced1f84dba370f7ca54b1ca05a8a2e0630f71100fed7a502720e9ee5b

    • SSDEEP

      12288:S9wRMzTXIQyjP85LkkiAKmvTuEp+V9ma29fi0sfBmYblZPx:SiWzcWTuY+Ga0sfBmclZ

    Score
    6/10
    adwarestealer

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral21behavioral22

    • Target

      Uninstall.exe

    • Size

      78KB

    • MD5

      53ec2bfd9b7eb90ad32ab312ff7aff85

    • SHA1

      dcb6660f5743155c80fbcbc7487b6c9234fd7c21

    • SHA256

      83c859f2c0de9fd43eba3699ef5a61bc40b28fb92831488f0223918a3903beb5

    • SHA512

      853c56029b4a72970f1b49433dd15f4b8437bf5b4b3d930483da8f4faa2d95efacbdb92067131b6c155d5473d217687c75fd6e39a9172c3fae4fba0295c66fc5

    • SSDEEP

      1536:FQpQ5EP0ijnRTXJ1gdLeAyNL4bK6MPLWhbhRgPbgmBY/V5D+DQ1sucVU1jb:FQIURTXJ1ceA/Amg8oY/V5CCSVeb

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral23behavioral24

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    behavioral25behavioral26

    • Target

      $PLUGINSDIR/UAC.dll

    • Size

      13KB

    • MD5

      29858669d7da388d1e62b4fd5337af12

    • SHA1

      756b94898429a9025a04ae227f060952f1149a5f

    • SHA256

      c24c005daa7f5578c4372b38d1be6be5e27ef3ba2cdb9b67fee15cac406eba62

    • SHA512

      6f4d538f2fe0681f357bab73f633943c539ddc1451efa1d1bb76d70bb47aa68a05849e36ae405cc4664598a8194227fa7053de6dbce7d6c52a20301293b3c85f

    • SSDEEP

      384:RlNMjIH4DnFnyJ0Dt5ZtmVWsSLr4z9VwzU:RlqMYzFnD/tmQFLrSw

    Score
    3/10
    behavioral27behavioral28

    • Target

      $PLUGINSDIR/inetc.dll

    • Size

      24KB

    • MD5

      1efbbf5a54eb145a1a422046fd8dfb2c

    • SHA1

      ec4efd0a95bb72fd4cf47423647e33e5a3fddf26

    • SHA256

      983859570099b941c19d5eb9755eda19dd21f63e8ccad70f6e93f055c329d341

    • SHA512

      7fdeba8c961f3507162eb59fb8b9b934812d449cc85c924f61722a099618d771fed91cfb3944e10479280b73648a9a5cbb23482d7b7f8bfb130f23e8fd6c15fb

    • SSDEEP

      384:XErRo4TdlKCdUk6qz46qu2vPqUcnlSHmkuPJOiya4fF0Ac9khYLMkIX0+GvBgK3M:XiRoW7Kc5bBq1qNlSHmkuPJOJa4f4CD

    Score
    3/10
    behavioral29behavioral30

    • Target

      $PLUGINSDIR/md5dll.dll

    • Size

      6KB

    • MD5

      0745ff646f5af1f1cdd784c06f40fce9

    • SHA1

      bf7eba06020d7154ce4e35f696bec6e6c966287f

    • SHA256

      fbed2f1160469f42ce97c33ad558201b2b43e3020257f9b2259e3ce295317a70

    • SHA512

      8d31627c719e788b5d0f5f34d4cb175989eaa35aa3335c98f2ba7902c8ae01b23de3ccb9c6eb95945f0b08ef74d456f9f22ca7539df303e1df3f6a7e67b358da

    • SSDEEP

      96:GL2PcvGn5olZMTZxEp8agTsflVwn4GogZcko5N1ub:U2Pxn5UZMTZipyaw4ZkKP2

    Score
    7/10
    upx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

upx
Score
7/10

behavioral2

upx
Score
7/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

upx
Score
7/10

behavioral14

upx
Score
7/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
1/10

behavioral21

adwarestealer
Score
6/10

behavioral22

adwarestealer
Score
6/10

behavioral23

Score
7/10

behavioral24

Score
7/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
3/10

behavioral30

Score
3/10

behavioral31

upx
Score
7/10

behavioral32

upx
Score
7/10