91016984262cedda07af646847e832fc0f961d70c22a0fc79a400f253aae9cd7

Sharing

Copy URL

Twitter E-mail

General

Target

2b2c904bb1cbc51c113183f1988480de_JaffaCakes118
Size

3.2MB
Sample

240708-gc8zysvekp
MD5

2b2c904bb1cbc51c113183f1988480de
SHA1

95ae75493bdec5b55b595e221389a620259ff9f4
SHA256

91016984262cedda07af646847e832fc0f961d70c22a0fc79a400f253aae9cd7
SHA512

c8256af0a53ad8b9ca9a5d5e3c46826fc578eb090e3c46cfb5997c5e562f9b5e30619fad589b10e631fe7ebeeed31fd1ab1b8e6cd33bdef76af118b644b45ee5
SSDEEP

98304:0/ZAhwUQTPmjRs4fH6HjCqNVmbvATPiKkAWiHds:OZOUPm1ssvbuPiKzHm

Score

7^/10

adware stealer

Malware Config

Targets

- Target
  
  2b2c904bb1cbc51c113183f1988480de_JaffaCakes118
- Size
  
  3.2MB
- MD5
  
  2b2c904bb1cbc51c113183f1988480de
- SHA1
  
  95ae75493bdec5b55b595e221389a620259ff9f4
- SHA256
  
  91016984262cedda07af646847e832fc0f961d70c22a0fc79a400f253aae9cd7
- SHA512
  
  c8256af0a53ad8b9ca9a5d5e3c46826fc578eb090e3c46cfb5997c5e562f9b5e30619fad589b10e631fe7ebeeed31fd1ab1b8e6cd33bdef76af118b644b45ee5
- SSDEEP
  
  98304:0/ZAhwUQTPmjRs4fH6HjCqNVmbvATPiKkAWiHds:OZOUPm1ssvbuPiKzHm
Score

3^/10
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  3809b1424d53ccb427c88cabab8b5f94
- SHA1
  
  bc74d911216f32a9ca05c0d9b61a2aecfc0d1c0e
- SHA256
  
  426efd56da4014f12ec8ee2e268f86b848bbca776333d55482cb3eb71c744088
- SHA512
  
  626a1c5edd86a71579e42bac8df479184515e6796fa21cb4fad6731bb775641d25f8eb8e86b939b9db9099453e85c572c9ea7897339a3879a1b672bc9226fcee
- SSDEEP
  
  192:i6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxT7K72dwF7dBdcQOz:i6JaVh4I5rpPbT7+BdhO
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  8c909780802ac2097ea4132e6375acd2
- SHA1
  
  b35fbda0725d7c66281d5c340b53eb5d54922583
- SHA256
  
  c66b568cd675806a499273e3e8aeda350425aac17fc24342ed54e477417cdc0f
- SHA512
  
  e94a37c586e55de8b61b427c14a385dcc57f3602d3dace90ad4663609da14a922cb78f76a58ed211549e987ba6f130cf2581eb48bcad2c9c25c6dc93a7ff6d08
- SSDEEP
  
  48:SnTGmVN7ZTPUptxEwvBqAKxwLJXyTpXieN2JVGLalmQ2lUmiwag/nDGkaEJlof6P:+7ZDGEQ9LJX6weN2TuXQ2lBiwag/np/
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/QvodInit.exe
- Size
  
  109KB
- MD5
  
  940ee4b21f1ebd199420dc346a92280b
- SHA1
  
  44709cee51af7df4ea9d472176521046460e8261
- SHA256
  
  7afbdb47aa9649b8fe2ad5fe3c60a68cea859dfa5c9b1f19d03ec78fc917d8cf
- SHA512
  
  dc774413d8d16b927ab779e2890a7d8d053fb635d7bceddb52c3c20a674e8502f75e1fe4ab571d5658c615d81861a6ca3d707d334773970df6cf0f34cc2fad30
- SSDEEP
  
  1536:gMBfKFgpr2N6FcGpmN/xjETJJl+Vz0ijKSHTNf2Xh9PRUGVASsu2VNaLCKF:jR4nNJ4TJJl+50iuSzNOrRUm2V49
Score

1^/10
behavioral7 behavioral8
- Target
  
  360Inst-qvod001.exe
- Size
  
  561KB
- MD5
  
  dc664e15f04476d8d835a48edcf87de0
- SHA1
  
  6d719604157eaf9b897279a092bba085c0b48282
- SHA256
  
  8e38bfcfe79726bbf06a9611a4c46cc580cf2132dcc810341b57a0444a2afb9d
- SHA512
  
  e932d12bfa4e6c9562da4260085b46d87ce189e6df282a250bdae06f01133289305dc01cedca5ea932f3f461d73728ef1558c0b0d83744aaaf1f564d386a8cd7
- SSDEEP
  
  12288:50lf0XW6ZU3qPp5bP6/9pvNhWHPqQuX9dHLw/hrt5DS5OxBgQgg:5vRP6lXwHYtM/352sxBAg
Score

7^/10
- Loads dropped DLL
behavioral10 behavioral9
- Target
  
  Baidu-ASBar.exe
- Size
  
  449KB
- MD5
  
  b3329f052a8b60266b9bfbcdb9082d58
- SHA1
  
  0856e6f3e1d7f23ba6d323c1836845e833a9fab2
- SHA256
  
  1acb302343da26a4d764de4db15cd78d5d2e1214a70fdd83a24a03162061e150
- SHA512
  
  162225a2ed7058225579d6440f820d5c31713de396497894d6bf14deb42166f83c324175ccfe0c847e4264c2ef39e7a436d91e4fac52ea1dca82a8924438b996
- SSDEEP
  
  6144:Sv9WDVkN8PoehLmmMSa2qWIlAYB4ys/OdURKjX1WQYQWa6sx5OUG9P4Tb8bqyXtc:FJhL4dWuCJgvPjG9P4HIXyrWY
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PROGRAM_FILES/Baidu/AddressBar/AddressBar_Tmp/AddressBar.dll
- Size
  
  1.0MB
- MD5
  
  a8e461b119cd3356cb7be15611e74255
- SHA1
  
  f5fd59175a2ff79d7a4a2095cff444087c6faf14
- SHA256
  
  603e75820b4b04d7ffb1374c091d649432ab29a432d8bd614b8735d055eafd6f
- SHA512
  
  fcb23082051820f4e18351f443e54ee48c982a9e51ead1d02866308088ebec1ec14f6579d2a7c480d070a2f2b191f670925c12a22735397dfc85b58398d2bd42
- SSDEEP
  
  24576:tVEpLF//Gc9JwUCp0PSUxqJ4BjQDVLtTpx6W1t76qOY:tVER5UVBTr6ot76qOY
Score

7^/10

adware stealer
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral13 behavioral14
- Target
  
  Baidu-Toolbar-utf8kb_cb.exe
- Size
  
  842KB
- MD5
  
  b98c05fa8d1effbcdb9f720c50aa6f40
- SHA1
  
  28c0fd0b8edfe264e431b199ea611e7833b979dd
- SHA256
  
  c2c9430894258735f487ed9f75f9da4a8246eca5285be76afd0830f77f4fcc92
- SHA512
  
  77d20d9c12adb4ae543f5bc2d41a24367d92491a295c5dc75ab2b778dc92e11e9f11a31895dfafd7cb0994bbe594d88a16584532cdb27d86ea630f7b928dd2ee
- SSDEEP
  
  24576:PWe0JIIC6Nuo9iEmlW/7aFbYUXXXozK0H:P50JWm34W/GFbY6XYrH
Score

3^/10
behavioral15 behavioral16
- Target
  
  $PROGRAM_FILES/Baidu/Toolbar/BaiduBarX_Tmp/BaiduBarX.dll
- Size
  
  2.3MB
- MD5
  
  8c70775e64828cf1bc974aa850862620
- SHA1
  
  77fcbd8f8a9d2f5ea9051f26da104bef50195881
- SHA256
  
  7216f4e16b6ca0c2b3b9f6c28bd1618802e0963c72c26a7285fefaf0fe95aa9c
- SHA512
  
  2c5d699a5d80222b1b310f1f059643186b9d4755da502b840b5a2c6daff3fbfa836e45d3d98150c72a76b47077637400a2c2856e07ee9628e07017b93877bbaf
- SSDEEP
  
  49152:9VVPl8AlDw6JPul9zjJ+rEC0KaTda845t20Tu1IA2Nvvf:9VLPlD1BufPJ+h3vj
Score

7^/10

adware stealer
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral17 behavioral18
- Target
  
  Codecs/ColorFilter.ax.new
- Size
  
  141KB
- MD5
  
  fa098ed1394496b2ba53f1773f70d711
- SHA1
  
  6db54dfee27c70e61e3ef1d5374513c16fd602aa
- SHA256
  
  19b84b912d782333cfed1727e69da83846b77d7c90736b5621b438f9f50d107c
- SHA512
  
  74b2704dba6ace3fecca0dd6e790162b961ca9fb9ae6240aefb1f0d52959f58456c626378c745cbc155a8928d850614b8df6804b851e8d017c5ebeca01c17a8c
- SSDEEP
  
  3072:9ymeNWoqvzMcvAXQQ0vlvYKQptcabWQlHs69rDc92:wE1vzM8bvhs7lHs69A2
Score

1^/10
behavioral19 behavioral20
- Target
  
  Codecs/RealMediaSplitter.ax.new
- Size
  
  372KB
- MD5
  
  b91968f4f21d803d2467da89d9cd7275
- SHA1
  
  a0e1a676fe340f6bd211a1b40c0b6d8d1715d82e
- SHA256
  
  4287023170ab52ec3883af9a464d281358ae44225b25b101697c2ae66c82f935
- SHA512
  
  047470fda7ff9cda15cc4baaf0d5031bc8c37a9a7a827601c0e6db149f3af5149860afc45dd92c1a035f537971a70cb0f31372de12c080cecc3d93a89e6b8d65
- SSDEEP
  
  6144:sbH9JP/W0D2hzNqURg44nlHR0urOU48+EQHapawA9MDL:OJP/W0D2Pq/rpR0urOU4lExnn
Score

1^/10
behavioral21 behavioral22
- Target
  
  Codecs/asfsplliter.ax.new
- Size
  
  64KB
- MD5
  
  4a7e26d268c355fb5da19a4400e7770b
- SHA1
  
  ebe3c19a94e12c2a5d39bc816317961797a6c89b
- SHA256
  
  5c44df6b0d4d212271a1ca4c008ea003a2dd1168059333169b3562c51065c3e9
- SHA512
  
  db5f0161d64b27cebc6de443e68cf596725ea1034f20c58f2a019f2d50e67574e33ffe65e8f5a9b21095cd2f309a97b58ee3603e528276aeefa67c9d7b3234f6
- SSDEEP
  
  768:Y9We0OJXnfX2c+AOW8gpukVl5sqiCpl3il7T59bSob4p9Gk0:Y9WEXn/2c+7jlkV4dCpN67t9bSXG5
Score

1^/10
behavioral23 behavioral24
- Target
  
  Codecs/atrc.dll.new
- Size
  
  76KB
- MD5
  
  ed7c402a17a33d428a6d0dad2e7c42d8
- SHA1
  
  93a6dcf0abe28a01403da578d685cc5c0b48bb82
- SHA256
  
  00cb4ae39a6e18c07e12ae53150ee29ece9ef4561a496920f19813aa431daff2
- SHA512
  
  bddc074123d3f144d7903d5f2502f8961ef79e1a06ce05d1769f37314eb276729444647a9f5c9e80fec0512cbd07b5e46be40f6f6015f8b1a255d7daf3ae28f1
- SSDEEP
  
  1536:k7b44Vh7qOxPccMvJY1cnd5unZsQDUhl:k7MuPccEYW3IZhDUhl
Score

1^/10
behavioral25 behavioral26
- Target
  
  Codecs/cook.dll.new
- Size
  
  64KB
- MD5
  
  fa220dae3898b8578c34791648321a38
- SHA1
  
  12bdd5396e996d071368980d36ef6f6c7b39f936
- SHA256
  
  f8b5898569a508e370eb25db27c1cba440c9d559529850c05589e56a93659835
- SHA512
  
  9c2ad73fd43de7ca16a1d75b2974a737dfe1478d094783861ff5e3f994e17bc9e36e31f130296b497bb8955849be31db526018c0621cf5b09496fc6e5c3d6f34
- SSDEEP
  
  768:79rczOVJc8avUhcRxV6Sz+b2G90YnGZosMwCJtVSk7K+t6tj6tVDWVp3Ghv+Xb:7uqc8/aUSz62G9LnOnMK+t6tR
Score

1^/10
behavioral27 behavioral28
- Target
  
  Codecs/drvc.dll.new
- Size
  
  260KB
- MD5
  
  e9ad4c6feede8ce70a1a21ed1dc0e2ad
- SHA1
  
  ec6b32969e43328a177456be63864d004d501fce
- SHA256
  
  ef8d7d81cb460db57f2e737ca0de3e0c6c06f78273e49a47b24f0a1eeaa2909f
- SHA512
  
  ccd0a54e989b882db33e932fd95d29922dcc3e8608f32beef5882182be0534d809f67ce4d54ac894165f51e237ad39402ca97cf05e933fdd3c01c4f6ae50643c
- SSDEEP
  
  6144:hsNg+cXo8ZJI54BxrFPpH5Dtf5DNWoEaeglljEz:hsNg+Qo8ZJPWoEillYz
Score

1^/10
behavioral29 behavioral30
- Target
  
  Codecs/raac.dll.new
- Size
  
  540KB
- MD5
  
  cbb31c7b408e92fe01bd7ef7248a2b24
- SHA1
  
  3854ea40efe0a6f1a3f752ea6c2d915b952fb22b
- SHA256
  
  80fe7db8b85c4e7c767ba7a9f3d2426933beec18f9cc4ce4a279e96b41683e27
- SHA512
  
  1cd5dfc6aa86f432915bce4b54b258d370fcbf41c4c87ca4d45b0daf0560b945f0bfddaf93e274a0fb71659b8744776142f8afb384a745108454f894fdd59c0d
- SSDEEP
  
  12288:SWTRJoKssbGkZvYdizYMEYeT6ueQpcNwtXDDDDDDDDDLDDD6NcKKKKYYYYYpDDks:SW8KssykZgdizNEYeT6ueQpawkNcKKKG
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Executes dropped EXE

Loads dropped DLL

Installs/modifies Browser Helper Object

Executes dropped EXE

Loads dropped DLL

Installs/modifies Browser Helper Object

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32