d6129731391f088c7c219e2cf69fed6d71e769514e29e65c179116feba1d3d8d

Sharing

Copy URL

Twitter E-mail

General

Target

30aa764e3efb7e234cc694e92d9e495d_JaffaCakes118
Size

1.8MB
Sample

240709-ragg2ayfke
MD5

30aa764e3efb7e234cc694e92d9e495d
SHA1

6563914a1b3849e0ff402b176856684ac2a5da1a
SHA256

d6129731391f088c7c219e2cf69fed6d71e769514e29e65c179116feba1d3d8d
SHA512

af55716fc4806902f92b801399a5d520302722d81b6974ca9e6f72f3191947273efe3f1dd841920d04cd8a26a039c49d21756de402eefd18f20ad770aedcdc48
SSDEEP

49152:cW71Kf0tt8SqQsPcrlU+0OXgS2HX7z2q1:zztX6PJFw2HrCq1

Score

7^/10

adware stealer

Malware Config

Targets

- Target
  
  TVK.exe
- Size
  
  1.8MB
- MD5
  
  423c464233957c5051d0ff3c99374eb9
- SHA1
  
  b6f57eddda400ad497944ee9e83a1f5668fdf17c
- SHA256
  
  49ff2e5130f5eface959ad9926fd7a6095c6e2b3341b246b772a94362493cc33
- SHA512
  
  0e7b9bfbf08f5ccfae2a4e0eb5b781c4942401112734d86ba1363321be8ce45f5fdfad373122b35edb5b27af6b96f54b2084cb18e30162d5be4543a607aafc48
- SSDEEP
  
  49152:EOEnpV1qK/jsTargC/1TuusZWhKWGL6ImfT:bgcK7rBtTuuVZGL6TT
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  //uninstall.exe
- Size
  
  41KB
- MD5
  
  9e060d88181c43f49ffbbed2c5d17cdc
- SHA1
  
  805bfe29582852505c58c0c3d1d56837c7741ee2
- SHA256
  
  7b9c7d0b363a43a4442e6bf9c53f3d9874d65e34822e2958beecacf70725b635
- SHA512
  
  757a1baa74077944805bc76f9b7109b7d50b9f2969dd8270440aae02463347ccaaa3122feee8212a6caece1de4117eb668688e6306dfee4f622bf0b0a50884c0
- SSDEEP
  
  768:mpUheCMl4kpfBzygqhknyKGm0MO+KjcqbVdjUMtFlBJ2929541I8GRSJ:mpUheCLa9ygqgGm0quDBJvGm81
Score

1^/10
behavioral3 behavioral4
- Target
  
  /Buffering.htm
- Size
  
  1KB
- MD5
  
  5098b372211e00f08e141e7c89ae868f
- SHA1
  
  b8efc4cb9599455c83c7f4430196e96f0a7c5180
- SHA256
  
  c90bbafd1cce706ba7bf42ac630b8a9d817ae938058fc1493b4db629ca373ac3
- SHA512
  
  1bc375c0e5ba27757f957318f380811b40681cd3f2f0bc9b84fdfdd128b46e5240ef4c5c31d457b53c8b47f74e5fb7a9edfcecc98d10303bb877a3d3ca250d02
Score

1^/10
behavioral5 behavioral6
- Target
  
  /LoginTV.htm
- Size
  
  6KB
- MD5
  
  2735048a8f5654ba81033291b615aa39
- SHA1
  
  f445b7d682a09259a8e7856b2b1092c8d9ec03c2
- SHA256
  
  f6322042cb2b4647d5c78b19190f8fbb3361354e8c471fc8d795df4d9ed96d93
- SHA512
  
  a6da42a13eb991634f69bc7abe49aa889c63ad0b12f50278e5f77a6c60b856f1650f29e69cc1a5afced023057c2979a053b0525da88d61ec6e8210559f4d9777
- SSDEEP
  
  192:usw3+Bp3NLjPFH2APVxypaEHWpAajoR6XkRX:udyNH2yxkl
Score

1^/10
behavioral7 behavioral8
- Target
  
  /WhatsNew.htm
- Size
  
  5KB
- MD5
  
  1edc829ec751927ca62286776cca277a
- SHA1
  
  9e2f6e482ed75ac439125341c573d2e58e059bf6
- SHA256
  
  9a7b69bd0acf3ee6728d50ebc6069080b3e5303b7eb34b1358fa1eb19599d741
- SHA512
  
  a353a2f26e01d34dc4ee4c0e7ebf7d33798eea75a3efe33251f9f474dea6bb84e2ecc59c5f45b24690b2a83a2f85ab0ca8b27c59f93f721b5c67439936f4a8fa
- SSDEEP
  
  96:hptFusLjPrdFfRRRcRAPei2eUxmeaEHW9CAKSAWGMSuh/HtI+IXwTqDu5FGK/zYi:hp3NLjPFH2APVxypaEHW9xHSuhFSxIf9
Score

1^/10
behavioral10 behavioral9
- Target
  
  /config.dll
- Size
  
  167B
- MD5
  
  d307d8aaa9ba7d16d1bc13dcf701a611
- SHA1
  
  7e5be292eb261d92f5f973e9786992927bb80ae5
- SHA256
  
  6479a5af5c0f2b0ea0c594deb4eed933eaad16987e68b824c03aea77ccf352ad
- SHA512
  
  41d1fc8b1969428836c2fdbf55b96f9f435a59da4a351be62a48cc75bf9471f73bdcc836541d9a5d2f83a7986d6017992cad17c80706af8946080788419d6dce
Score

1^/10
behavioral11 behavioral12
- Target
  
  /mobilefee.htm
- Size
  
  3KB
- MD5
  
  251cc2e4dc6505157f3d5ff94f3898a9
- SHA1
  
  c409ba953a92ccfdba98de7ee1bdbbd1cb62ef3e
- SHA256
  
  05b43c8847c1395195d06bf8cbf4a00ef71fc21457eae9372d11473811493da4
- SHA512
  
  cccb136154888978d436beee8b2ee59cb8f3f80b665855185519bea98a01b2171cd223d2a3925c88d1656003ed49315b8d6be8d3f1c60d97996d5955d47978cc
Score

1^/10
behavioral13 behavioral14
- Target
  
  /setup.exe
- Size
  
  543KB
- MD5
  
  3c4ae82c5569f4957db15ce43da516c7
- SHA1
  
  1863726aebe350c1012c5567b05aedc52bb017f3
- SHA256
  
  44d80a7b74a9e934e3f942d0b14455168768a5a0e50a8f81a6612c7e1c82a1a3
- SHA512
  
  3f7db65656e3ffb7d76ba876b3aaed8e75459807a3773bff4a8d2b54ff63189deb13beed50afd63b783a669512a4dbc7f45d01b310c75689b638974d00a70ad2
- SSDEEP
  
  12288:4yEFoMOM+UNl2Vs3iN9u8Andm4sNty6mkjG:JEFhkmpZVD
Score

1^/10
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  f62d03fcb1473110e920a9bb2c701006
- SHA1
  
  c48444ef2daa60dcdf91f1645cd4ecd8e66545f7
- SHA256
  
  17e2f205af12d5a86638dc83c95fc69199c41af2fa6daeb1e91ec330f68c5372
- SHA512
  
  701d531d405d08054d53298141d5bbd56e74df7b22bcea5f9f0e5c4407421ea0ca9617aa84e740dc1dc44e6d14e58852c1ca2087213cc2319f2da44eaed0bc05
- SSDEEP
  
  192:g6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTxK72dwF7dBdcQOz:g6JaVh4I5rpPbTx+BdhO
Score

3^/10
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  0bbcbaee7b703ebd55cd8658a0e8dcd3
- SHA1
  
  6ed448b8b67cea36eb45bfbc67fed9a6da9623e4
- SHA256
  
  e67277ecc4f6c7beb3c7e586ce508677269db056c7541eacfecf6c719f559da6
- SHA512
  
  604c524bd00313f6411cc9878d5c9a1db77588049feeb5bb02c971df44f8becbd18d251cc20e551b878173eb2a78be61f31352769597c6334cffc0bc2326b008
- SSDEEP
  
  192:WO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1azgMO:TKAFERdlxhGRYUzqZaz
Score

3^/10
behavioral19 behavioral20
- Target
  
  $TEMP/modules/$R0
- Size
  
  171KB
- MD5
  
  43b1aef222adc84a9bd4abf07ac3bb2f
- SHA1
  
  aaf8fc490466db02e489b74d2945831f4ee20258
- SHA256
  
  7d9f571395e368194439142f9e5c2fcd9146fedb2633f57db509c3080cfee23a
- SHA512
  
  6f4e9549233c894afa82c42ab77af5f6e131ea59ae17195a1b54e64a9983a56fe2fe6c9d701618da16183042e601fb0c22a1c7bf68b3fadb3bfa1210f2e3feb6
- SSDEEP
  
  3072:nrCxzdTtYTU1Dfazr9IfU8KoixmsuZxBNwJNkfFLKD10jlusR6ws:+vYTU5EreZN4MFLKDeIms
Score

6^/10

adware stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral21 behavioral22
- Target
  
  $TEMP/modules/addr.dll
- Size
  
  171KB
- MD5
  
  43b1aef222adc84a9bd4abf07ac3bb2f
- SHA1
  
  aaf8fc490466db02e489b74d2945831f4ee20258
- SHA256
  
  7d9f571395e368194439142f9e5c2fcd9146fedb2633f57db509c3080cfee23a
- SHA512
  
  6f4e9549233c894afa82c42ab77af5f6e131ea59ae17195a1b54e64a9983a56fe2fe6c9d701618da16183042e601fb0c22a1c7bf68b3fadb3bfa1210f2e3feb6
- SSDEEP
  
  3072:nrCxzdTtYTU1Dfazr9IfU8KoixmsuZxBNwJNkfFLKD10jlusR6ws:+vYTU5EreZN4MFLKDeIms
Score

6^/10

adware stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral23 behavioral24
- Target
  
  $TEMP/modules/auxr.dll
- Size
  
  63KB
- MD5
  
  7f766010d48093ac4f9a1ae5f8adb15c
- SHA1
  
  c145c109002e17f8c321ee0b2337bf0ff6b1c3da
- SHA256
  
  9bc480c5e32dfcddff336778015b7a88c7ae5447e36956faba6ae81ca448c18a
- SHA512
  
  6d92667be47af5cb6207f83a653f94fc7585b5ea73998909b1ca03da17704eff3832d3aeefa248d072904c38a668255f84555ca89272601eaff0529dced0d828
- SSDEEP
  
  768:kQkBeqgp6xFpvVAdSNifT+PqsUtLfO10a5LiE0r9RahAN6XoTzvouSb8L:kQIe1iAdkifT+otfOTefsAwoTzv8E
Score

7^/10
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral25 behavioral26
- Target
  
  $TEMP/modules/auxr.exe
- Size
  
  167KB
- MD5
  
  cf4183c8dfe4a248913aa8194da45445
- SHA1
  
  b9eb55afe266da98cd20f4a8127c48f4c70683f9
- SHA256
  
  12dcade449a245fde61e11f3d6e5c32c2e470255912b1fd0feb0893e494b78b4
- SHA512
  
  57fae9faf2a8fcaf2ca5bf58dba46d418bfa2316448abc689cb13e5aa6fea61e6fd4407c639655bf7c2673ec983ed4d7a26c7011c3dae32f6ed1ba94d4eca392
- SSDEEP
  
  3072:2arKohsUfso/v8/8OyZowzZzLz7COIEPx86OIEPxK8D:UOsuk/0VzZzLz7COIEPxJOIEPxx
Score

1^/10
behavioral27 behavioral28
- Target
  
  $TEMP/modules/shell.exe
- Size
  
  83KB
- MD5
  
  e3274803c811c15f3bdfde1c8ab4f58a
- SHA1
  
  14315aedbc2302f92e958e45f23c187af04843e8
- SHA256
  
  8191ec0d2ec174fdb3a362155e331e781391c681262d1d0062a81df1921b66ae
- SHA512
  
  87f6dc241bccdffae9eda06fd872a5bd97eb6d0270c0fe7139d0b4c9dc0171e47db6fc7e55349c65985a055e258579b7ba0fd281188c4edda522e46405d1b61d
- SSDEEP
  
  1536:U7S8wpDi0Yozw4BxodTQtii434RGo4zRzFzTVBKUay:p8Gi0YuVPodUt3434RGo4zRzFzHKUf
Score

1^/10
behavioral29 behavioral30
- Target
  
  $TEMP/modules/sign.dll
- Size
  
  75KB
- MD5
  
  fc4573738c246a835f85a95fe95e96ec
- SHA1
  
  f81f3a84bcc439bde64ed40e4668f6dd1b00f5af
- SHA256
  
  69e98bed94c0b02d9f0ee0a93b38632855ff04b5c6d2c596599b4066782c8148
- SHA512
  
  297b2c63a22589a89a6d4259eb8df73e7df1b460421217c16b5b7c094afcadbb1d827470c1755df9437329ff8ebcdf4b64af9eba60fd530c27eee6fae4e61037
- SSDEEP
  
  1536:Iynl3IQCjuOqhADwPMTVjwbRkLMlEWcQzZmgK:bK6Oqymc0mLMlRzkx
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Installs/modifies Browser Helper Object

Installs/modifies Browser Helper Object

Checks BIOS information in registry

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32