6a9089fce4d7fce05b4ec9783a529a6dc5b7b9bb7a38523ea32c135c2438f181

Sharing

Copy URL

Twitter E-mail

General

Target

3747b8d5a17dd899b49d9db215062252_JaffaCakes118
Size

6.2MB
Sample

240711-cegw2asfmq
MD5

3747b8d5a17dd899b49d9db215062252
SHA1

231720f04efdc29b8354bce403d0363af0e75368
SHA256

6a9089fce4d7fce05b4ec9783a529a6dc5b7b9bb7a38523ea32c135c2438f181
SHA512

5af6d261d02a7e464a41ee495c174b224a20a0762207ed157b3cba47edafe67ed3e98e596455f7f1805013b0bbc016765f415db4bedf3139ecc56ffa57d8e515
SSDEEP

98304:ZtNd9gHZhpXoZYD3VOwFimXLdIHEBM/LqQfbCbJjWpeeJGIVwWgo5rq:Z3vg5h2Zm3l/b+k4+QKJoeOwW9W

Score

7^/10

adware stealer

Malware Config

Targets

- Target
  
  3747b8d5a17dd899b49d9db215062252_JaffaCakes118
- Size
  
  6.2MB
- MD5
  
  3747b8d5a17dd899b49d9db215062252
- SHA1
  
  231720f04efdc29b8354bce403d0363af0e75368
- SHA256
  
  6a9089fce4d7fce05b4ec9783a529a6dc5b7b9bb7a38523ea32c135c2438f181
- SHA512
  
  5af6d261d02a7e464a41ee495c174b224a20a0762207ed157b3cba47edafe67ed3e98e596455f7f1805013b0bbc016765f415db4bedf3139ecc56ffa57d8e515
- SSDEEP
  
  98304:ZtNd9gHZhpXoZYD3VOwFimXLdIHEBM/LqQfbCbJjWpeeJGIVwWgo5rq:Z3vg5h2Zm3l/b+k4+QKJoeOwW9W
Score

7^/10
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/AnimGif.dll
- Size
  
  9KB
- MD5
  
  11e94fedb34f46458f9dc773a91f2770
- SHA1
  
  791cf30880c74df9d6f7c1e637e4fdf5fa88b38a
- SHA256
  
  54ccdcb42fb3e63b7a55e8c0e7d12182a0338ea38b106b793ca048000a189ab5
- SHA512
  
  57dd38bebdd7d8fbc4b3daeecabc5c2617d4f5b2f6ad2396a702f1da362bc72deacfea2dd1550b0e00269188676324e1b7dd6ed372211c8bf664af824ac8d950
- SSDEEP
  
  96:kVh/i//UrWWXMAb+6aNqRjTwUWo5zFyRH0aTyZekTIVCAEHZNKNy0p:uh/Bl8AIQR/bWSMRH00yQBEH
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/Banner.dll
- Size
  
  4KB
- MD5
  
  91c9ee5005ac6cb4ec79a3b039b4c8df
- SHA1
  
  95a9c018b501b6697beca846a33955909c3f97be
- SHA256
  
  05838c8f81efbb98679010158f29cefd88a34fb1fe5d603e839dd406235ddf29
- SHA512
  
  41cc45a64fbe64cd83e704e87193004245f5d29f4f880921d041e5f2ceec86ca0653146e6477642eba73875b9d5f0d773b540436b19e4797def9c15d7618474b
Score

1^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/FindProcDLL.dll
- Size
  
  31KB
- MD5
  
  83cd62eab980e3d64c131799608c8371
- SHA1
  
  5b57a6842a154997e31fab573c5754b358f5dd1c
- SHA256
  
  a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294
- SHA512
  
  91cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9
- SSDEEP
  
  384:1NWlNdqdAnhTKMLE2oIM05fnqCiWg3Yy9kflIinokN:1NWtqdihTKCldkYwkdpnoy
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  0dc0cc7a6d9db685bf05a7e5f3ea4781
- SHA1
  
  5d8b6268eeec9d8d904bc9d988a4b588b392213f
- SHA256
  
  8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c
- SHA512
  
  814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0
- SSDEEP
  
  192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/KillProcDLL.dll
- Size
  
  32KB
- MD5
  
  83142eac84475f4ca889c73f10d9c179
- SHA1
  
  dbe43c0de8ef881466bd74861b2e5b17598b5ce8
- SHA256
  
  ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729
- SHA512
  
  1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1
- SSDEEP
  
  384:3rYz6grZodORNWATt4TBmlk5ooyzFh7BukAUdJoUtSOSR:3QggDWATWNCFh7BNddJoxO+
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/Math.dll
- Size
  
  66KB
- MD5
  
  9eb6cecdd0df9fe32027fcdb51c625af
- SHA1
  
  52b5b054ff6e7325c3087822901ea2f2c4f9572a
- SHA256
  
  54cf1572ed47f614b0ffb886c99fc5725f454ef7ff919fbb2fd13d1cbe270560
- SHA512
  
  864742ec6f74f94057b54cd9b09707c0125ac8db4844fa80af201e8b72a811bb68276c993e75bce67e5ece4f83644572edbdee5e963634c5a37839615faea97a
- SSDEEP
  
  1536:LP43WZ4Ql60gam+2MwRmPeqFVHbQH0ZZ1Iet:LwU609VMH0T/t
Score

3^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  00a0194c20ee912257df53bfe258ee4a
- SHA1
  
  d7b4e319bc5119024690dc8230b9cc919b1b86b2
- SHA256
  
  dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
- SHA512
  
  3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/ZipDLL.dll
- Size
  
  163KB
- MD5
  
  2dc35ddcabcb2b24919b9afae4ec3091
- SHA1
  
  9eeed33c3abc656353a7ebd1c66af38cccadd939
- SHA256
  
  6bbeb39747f1526752980d4dbec2fe2c7347f3cc983a79c92561b92fe472e7a1
- SHA512
  
  0ccac336924f684da1f73db2dd230a0c932c5b4115ae1fa0e708b9db5e39d2a07dc54dac8d95881a42069cbb2c2886e880cdad715deda83c0de38757a0f6a901
- SSDEEP
  
  3072:8CkSJJ30k1pn2T4ISnUGN+E8KnCOxA17jxLmRtWHyPDQFllOdJiSg:tkSJy+c30UxbKnA1hLKWSVdk
Score

3^/10
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/inetc.dll
- Size
  
  24KB
- MD5
  
  1efbbf5a54eb145a1a422046fd8dfb2c
- SHA1
  
  ec4efd0a95bb72fd4cf47423647e33e5a3fddf26
- SHA256
  
  983859570099b941c19d5eb9755eda19dd21f63e8ccad70f6e93f055c329d341
- SHA512
  
  7fdeba8c961f3507162eb59fb8b9b934812d449cc85c924f61722a099618d771fed91cfb3944e10479280b73648a9a5cbb23482d7b7f8bfb130f23e8fd6c15fb
- SSDEEP
  
  384:XErRo4TdlKCdUk6qz46qu2vPqUcnlSHmkuPJOiya4fF0Ac9khYLMkIX0+GvBgK3M:XiRoW7Kc5bBq1qNlSHmkuPJOJa4f4CD
Score

3^/10
behavioral19 behavioral20
- Target
  
  $R1/$SYSDIR/nsis_loader.dll
- Size
  
  24KB
- MD5
  
  cb004c514f4db290a92d0f072f6dc408
- SHA1
  
  49a52aac91ca5b10290872f80fcc8cca114fa6be
- SHA256
  
  ad0117c20a01ac779f664f2edfd7da0b8c77623e5301468c99ef6510db920a6f
- SHA512
  
  8d768433521eea54d3d7e274b8760f21e72c87881376299b987236bd95e7797814f71d23b2acae4b0a6d06a74b64093c993e2c3065374ed0bc678a0585cd9d98
- SSDEEP
  
  96:P0ITfF6zf9opvpctRDEtNmBOQmtNmCB8LxuA5nnWxy:P02fF6BwBczQnFQmnNB8LxPnWx
Score

1^/10
behavioral21 behavioral22
- Target
  
  $R1/npuuseep.dll
- Size
  
  298KB
- MD5
  
  ab4f51ee7ae1581e5be9be037b26def0
- SHA1
  
  53a19347461f7db52ab4a5430cf740a26a976f76
- SHA256
  
  aa6405527be03180cb19f6e9d986359d2cc2b5a43c9ae69a4b37149b6822afca
- SHA512
  
  dd532d556e348fd4a1e3c2d740ede7b5e56feaea07e7bbf42ae16a1887e9695f916a3e4676e7a7ebe762d2c02e3a64de3e9df72edc2de725c0f0ad38fd7cfd76
- SSDEEP
  
  6144:BqYmM67Qzxgdv01sPFl7vmQGA/QVpLhM/oP70gwbDaqz4D:OQzx+f/v9lQVpLhZ7lwn/z
Score

3^/10
behavioral23 behavioral24
- Target
  
  $SYSDIR/gtapi_signed.dll
- Size
  
  71KB
- MD5
  
  61bc40d1fad9e0faa9a07219b90ba0e4
- SHA1
  
  5b5c3badedba915707000d2047eaf13f27b8925e
- SHA256
  
  89e157a4f61d7d18180cb7f901c0095da3b7a5cc5a9fd58d710099e5f0ee505a
- SHA512
  
  fa341aa975c471082b4b6c380f794d1e9ab3939382972cfb9e1dbb3491f68296ad1cedc8f03736921c8e133f62432997de29642e223c2a97f1cab5ce91d68af9
- SSDEEP
  
  1536:/J6IYeD05jIx9A1jV0PAy/DTPJocNmk8SwD3QVS9JBhp9:/JL3m0l/JocNmowD3QVS9Jx9
Score

1^/10
behavioral25 behavioral26
- Target
  
  $TEMP/Baidu-ASBar.exe
- Size
  
  449KB
- MD5
  
  860d6968b06f1bead552948e66f30b0e
- SHA1
  
  b8c4ab3a9e5ebfb57c10a9139d28068d5b7b0608
- SHA256
  
  dd25430f0302f19b5afcb795876781befb8c88068aad4eb07f329e7618347682
- SHA512
  
  c93e0372ba14762d51ae2b2797996b6c6f94e0dfa3341df2bca91f6c2e816ba3f4b872c2b738a81f8e5297f7620c92c2f166abaca7dcb16bf137b4697f73cf4e
- SSDEEP
  
  12288:HF6Y7FVGjd4+McPL5f3NKTj1ABp/89NOU:HYAFVqm+/lvo9ABqOU
Score

3^/10
behavioral27 behavioral28
- Target
  
  $PROGRAM_FILES/Baidu/AddressBar/AddressBar_Tmp/AddressBar.dll
- Size
  
  1.0MB
- MD5
  
  a8e461b119cd3356cb7be15611e74255
- SHA1
  
  f5fd59175a2ff79d7a4a2095cff444087c6faf14
- SHA256
  
  603e75820b4b04d7ffb1374c091d649432ab29a432d8bd614b8735d055eafd6f
- SHA512
  
  fcb23082051820f4e18351f443e54ee48c982a9e51ead1d02866308088ebec1ec14f6579d2a7c480d070a2f2b191f670925c12a22735397dfc85b58398d2bd42
- SSDEEP
  
  24576:tVEpLF//Gc9JwUCp0PSUxqJ4BjQDVLtTpx6W1t76qOY:tVER5UVBTr6ot76qOY
Score

7^/10

adware stealer
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral29 behavioral30
- Target
  
  $TEMP/GoogleToolbarInstaller_download_signed.exe
- Size
  
  215KB
- MD5
  
  3181e805c29fc2d1f8874cf4f5f862e9
- SHA1
  
  fd999fbaba6744f2b4cd881e51cb4b818982ecd4
- SHA256
  
  41c59bb80173675319776ca815b7ceaacbacf1da8e517f930eebd66773baeb91
- SHA512
  
  51803e45c4d8d8594dc7191bfc1098c4f17996cb998a5db6b33e9ff7621cc9fdd654621038c380675597f1a0f5b7fa9de6207bfe1b15c7265e646acbc70a176a
- SSDEEP
  
  3072:IqmQkDU0mmDTW77bB4dTg+0dBFFihCJz3/of4ineWIY4Fif5T5PB+haea:3PF0ry/8UIhmz65eWIY4Af1Aaea
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Drops file in System32 directory

Executes dropped EXE

Loads dropped DLL

Installs/modifies Browser Helper Object

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32