ac23631561f5cce46f391be304eb2664b56aae6ec89856c1a7de161d488ba829

Sharing

Copy URL

Twitter E-mail

General

Target

3907745589a0a4fb1d95938886065f45_JaffaCakes118
Size

104KB
Sample

240711-n659gsxgnd
MD5

3907745589a0a4fb1d95938886065f45
SHA1

28ef0424022e8f987bc1f345b93e99cf0b48661f
SHA256

ac23631561f5cce46f391be304eb2664b56aae6ec89856c1a7de161d488ba829
SHA512

58f40d4a9e46cfc70e0f1671e7bd9beee3b92136de72028b553d5eeaf4186af41f356dd96af11c3888788801f096521ce2978d3f51f9cc657459cac4539771c3
SSDEEP

3072:9TvfTzcTsw6RZveZ5VJezF7ZVTWNd6fj2:JvfTwQweCVJU7LyNwfi

Score

8^/10

Malware Config

Targets

- Target
  
  3907745589a0a4fb1d95938886065f45_JaffaCakes118
- Size
  
  104KB
- MD5
  
  3907745589a0a4fb1d95938886065f45
- SHA1
  
  28ef0424022e8f987bc1f345b93e99cf0b48661f
- SHA256
  
  ac23631561f5cce46f391be304eb2664b56aae6ec89856c1a7de161d488ba829
- SHA512
  
  58f40d4a9e46cfc70e0f1671e7bd9beee3b92136de72028b553d5eeaf4186af41f356dd96af11c3888788801f096521ce2978d3f51f9cc657459cac4539771c3
- SSDEEP
  
  3072:9TvfTzcTsw6RZveZ5VJezF7ZVTWNd6fj2:JvfTwQweCVJU7LyNwfi
Score

8^/10

spyware stealer persistence
- Boot or Logon Autostart Execution: Port Monitors
  Adversaries may use port monitors to run an adversary supplied DLL during system boot for persistence or privilege escalation.
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  9KB
- MD5
  
  0a58a89b32428fb848099f33e814e3ed
- SHA1
  
  661b73c3ff3579eb9d0c482af7354ee0461634a9
- SHA256
  
  aba4f462067f8c872d84c4c1ad6eaccf8bb6546c67c011964f8d2b62170f8236
- SHA512
  
  1f4efa7183670f9e9bcf1be56b3165393a97da29080bf1353358933f0f2e0544706982059a9408639782163f4f05bc9d38fca9be110f7d3058f2b0e0017e8dc5
- SSDEEP
  
  96:Y0uUUpZMb4pkXuzaVS1pZkrDSgPKqjOYiktlcyFBtsxwwAICZ:ipZS+zac+KdqjOYRcoB6xkICZ
Score

3^/10
behavioral3 behavioral4
- Target
  
  $TEMP/GOPlayer.exe
- Size
  
  21KB
- MD5
  
  a55b5977b2b52f329fd046633021f101
- SHA1
  
  a6282b275489e8567e3cd825b63adca1f2ab8d50
- SHA256
  
  e32880721fa08f661fa03c0a60101e2426da4f4a013db2962fb9214e42fcb681
- SHA512
  
  3301db24d011ac186e25c0116fc7d2fe0f0a5d057843906ecd579e4084c3559e377255b859a7caf155dc8ba35a9867d8205fd3b8b8f57b835703023c05130c36
- SSDEEP
  
  384:2mM60LX3BVE6A15dNIahBtLD/trDc1sdg/yQnm1y9NE9mbi9giYxw:RMHbRE1RIahBtf/1wWd4A4bi92q
Score

8^/10

spyware stealer persistence
- Boot or Logon Autostart Execution: Port Monitors
  Adversaries may use port monitors to run an adversary supplied DLL during system boot for persistence or privilege escalation.
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral5 behavioral6
- Target
  
  Uninstall.exe
- Size
  
  66KB
- MD5
  
  0562da21a0b14b8b08eec98ee7b98495
- SHA1
  
  40cd950b66bf044472ddf4585cade81e7fdd8b69
- SHA256
  
  4314e4d3c70b0bf1039337dd1bd5505b354ea30699653a513ab33916b775746a
- SHA512
  
  1e6a3caf688de88ef28d634b038a2ad0170f656e0fbc61db99b63cefcc20898404e3388d0906090245ed34e20a76e4f9d5076937739ace64e9b018134f025674
- SSDEEP
  
  1536:97ANUHtHV6AWzwfFJUPfT4t3kUYp+djPw6Rl7RJg5ZJE4:9TvfTzcTsw6RZve3
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Port Monitors

T1547.010

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Port Monitors

T1547.010

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Boot or Logon Autostart Execution: Port Monitors

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Boot or Logon Autostart Execution: Port Monitors

Reads user/profile data of web browsers

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8