b6073a335b57ff3ba40ee7c74c5b429d135202cbbddd9c04564e542951049a8b

Sharing

Copy URL

Twitter E-mail

General

Target

395c8ea5f5dbf069b53d306cd9b03727_JaffaCakes118
Size

3.6MB
Sample

240711-qzyxyaydql
MD5

395c8ea5f5dbf069b53d306cd9b03727
SHA1

62a0d4527c7bd94e12b093a4ed08f702ff66c748
SHA256

b6073a335b57ff3ba40ee7c74c5b429d135202cbbddd9c04564e542951049a8b
SHA512

f14980fc8956795a0cfb789431874ea73a244d30d6101095730101072c9c1ddac0b799c29b6d36f0ce8562099e7b4404f4d60a671f2ab9e5cd54eddb87a0321d
SSDEEP

98304:7IQyDO7KvHFdSC02xGh0oMbSWexz/04s14JzbA5dVoXp4ono:7DyDO7KvLSCJ8h0o2Sl1zqdqp4oo

Score

7^/10

Malware Config

Targets

- Target
  
  lkmn720.exe
- Size
  
  3.6MB
- MD5
  
  404ece6a558287207db9c7cc0b520327
- SHA1
  
  d105136321f80f70487b8bf4b35f6e88e13b4588
- SHA256
  
  20ec52540eadb58fc60e259eda7407de404e748139eb6f3a72e39e7c87bae797
- SHA512
  
  887ff6e58cdf4a81d5623d06da67394682fa859280bf78ede580d62ed58ae247240167b5bb1b8f8bcacd4084fa1b92fbae680a128b511a849caef73fd9b71fbc
- SSDEEP
  
  98304:dTfBWiLtQTvoVtNv4oRVfT0Qv3/z0GBOfo+n1sfj4wzpkM:drwiL+IRtVfT0gwGBYn1sfjrdkM
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/AdvSplash.dll
- Size
  
  6KB
- MD5
  
  820a1351ad064f75154b4f768b4d6fa4
- SHA1
  
  00d47f11f88be17fa7c94cbf70e72c7f3b257dde
- SHA256
  
  36e50c5f900e498b38bb42ea4b7cb14e5cb433807669e56e8c78d9921cf61270
- SHA512
  
  9d28325b0df6ab4e469f787cdd9f3bee83a2c98a13c695aac61cee61301ebce84551babc1b7307efd28ca78768293884a39ae7cf3f1ad1f11215691add49528d
- SSDEEP
  
  96:nQNyX2PtUZsMGe3SlFaqqhN51xWa5kkEkk/StCewookyc:nFXYtxWSf61vk/kkStCeRt
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  296a5f3179fa8d7a7a855eaf696ede44
- SHA1
  
  57aa5b71553ed282dd22c768e039a187f5c13f63
- SHA256
  
  ee0ad77e681c4d0fdf1d67df5f4ca03e6bdd8e3b05dfb47a83ad5c733ed62960
- SHA512
  
  bc527d1485f468e8d098057e0e38e8cb7aa6eb64d4ca30927b99b1552a3177b132b989015ff95bdf2ca046bf11a54b4b456f51e024fbc734fbb548c3499e53f6
- SSDEEP
  
  192:r6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTyK72dwF7dBdcQOz:r6JaVh4I5rpPbTy+BdhO
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  86b5a07a43b7cbc5c49263b8d974b736
- SHA1
  
  78388286a311810d812c13d87dea12d581713e60
- SHA256
  
  5897fb00be38e502fb5dfd047d97e5e4da6387a7a6259633dc31c2427612901b
- SHA512
  
  dcbe379c28302bb3472339cd24949b16548fa0003882a920df6839078cc7b2563f058a0524bf25df0a5ec8b08e302ebc9e646033109958669d8af883af959ffe
- SSDEEP
  
  192:JO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1a+gMO:cKAFERdlxhGRYUzqZa+
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  4KB
- MD5
  
  a304fba25947dd17a81e74f8064a78d8
- SHA1
  
  3c31b8351e1d2886cad5ff8f83fb2d5aed04750e
- SHA256
  
  2a361dd5558a2ae21250144686eb8066e23a2ca1ece66c8a1cde56aa0191858a
- SHA512
  
  8da9688b09bfd7408d69c77ca74531733fa162b509b05a20ce3980072a6fdff53b76e5cd41c44ff81f2556a3b4cc00417ba51fc2b2a4061a2e133629028e072b
Score

3^/10
behavioral10 behavioral9
- Target
  
  Linkman.chm
- Size
  
  1.5MB
- MD5
  
  ec707723c3356b8ac6eb02fc40c471d7
- SHA1
  
  26cc71a3d9b045362a3f7f672222133cd0d71083
- SHA256
  
  404292a0566ed408efea7620d187e7e98e6ae95c9eff26e7c4d2596abc879d5e
- SHA512
  
  84e0e57d4bc49ce50a342f01554c2b1819fd191b3e660edbc198af229af6281b0ec50fbc48eb1818135ca06f9370a39428d238db9177a5a45720cb2971f13d0c
- SSDEEP
  
  49152:C+UuQ0GaPPFCq8P1g6QmC1bjEAq2ZEXe1c:C+bTGUFX8dg3mC1bOsSKc
Score

1^/10
behavioral11 behavioral12
- Target
  
  Linkman.exe
- Size
  
  1.0MB
- MD5
  
  5ee87ebd71d6d2100f9a6f22598a3676
- SHA1
  
  76539a18139dbc25d91e360c0ef957fae8ff8639
- SHA256
  
  3614df1e4e8ac5197cd0219f5531af6f7635d4b01dc09d441081665dff74cc44
- SHA512
  
  76e2b8ff34bccdcef00eb35559ee85b1194cae6cf019b877f249085553abafd59d2606a08316c76da2d662eaca0a101a0fc64a06535d6682474e1152b23fc3f6
- SSDEEP
  
  24576:O1Oosdav7ORnnen9KxvkoznUYOB+nFYyxYmdjgMZeUH8:O1OoCayRnegxvRznpM+7y0gB
Score

7^/10

spyware stealer upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral13 behavioral14
- Target
  
  LinkmanCom.dll
- Size
  
  329KB
- MD5
  
  03a6aa502d4c9a2cf1ca89f4ee03915d
- SHA1
  
  eb4624d7c984fd1c943af148eef575b4bb460414
- SHA256
  
  380967b6e2f5d465738036510163878c399e37d18f63c6d5763616c4dac3a074
- SHA512
  
  89714fe64ec246b31bb9fc71601f9cf1497fa5adc5cdc91b323cb8266732bdafbe50e09ddfc4777e94baea866826466ffb6b9342cee44e12e8c3c62072f400ec
- SSDEEP
  
  6144:V8xeGQqa/AfzSzLSr3crUJKq110Qm627SQQT9JDNjAkUE7X2+bHqFWTr3vhw:VieHqa/Afz1sUcmyv/Au8DPDr3S
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral15 behavioral16
- Target
  
  Output/SampleLinkmanOutput1.htm
- Size
  
  65KB
- MD5
  
  334b7dd371cbdfc882f0090bf98673a2
- SHA1
  
  5fddd34d956ce7bce2ea74111d33f2424f9ed59a
- SHA256
  
  f7f36b4375ded150eb9f91ad793b62b8d47b58dd99c438c824f37b693f296731
- SHA512
  
  f74ce6001b750b28c661a679fcbad49d29820a842e9c89a882eab8d4baa596813ec0c0ef78990f7e41773b4b18970e4583135b1a82be7e260fc5a56507e1fed7
- SSDEEP
  
  1536:3PKAImI4IQIGIFIFInINPIsIQIkILYpIlm:/KxTphzyyINw9h1Ljw
Score

1^/10
behavioral17 behavioral18
- Target
  
  Output/SampleLinkmanOutput2.htm
- Size
  
  52KB
- MD5
  
  bfbe4c769ac77ff482cb477ddbcd1fdb
- SHA1
  
  5c236702af80eff974cb98329b75b42d1fc3f17c
- SHA256
  
  1fe291b6e8fdd8e9ed1bdb531d0e0465f9ff7132f09b0f76576fc15442b8e67a
- SHA512
  
  5e6fddb661ccd9f04ce4ae5485a59625de3eec58e725521f1062f0833b32995f0c816d0d8ed54bc1432d71d6c85baf49f46418da71b118ff223957f1fc82243f
- SSDEEP
  
  768:lKXlj0xQRlXi+2MDOBeve3e0VPDIcZV7xD0OleUcLFPo:lIx7i+2M41cSaOledLho
Score

1^/10
behavioral19 behavioral20
- Target
  
  Plugins/oplugin.dll
- Size
  
  206KB
- MD5
  
  21c247b72a0223a4e7e74cff54086e4e
- SHA1
  
  19fb12278b03be9101c5ae03d62b9b1b35d24346
- SHA256
  
  a5fb027bfd47c5a89be6469f5fde0a12394fe2e98608e7d33ac594c00a0d9c9f
- SHA512
  
  207837ba18c4d185cfbb196c6379f2ca127c57c099268714baf91830e1fc670275a2ae6578b1d88bf787f66ed30db02f138ba75d9cfff945d2c6470f91048c54
- SSDEEP
  
  6144:VnmlelhcucKbIwMUFb4XyCKoJDBv1ocKu4GgbGxG:VmAlhcuI9UYyRoJDBacKrf
Score

3^/10
behavioral21 behavioral22
- Target
  
  Trialpay.exe
- Size
  
  151KB
- MD5
  
  b42b5e7d343ead62dd3dda3de3507197
- SHA1
  
  aa56333f3228074f99e70a09e55b0185747f567b
- SHA256
  
  e210e0418961ed5e02f18247ace71ba443fd03368384029f1b09899db90fdfa5
- SHA512
  
  a4af7716a8da08d037b77df8bef7519fa19264351651a977a55bf9ed716d98749356aacfbef97f6430c1889b93784ca41fc5a06db44b535298ad9de17048a96f
- SSDEEP
  
  3072:JZnB6ikkW7wpOT9goI6Y0J+SW9DKCILy+MyGKpQd8dcrr:JZSwc9Q6YIxFKyGK2d8dc
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral23 behavioral24
- Target
  
  libeay32.dll
- Size
  
  676KB
- MD5
  
  c1b41ce18f8065a5b0ce66a4fba48794
- SHA1
  
  1ee5afc40dc923bf6343618b50b445ba048bf60d
- SHA256
  
  3b6cfd63d6489e5c7358a0ab5075231f843adbde7f9a3379d8af2d8b9e101322
- SHA512
  
  f5d9d3ba13daa665f99922d9b05b9acdc947f3be1236938960b3ccc8c3be3c3b14d8ef909b5156df4f55b9a6644409170b62f891459d3bb4d6be7868aa571b8e
- SSDEEP
  
  12288:j2jP7x8UgdMuSlzMKcUE0vUTbuv8ph76BG95I2:j2jP7OPdMuSlYKcUvvSbi8nb95x
Score

1^/10
behavioral25 behavioral26
- Target
  
  ssleay32.dll
- Size
  
  148KB
- MD5
  
  d4c0d211332dec5b8c11899e97f1d27c
- SHA1
  
  92e7c1a1defbaaccb38b6653b0b47dd66951dc15
- SHA256
  
  4906d6651d4c21e209f6e6ac781c5924ac18facf099f8d3f1a9b5eb9498d7565
- SHA512
  
  e1058f9b6bda518fcb10b07ece629e4031d9fd080a0fc3ea67d6a6525f22bf3ddfb4a96e4e5c4394529c98066a95e25050dd756fa9c1da127c3ccf3bb47d81f6
- SSDEEP
  
  3072:/nSjDA6rAXagzAgu2EBI4s2ITDL7uvKastW/X:/YVAX3zAguDI12I3gstW/
Score

1^/10
behavioral27 behavioral28
- Target
  
  uninst-Linkman.exe
- Size
  
  59KB
- MD5
  
  d046c01b1d70ccdd1d2359afcbbb674e
- SHA1
  
  9d73ab15453e6a55e44e73aadea406ab9ccc9f6a
- SHA256
  
  9eef15bb6118425ae86699011fce216fe210c6396ed8dc5d6a7beb7c3dd11ede
- SHA512
  
  5288cf1e92e012e4184ebf02f57be7b138b7c62b7f7701e7fd717199123e95ff74c3f309052f40af9a29379ef5e9d996320392bd2c24eba30ce9b6913778464b
- SSDEEP
  
  1536:HUGGrf+wMRVrkxmJLqAELVigG8YsRYEPBoI4:HUG6UVYxmJuAI05XEPBe
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral29 behavioral30
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  86b5a07a43b7cbc5c49263b8d974b736
- SHA1
  
  78388286a311810d812c13d87dea12d581713e60
- SHA256
  
  5897fb00be38e502fb5dfd047d97e5e4da6387a7a6259633dc31c2427612901b
- SHA512
  
  dcbe379c28302bb3472339cd24949b16548fa0003882a920df6839078cc7b2563f058a0524bf25df0a5ec8b08e302ebc9e646033109958669d8af883af959ffe
- SSDEEP
  
  192:JO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1a+gMO:cKAFERdlxhGRYUzqZa+
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Reads user/profile data of web browsers

UPX packed file

UPX packed file

UPX packed file

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32