c2191dc81fda47bdee5133f6360e7c022e8203e640fef607c53c56e321e6aef6

Sharing

Copy URL Twitter E-mail

General

Target

3d0f9d07c5750c2dcce8c34f20ee294b_JaffaCakes118
Size

133KB
Sample

240712-mv2lgszfjk
MD5

3d0f9d07c5750c2dcce8c34f20ee294b
SHA1

1a2b858ea00600184d8a8fb65c44c23010f60d3a
SHA256

c2191dc81fda47bdee5133f6360e7c022e8203e640fef607c53c56e321e6aef6
SHA512

863365419ecb41d7b32475ac1978a4adf4d96ed003c0c165c26cc94a23f019c605283583ac5aac885731a99a6d9b053792654bcea6b21fa0d1582fda415a0e66
SSDEEP

3072:XpBCRdma8JNU4JdFtR4E5OFBvFmFc+3F6NCpn5fnAx3G66GsYO:5BwzKVR4Egwsg7fG6GM

Score

7^/10

Malware Config

Targets

- Target
  
  3d0f9d07c5750c2dcce8c34f20ee294b_JaffaCakes118
- Size
  
  133KB
- MD5
  
  3d0f9d07c5750c2dcce8c34f20ee294b
- SHA1
  
  1a2b858ea00600184d8a8fb65c44c23010f60d3a
- SHA256
  
  c2191dc81fda47bdee5133f6360e7c022e8203e640fef607c53c56e321e6aef6
- SHA512
  
  863365419ecb41d7b32475ac1978a4adf4d96ed003c0c165c26cc94a23f019c605283583ac5aac885731a99a6d9b053792654bcea6b21fa0d1582fda415a0e66
- SSDEEP
  
  3072:XpBCRdma8JNU4JdFtR4E5OFBvFmFc+3F6NCpn5fnAx3G66GsYO:5BwzKVR4Egwsg7fG6GM
Score

7^/10

adware discovery persistence stealer
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $R0
- Size
  
  80KB
- MD5
  
  f4eaa09d78b46f943f8b093606866301
- SHA1
  
  87a1a3cbf775501f4285d949c42a3b8b52fa79af
- SHA256
  
  2e37739c20b29bae5f558a8f5463f7aec6090a97cb5adca6e8b6fb50ba7559de
- SHA512
  
  7b1720684348dee4b4f3549d8dbbc2272c9cc2f364b26085401c4c861d52f3a820aa99aa2dabd99be1df38797ff2360093ea6fb03e0a62f7821b1416e2f3eb4f
- SSDEEP
  
  1536:460EZamqH7K+iS20P4Uu7eVuQTNLBcSE:Ci2wUUT8Ndcn
Score

6^/10

adware stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral3 behavioral4
- Target
  
  Uninstall.exe
- Size
  
  61KB
- MD5
  
  ebb5321a3f20308dcd793da2791f8ccf
- SHA1
  
  a58b23b91b6c1865ac0557d68781ce9936c549e1
- SHA256
  
  2decaa0786771979ba19818aa519b2d3300364a4907f44f8547a2dc21fd81e37
- SHA512
  
  dd0304417ef7ea356a3f57db0890c8cb50b521ebb6b9d83bad6a37ddd6d05675349cb6b1342b56f17489729313d628efb463126b0b02bd4c68a19eb3c5d0a634
- SSDEEP
  
  1536:XpBx8GFl04jUma8JFqAELVigOAPwmN33u8T:XpBCRdma8J0AI0L0+8T
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  9aff00ec14e6cb71a13451011c580077
- SHA1
  
  5972140e4a0addb9eac685fe6037da7479f23ecf
- SHA256
  
  cc8145683ad8fd77bd5cca193e84188e40d6d03a0a0d1d00e2bdbef91be96bb3
- SHA512
  
  311abd4e9927c1424d794ba401f3935ad3b108a2124e58e0d29aa946514c7a1d62b9b08b013699f4f90796bdfb6c07211daddbb521c1d20ccee771f6ea43b110
- SSDEEP
  
  192:zCCxNg+SdnWKZFzReF6KOgEpoAlwYmjspWnlAb2bG7F1QuIp:+Cxazn5aF4N2AWpZy2Ru
Score

3^/10
behavioral7 behavioral8
- Target
  
  nls.exe
- Size
  
  84KB
- MD5
  
  3e4a8942089709e8d79392a0957a8ea8
- SHA1
  
  86c601f6b9101bb588b8819e71e5044422ea0f50
- SHA256
  
  35f7bf41136f7820889c06f0ee016ed2758632004db44eba7bbef9d006f1912e
- SHA512
  
  ce6180f7d6d4ffbfad9f001c306fecefca20c0ff366e498cf0483bdd338888dfab8e38db1294ee2ba4ae9ef995e2cda1948ebe4acfb59f7efa2b53dc6525c24a
- SSDEEP
  
  1536:HMtNM8CWn0h+hTxp4Uu0iUp1d/9lva2K:s88CB+my/9lvxK
Score

1^/10
behavioral10 behavioral9
- Target
  
  nvms.dll
- Size
  
  80KB
- MD5
  
  f4eaa09d78b46f943f8b093606866301
- SHA1
  
  87a1a3cbf775501f4285d949c42a3b8b52fa79af
- SHA256
  
  2e37739c20b29bae5f558a8f5463f7aec6090a97cb5adca6e8b6fb50ba7559de
- SHA512
  
  7b1720684348dee4b4f3549d8dbbc2272c9cc2f364b26085401c4c861d52f3a820aa99aa2dabd99be1df38797ff2360093ea6fb03e0a62f7821b1416e2f3eb4f
- SSDEEP
  
  1536:460EZamqH7K+iS20P4Uu7eVuQTNLBcSE:Ci2wUUT8Ndcn
Score

6^/10

adware stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Installs/modifies Browser Helper Object

Drops file in System32 directory

Installs/modifies Browser Helper Object

Executes dropped EXE

Loads dropped DLL

Installs/modifies Browser Helper Object

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12