d490afb032c42bc292e4544a91bb757f4a21b1af889b0afbde4e30847b394a7a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3e76a68170fa6345231f3177915b1fbb_JaffaCakes118
Size

587KB
Sample

240712-xfe42sxgpa
MD5

3e76a68170fa6345231f3177915b1fbb
SHA1

e0cfeafc4c55d4ab65c0a885f4f140e2aab8c04b
SHA256

d490afb032c42bc292e4544a91bb757f4a21b1af889b0afbde4e30847b394a7a
SHA512

79ec907c3a0cdeef813b857af1f6bf88d9a3575f5d18d6f16b66948df40877d621c4bb723344ca3dc5a4a1fbc012e9e5adc630e331f868099b0e53f9068f271d
SSDEEP

12288:6CNEba4ZlZt9OHqJ5jheewGc4lhoeeViTeyJXg:0bLwHk5VBw83Lmiy

Score

7^/10

adware discovery evasion stealer trojan

Malware Config

Targets

- Target
  
  3e76a68170fa6345231f3177915b1fbb_JaffaCakes118
- Size
  
  587KB
- MD5
  
  3e76a68170fa6345231f3177915b1fbb
- SHA1
  
  e0cfeafc4c55d4ab65c0a885f4f140e2aab8c04b
- SHA256
  
  d490afb032c42bc292e4544a91bb757f4a21b1af889b0afbde4e30847b394a7a
- SHA512
  
  79ec907c3a0cdeef813b857af1f6bf88d9a3575f5d18d6f16b66948df40877d621c4bb723344ca3dc5a4a1fbc012e9e5adc630e331f868099b0e53f9068f271d
- SSDEEP
  
  12288:6CNEba4ZlZt9OHqJ5jheewGc4lhoeeViTeyJXg:0bLwHk5VBw83Lmiy
Score

7^/10

adware discovery stealer
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/newadvsplash.dll
- Size
  
  8KB
- MD5
  
  7ee14dff57fb6e6c644b318d16768f4c
- SHA1
  
  9a5d5b31ab56ab01e9b0bd76c51b8b4605a8ccce
- SHA256
  
  53377d0710f551182edbab4150935425948535d11b92bf08a1c2dcf989723bd7
- SHA512
  
  0565ff2bdbdf044c5f90bd45475d478b48cdbd5e19569976291b1bdd703e61355410c65f29f2c9213faf56251beb16d342c8625288dad6afc670717b9636d51f
- SSDEEP
  
  96:qD5UDaGxZH52QhtZafDP9BTS9nPg83UniV/zRzGEl1DMl1zN6LmeYt4dO:W5UDaGxZH5T0j+9nl3BzG0IZ6LqN
Score

1^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  4KB
- MD5
  
  8f4ac52cb2f7143f29f114add12452ad
- SHA1
  
  29dc25f5d69bf129d608b83821c8ec8ab8c8edb3
- SHA256
  
  b214d73aea95191f7363ad93cdc12b6fbd50a3a54b0aa891b3d45bc4b7b2aa04
- SHA512
  
  2f9e2c7450557c2b88a12d3a3b4ab999c9f2a4df0d39dcd795b307b89855387bc96fc6d4fb51de8f33de0780e08a3b15fdad43daeaf7373cca71b01d7afdaf0c
- SSDEEP
  
  48:6sG7qYBUYBFxhRwYCI0owYlOdkPm4LYZ5sRXEv26vqAa4GEVu:HhYBUYBL0Toa7+Q5sKG4GEV
Score

3^/10
behavioral7 behavioral8
- Target
  
  $TEMP/~nsis/Cloud-Web_nad_2_86.dll
- Size
  
  551KB
- MD5
  
  ae7c5f2888f87f8c329cea3dc4933424
- SHA1
  
  bf893e229f2082f57bb7618e93334bef97ce5480
- SHA256
  
  c5c82a44a65db162cc2878c0363b95e64205e7d08d115fd3a84ed1db8f9bbd54
- SHA512
  
  a60a31e6da49308c83b4bdeea62366f01b968121b3e2f168815344a7b4f2497b7a4ab8042542677126b8f02b079a82f5bcfa2c642bef5622e9a4e7aa1fed0229
- SSDEEP
  
  12288:gskCLQe6u9zayEyag8laUVnXqfKTbUNKX0gyjOCvifbkG:5/L9TQNaUpJTP0gyjOCvijkG
Score

3^/10
behavioral10 behavioral9
- Target
  
  Cloud-Web_2_86.dl_
- Size
  
  123KB
- MD5
  
  9fa385bf443861d0f80227948a32dfbc
- SHA1
  
  14bbdeccd9614ccd25971f7bb8cd32f5da39ad79
- SHA256
  
  e9f1f6605710a04f09bf72b25c9dd807726076a3e1b12f20ca3fbaa8c5bddb18
- SHA512
  
  3727418aef2235d379eb0dd633ac33b1fe91349cefdfd7f9b1ddcbcab703eb2a31e67cccf8df633bf25697c4953c4c428c503f919f7594eaa176c17213840b6e
- SSDEEP
  
  3072:ING0ZeC/azzmWxd/mZQA3KN46eqtIGrC66nq:otzyKYJmmAIeYr1
Score

6^/10

adware stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral11 behavioral12
- Target
  
  Cloud-Web_2_86.dll
- Size
  
  123KB
- MD5
  
  9fa385bf443861d0f80227948a32dfbc
- SHA1
  
  14bbdeccd9614ccd25971f7bb8cd32f5da39ad79
- SHA256
  
  e9f1f6605710a04f09bf72b25c9dd807726076a3e1b12f20ca3fbaa8c5bddb18
- SHA512
  
  3727418aef2235d379eb0dd633ac33b1fe91349cefdfd7f9b1ddcbcab703eb2a31e67cccf8df633bf25697c4953c4c428c503f919f7594eaa176c17213840b6e
- SSDEEP
  
  3072:ING0ZeC/azzmWxd/mZQA3KN46eqtIGrC66nq:otzyKYJmmAIeYr1
Score

6^/10

adware stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral13 behavioral14
- Target
  
  Cloud-Web_mime_2_86.dl_
- Size
  
  210KB
- MD5
  
  e03152320af546785839f21cefd28ce1
- SHA1
  
  7264e5753bb5313b9ceb69d05c15e000ed938559
- SHA256
  
  6807aee8007988c5409a947a526c187c66e349886399541454800ce2a99c2442
- SHA512
  
  93681775e96cb80b8cc4b89c788902f5070497c5a0120c0ba965c14e651ab3726387bc0d3f8feeaf315ae45bd7bf40bf37f1e2fd379b89bc812c9dd2fdfefb5e
- SSDEEP
  
  3072:6a8sgv0ObRPWecmwdM808YQ1AyygLLdMFktjDVe7IFy4P0ngbSKNrXRenv:6Cgv0q0ecmf806ayyIL+Fujx4Iw4AuFG
Score

1^/10
behavioral15 behavioral16
- Target
  
  Cloud-Web_mime_2_86.dll
- Size
  
  210KB
- MD5
  
  e03152320af546785839f21cefd28ce1
- SHA1
  
  7264e5753bb5313b9ceb69d05c15e000ed938559
- SHA256
  
  6807aee8007988c5409a947a526c187c66e349886399541454800ce2a99c2442
- SHA512
  
  93681775e96cb80b8cc4b89c788902f5070497c5a0120c0ba965c14e651ab3726387bc0d3f8feeaf315ae45bd7bf40bf37f1e2fd379b89bc812c9dd2fdfefb5e
- SSDEEP
  
  3072:6a8sgv0ObRPWecmwdM808YQ1AyygLLdMFktjDVe7IFy4P0ngbSKNrXRenv:6Cgv0q0ecmf806ayyIL+Fujx4Iw4AuFG
Score

1^/10
behavioral17 behavioral18
- Target
  
  Cloud-Web_nad_2_86.dl_
- Size
  
  551KB
- MD5
  
  ae7c5f2888f87f8c329cea3dc4933424
- SHA1
  
  bf893e229f2082f57bb7618e93334bef97ce5480
- SHA256
  
  c5c82a44a65db162cc2878c0363b95e64205e7d08d115fd3a84ed1db8f9bbd54
- SHA512
  
  a60a31e6da49308c83b4bdeea62366f01b968121b3e2f168815344a7b4f2497b7a4ab8042542677126b8f02b079a82f5bcfa2c642bef5622e9a4e7aa1fed0229
- SSDEEP
  
  12288:gskCLQe6u9zayEyag8laUVnXqfKTbUNKX0gyjOCvifbkG:5/L9TQNaUpJTP0gyjOCvijkG
Score

3^/10
behavioral19 behavioral20
- Target
  
  Cloud-Web_nad_2_86.dll
- Size
  
  551KB
- MD5
  
  ae7c5f2888f87f8c329cea3dc4933424
- SHA1
  
  bf893e229f2082f57bb7618e93334bef97ce5480
- SHA256
  
  c5c82a44a65db162cc2878c0363b95e64205e7d08d115fd3a84ed1db8f9bbd54
- SHA512
  
  a60a31e6da49308c83b4bdeea62366f01b968121b3e2f168815344a7b4f2497b7a4ab8042542677126b8f02b079a82f5bcfa2c642bef5622e9a4e7aa1fed0229
- SSDEEP
  
  12288:gskCLQe6u9zayEyag8laUVnXqfKTbUNKX0gyjOCvifbkG:5/L9TQNaUpJTP0gyjOCvijkG
Score

3^/10
behavioral21 behavioral22
- Target
  
  Cloud-Web_run.ex_
- Size
  
  127KB
- MD5
  
  54db07fc87755030e8c9b0547da56f91
- SHA1
  
  36cade3d66ca6ed2c9ae06aa8f65d9c9ff84c8f7
- SHA256
  
  f888a96fc2ecf7c8ce4860cbbeac7ed11a5674564dff2db23702bf307352c17a
- SHA512
  
  bd4cb4c975ea3515e17154b8b8742243cc1f26798c8797059673fe3537dea0ca249a89be66a05c755061df714444da86d06e47d76a12ff654eb314de9154c27c
- SSDEEP
  
  1536:MsclrAHEUo+d49J2uSF0/cyqsMYdLY3wvfpGons:gA3eB/cyqsMYo3ons
Score

6^/10

evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral23 behavioral24
- Target
  
  Cloud-Web_run.exe
- Size
  
  127KB
- MD5
  
  54db07fc87755030e8c9b0547da56f91
- SHA1
  
  36cade3d66ca6ed2c9ae06aa8f65d9c9ff84c8f7
- SHA256
  
  f888a96fc2ecf7c8ce4860cbbeac7ed11a5674564dff2db23702bf307352c17a
- SHA512
  
  bd4cb4c975ea3515e17154b8b8742243cc1f26798c8797059673fe3537dea0ca249a89be66a05c755061df714444da86d06e47d76a12ff654eb314de9154c27c
- SSDEEP
  
  1536:MsclrAHEUo+d49J2uSF0/cyqsMYdLY3wvfpGons:gA3eB/cyqsMYo3ons
Score

6^/10

evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral25 behavioral26
- Target
  
  Cloud-Web_tb_2_86.dl_
- Size
  
  127KB
- MD5
  
  2323e058563e10f8cc62f18447dc2044
- SHA1
  
  eb9dda4d35b0e84ddeea808e1f1ee8b6ffb1521d
- SHA256
  
  e678e99433a683e78eeb73f1e863993478005302ad4925a0a35b07d85c35efcf
- SHA512
  
  061a02cd78bcaef3e8690e41cc98a8fd5d18b9f4d659e64610670f1b3c84b7eecda1aa7252b69e16edc2d1368f49f22c37c38bf297c3df7b47ee1052d1fc8618
- SSDEEP
  
  3072:8csRZq+GIN/GR/7gkdIIZQZDNt0i/psYSxs9Dqpni:/H9geR/7wIyxmxs92g
Score

1^/10
behavioral27 behavioral28
- Target
  
  Cloud-Web_tb_2_86.dll
- Size
  
  127KB
- MD5
  
  2323e058563e10f8cc62f18447dc2044
- SHA1
  
  eb9dda4d35b0e84ddeea808e1f1ee8b6ffb1521d
- SHA256
  
  e678e99433a683e78eeb73f1e863993478005302ad4925a0a35b07d85c35efcf
- SHA512
  
  061a02cd78bcaef3e8690e41cc98a8fd5d18b9f4d659e64610670f1b3c84b7eecda1aa7252b69e16edc2d1368f49f22c37c38bf297c3df7b47ee1052d1fc8618
- SSDEEP
  
  3072:8csRZq+GIN/GR/7gkdIIZQZDNt0i/psYSxs9Dqpni:/H9geR/7wIyxmxs92g
Score

1^/10
behavioral29 behavioral30
- Target
  
  cloudidsvc.ex_
- Size
  
  107KB
- MD5
  
  44cd4eb4d58daf2f62159ab0992787d1
- SHA1
  
  3f071ab5670933d644185cd0570c96f812374c27
- SHA256
  
  6a88c08e4fff37967d85056a475bb2970b4bf53049a3d18afebfe090f5083be1
- SHA512
  
  8d45fea41491e4eddb9785c7cacdc63cba28f8950ffc9db6edc7f2746c3f9f7079c6ef38925cdd307c4373d5d57cdcb9b459bb5d24d358322b06339c05693c3a
- SSDEEP
  
  3072:/dHnGCX1bqufhEjoed++1KOH5oGJs1t971n0:/dHGQqK9edD1Kuo91G
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

adwarediscoverystealer

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32