Overview

overview

7

Static

static

3

4103f3ac4d...18.exe

windows7-x64

7

4103f3ac4d...18.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$WINDIR/Sy...er.dll

windows7-x64

1

$WINDIR/Sy...er.dll

windows10-2004-x64

1

Cleaner.exe

windows7-x64

1

Cleaner.exe

windows10-2004-x64

1

Firewall.exe

windows7-x64

1

Firewall.exe

windows10-2004-x64

1

Resources/...op.htm

windows7-x64

1

Resources/...op.htm

windows10-2004-x64

1

Resources/...ty.htm

windows7-x64

1

Resources/...ty.htm

windows10-2004-x64

1

Sweeper.exe

windows7-x64

3

Sweeper.exe

windows10-2004-x64

3

Uninstaller.exe

windows7-x64

1

Uninstaller.exe

windows10-2004-x64

1

firewall.sys

windows7-x64

1

firewall.sys

windows10-2004-x64

1

foxiecoreu.dll

windows7-x64

6

foxiecoreu.dll

windows10-2004-x64

6

foxietoolbaru.dll

windows7-x64

6

foxietoolbaru.dll

windows10-2004-x64

6

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4103f3ac4d5bc3546475e3d681665a48_JaffaCakes118

  • Size

    1.4MB

  • Sample

    240713-kvncravarm

  • MD5

    4103f3ac4d5bc3546475e3d681665a48

  • SHA1

    1ca6c69a4437b7ac6d1528a627263ab94aaa538b

  • SHA256

    3c72f2851f20fee1e57a73226a2d4a54d88f55fbcaa817bac22eaf01cb79c8de

  • SHA512

    74ecac7b514cb8c85ce99a69d52ce6365ddfa9dc557b21742a2e4e621ecff02048ff67679b20a6915cb86e0b7d9475eb871ee9424636e9d377eca254a0566ed0

  • SSDEEP

    24576:Yk2nx/H2D3SrB0f1N93/FMEnh45Pr3HisdUXGN4r4ac13ehxqmQsTk01H4UTV+0O:YZBH2rKB6N9lePr33N4nhxqmQU464

Score
7/10
adwarestealer

Malware Config

Targets

    • Target

      4103f3ac4d5bc3546475e3d681665a48_JaffaCakes118

    • Size

      1.4MB

    • MD5

      4103f3ac4d5bc3546475e3d681665a48

    • SHA1

      1ca6c69a4437b7ac6d1528a627263ab94aaa538b

    • SHA256

      3c72f2851f20fee1e57a73226a2d4a54d88f55fbcaa817bac22eaf01cb79c8de

    • SHA512

      74ecac7b514cb8c85ce99a69d52ce6365ddfa9dc557b21742a2e4e621ecff02048ff67679b20a6915cb86e0b7d9475eb871ee9424636e9d377eca254a0566ed0

    • SSDEEP

      24576:Yk2nx/H2D3SrB0f1N93/FMEnh45Pr3HisdUXGN4r4ac13ehxqmQsTk01H4UTV+0O:YZBH2rKB6N9lePr33N4nhxqmQU464

    Score
    7/10

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/Dialer.dll

    • Size

      3KB

    • MD5

      bff79c5e0239acd6a66ff84809460bae

    • SHA1

      6d94135e7e1ecb103f48118e650056084ce2ea8e

    • SHA256

      da8778fd0478c6e03cea874cd730bf1951978aba8b1c54a557a8b19c51e94717

    • SHA512

      367f86ec6c35ea1fcd8b61e30585590137a4c08ae6d70088a781fe578cd025809b01d5208a9dde54869c8571e65fd9df4b1ff94cf6e692d0e637a1705ea53130

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      12KB

    • MD5

      f407939127208a009b9a825cb77ed3c7

    • SHA1

      051d7fccf3fb544acaa8ab6be590bb4bc79cef82

    • SHA256

      191fab998e58b66a2416873b06062166b547eb3ba06b1326a4a785a566aaf76d

    • SHA512

      d45d08823ac7667f071b21d238b7fda43115db3195a442cb17d880d147e8a930374403c970afc31f676f01a83fb9c63e3be047de7e16718a08a1fdbe4b690901

    • SSDEEP

      192:hzixixDOHhG9db9rd+oSVPECMlh3I8tqDyn/7hwbbHF1QuCb:hOx0DOHqrdwTY6+n/72bbMum

    Score
    3/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      12KB

    • MD5

      7459b4d61dd26d2864cb79cae1a5229f

    • SHA1

      93d502f81050038528b25eb6d774f729ed50a7e1

    • SHA256

      262bb55f83a9b8cc5cca3743d04937a85628e3ffcbb91300356c1f03a96432b4

    • SHA512

      822e4e2c858827681b233a435fef8667f098210d68aeb489ccdbf8f3da76bf3c5222eb41237a33c3eb6fc02299cd93e6c25cb84631718974a968117a7b050fff

    • SSDEEP

      192:/Ted/9E1XMNUrW7VymsS9W+7HaQM7zFSnQXiCVIXuZsav+zPzrR2/Mi:/TqE2UrW9tWeaQ6zF1NIXu6a2DP8Ei

    Score
    3/10
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      da3ad52de0af75df8b459c4f8c0c85bb

    • SHA1

      5bfce84b6f3d19a4b7388f374ce1b915fbc9bbca

    • SHA256

      a9b38a164cc032ead8fdedf6a987ecff1f933298c809c226a47ea57cc12710d8

    • SHA512

      0d6141cda379f1889d4959ed945b1bb4e92e945a0e6ea99a2deee205106e7062debb6e5acecba3438d71d3206266fe69a293611fbee6d0564106e1bae4f35320

    • SSDEEP

      192:pOSsJI/rqmIDNLU0dq51EgAiNbubv6tLZ:nHQQ0d01Egbq76t

    Score
    3/10
    behavioral10behavioral9

    • Target

      $WINDIR/System32/MP3IFilter.dll

    • Size

      144KB

    • MD5

      812b0c669fba023dc9a057371e867528

    • SHA1

      c1fa9956748571f184f1219d9d0cbf421fb8c71f

    • SHA256

      c45f1502a712ee2a4ba66eb0c3fd2ba58ab30a1b0ac78e643e8ed84042354482

    • SHA512

      9e223098e1d51bf40dbbac61dce8b110e2fd4fe73b4cf31c199e7ee135628d340ddde53aa5c95fbc39e30f323d62abce981b93d29f2e40b5cc424284abe4f197

    • SSDEEP

      1536:qFCKwvz+Y8n8QiCfQOHqjiCtUacg7zZTR7rkNJrW4JbrZzzoMKeArPjeoX:qFCFz+Y8nFf1HnCyjgSjZzzojrPjeoX

    Score
    1/10
    behavioral11behavioral12

    • Target

      Cleaner.exe

    • Size

      226KB

    • MD5

      51941a7da30cf4a246200a8b084ff617

    • SHA1

      f64d02b9d9c42e63ced72c622a76080408c33f05

    • SHA256

      e5ab257fbb25770033521040df23220a8a3c55a7d75798e233bb5b4da85572e2

    • SHA512

      6489a1b5b43f1302db92af4e0157294c2df25287e0c260f47a49945a6dc17471ac90168f4cd863074f68ac5c82b1687ef03bb2a5d80c30bfe48ef4631725fc0f

    • SSDEEP

      6144:TbH2x032xd42bYUQdF0MV97OICNSb6TLkC7XWG:Tr2xlbXVW97OICNSbg

    Score
    1/10
    behavioral13behavioral14

    • Target

      Firewall.exe

    • Size

      332KB

    • MD5

      a9bae7ec6bc658f5f3f21763afcd852e

    • SHA1

      04dafcbe2e16735df793e344f9466e3cc5e9d23c

    • SHA256

      be9da8e57f2372c2e5fd4fae7b1c21f7d909c0e642d7abca6b566dd4a12e0231

    • SHA512

      cc2549dfe7fd41410e8b79600aea10b7578ac55bd2071922346c9f08fc5fa2fd1891adcdaed30a104673e3a724462b4a0cb02755ad04dd676fce63c788ed7886

    • SSDEEP

      6144:W8gNW3H/AW45Iz87Aqozzg/JUUEa8K41RZoEhLQfeXM:hgUX/AW45Toz2Uva8oEJQ2

    Score
    1/10
    behavioral15behavioral16

    • Target

      Resources/HTML/Desktop.htm

    • Size

      138B

    • MD5

      a7a47c0a0dce2bec43dae167a5a3798e

    • SHA1

      31e749363319f8a09267a45e109e7b11f7788b46

    • SHA256

      42f8b8de52e44c4f1fa86a833c71c88bb6310f8f82a45c3055cb1016e50b243c

    • SHA512

      b312f1453e36294c42ac59076d83601cb26750d58fdc528cdf0299cc0d80bf7d82b1392deffee3b6f56a1112581c76860deab5d1044cceba91cfb16f534ca657

    Score
    1/10
    behavioral17behavioral18

    • Target

      Resources/HTML/Infinity.htm

    • Size

      157B

    • MD5

      fac517442f28d6f238d9d6f927e7f846

    • SHA1

      14f6f1eaa3a15f96f0aa12f69e1425914754a636

    • SHA256

      ac3b5875fa4dcb5996a5e19b7ef06717b8e147c632e899ff20433e44467024a9

    • SHA512

      d4f9256716def9c05b0e12c11455af8b224c90d773585d1704a5c480e3b1a8124e76990c7a7c8330ee951ad0ace2bd59693114062171485cd5e77171120209d2

    Score
    1/10
    behavioral19behavioral20

    • Target

      Sweeper.exe

    • Size

      380KB

    • MD5

      7cd2c463c22d951595bab50604e4361a

    • SHA1

      9abcf1b6fb98452b88bcb4ebaa14f28d920260ea

    • SHA256

      11ebc6c6f5b190bed312e647083e732d42cac4add6dfe9e9d222ec124f8f058b

    • SHA512

      846367bdd9a2a1a3a3ce541c851b6c51937692039cc2d5124f5a12e967c67a53c7583496979aafe73123420ba84eab06034b9ed0e87e35d8aa0cbc4531c75c5f

    • SSDEEP

      6144:UJQMK+wDFQvzzAK9JoDsG1KT01RjM759uF+xvtkqhC9ahrNprNdxTBHlejRFghha:NMK+wDFQvzzAK9JasG1KTaRM7LhxlhoV

    Score
    3/10
    behavioral21behavioral22

    • Target

      Uninstaller.exe

    • Size

      28KB

    • MD5

      904b62bb34ba8d13925136f8329478b2

    • SHA1

      680dc77ca6ed01bd737baa7a204520fdb248bf95

    • SHA256

      4d9fdc0327bcf498179b90ae8c83a89282af8f358fffa0abbc1d30fa68f54232

    • SHA512

      01bb7691361e5a2afc319f7a5e79a300a61baa986e7f26dfbe8adac7ca08df8dce2be223a5094c1d8a0bf530451d7ad90b72f543aeeb661ecb108cd7edf9e024

    • SSDEEP

      192:T6wyvtVjtbDdJeWAX3JYwfTqbDK0mPOcNKOQpIVEsRcBXnbW6OND3WyB8:T6wy5bgfTqT+TDQXnbRSD3WyG

    Score
    1/10
    behavioral23behavioral24

    • Target

      firewall.sys

    • Size

      2KB

    • MD5

      5779f099684ddf70a0c63e21b498ad34

    • SHA1

      9cc8f0be4d8e3ed1ab1ef4256f1e77c53fcd2013

    • SHA256

      1b6f32ee6b1e66a1c1804e0dc08a76340d7c38ff366e9170b2eac97466794506

    • SHA512

      fa8c8b6085cac2070f004ebdc1f9a8dc02d27bcd53ec95b3e76e36cd9675b279cb36708a04eb3dfcc34a83e9cf8eb666cda8cbadc04bd8c2f9a8f239571fd064

    Score
    1/10
    behavioral25behavioral26

    • Target

      foxiecoreu.dll

    • Size

      544KB

    • MD5

      2db21b165a85aef52c5074fb7f166938

    • SHA1

      a9512fd2530a50b3faccad9594b552cd78a9d1cc

    • SHA256

      63505ff185c63732a42ded30d858906dfc3c4e3922c1f124841a0171f4f56cc5

    • SHA512

      ee9dc74756e1826b48a47d4e208609e2619d88b88952df6036852cb256f805c8469079ff585007ed132eea46760830eb177d671d121eb603e2af92423e984ce9

    • SSDEEP

      12288:bAW5Drce/fYBUhLw625TDre6kNOaMZzVB3m2QaMPHfyVE7562us5bUAdlUz22EXu:MrOoetG322QaMPHfyVE7562us5bUAdlE

    Score
    6/10
    adwarestealer

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral27behavioral28

    • Target

      foxietoolbaru.dll

    • Size

      284KB

    • MD5

      945756b60135ce3c3a1bd7c10d79db3a

    • SHA1

      247ce597e68c8d74696910bee78e3ca42c74fe05

    • SHA256

      a780a1a14935cafbbba21bc8232eb9c4a0e78d2ba0e6747134937e0fab33ba81

    • SHA512

      ff82ab1c7e9aa2e234729ced2a8e3fa9309cc361652bccd29b4be0f9c60b411900dcf7885558cc666a015492e1e187135440d44c549a3b85921fdbe4ca0b20b3

    • SSDEEP

      6144:/vBasnoZDc/4IWQmZvGbhOxDJLkGpiDdITVVmziaRV+XzNiRI9Ny8Qo:B9nAo/yHvGbKDJLkGIdITV6iaMzBNy87

    Score
    6/10
    adwarestealer

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral29behavioral30

    • Target

      uninst.exe

    • Size

      64KB

    • MD5

      d9ede82a6ff2ebd2fe6681dfe6a9d3d9

    • SHA1

      3213e91ea6ffc5fcc2a404639aa5ed5120d1f68e

    • SHA256

      f97e623846f8f276f469772ca58d0c03a536e69b25f19207d6d06b556aaed506

    • SHA512

      b67c9af19cbdf1f65c6db8e9fe294e8a11ce1a606c4e5eff91375b1fb4d898ce0b5e064edf5c817e75b33a8aadbb9ac34f7553d99c437bb8ccf113464d2f441e

    • SSDEEP

      1536:OWbXhuGWZzJkAKqQxenkJnuQcREYRNtuUBXn:OkxuGW5Jk33xenkJnrq3Rn

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
7/10

behavioral2

Score
7/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

adwarestealer
Score
6/10

behavioral28

adwarestealer
Score
6/10

behavioral29

adwarestealer
Score
6/10

behavioral30

adwarestealer
Score
6/10

behavioral31

Score
7/10

behavioral32

Score
7/10