2f14f9b66d7054613c2e84f70d04fd5cdb3b2c99ec7f72d14123feffcf6a8808 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

42f3a1d26fb4dcbf86ffa3289aa3dc10_JaffaCakes118
Size

587KB
Sample

240713-xpzvtatbpj
MD5

42f3a1d26fb4dcbf86ffa3289aa3dc10
SHA1

60b5c3a0ba32b79596fbc264b3df6f1818957ed9
SHA256

2f14f9b66d7054613c2e84f70d04fd5cdb3b2c99ec7f72d14123feffcf6a8808
SHA512

8d8abf9d08d872133519d468ff980682c88a47d9567372a5cc457ed8d743cfc8ff1ffe97c62be5a1bbcef59407d3a887b37d0eab0aae4129ba3fa7cd94951f51
SSDEEP

12288:pab0pEkOM74sWha8LkW3kXcYWLBKMXLUa3oYViTeyJILJQ:4IjzrqLLkW3zBBNgqiSQ

Score

7^/10

adware discovery evasion stealer trojan

Malware Config

Targets

- Target
  
  42f3a1d26fb4dcbf86ffa3289aa3dc10_JaffaCakes118
- Size
  
  587KB
- MD5
  
  42f3a1d26fb4dcbf86ffa3289aa3dc10
- SHA1
  
  60b5c3a0ba32b79596fbc264b3df6f1818957ed9
- SHA256
  
  2f14f9b66d7054613c2e84f70d04fd5cdb3b2c99ec7f72d14123feffcf6a8808
- SHA512
  
  8d8abf9d08d872133519d468ff980682c88a47d9567372a5cc457ed8d743cfc8ff1ffe97c62be5a1bbcef59407d3a887b37d0eab0aae4129ba3fa7cd94951f51
- SSDEEP
  
  12288:pab0pEkOM74sWha8LkW3kXcYWLBKMXLUa3oYViTeyJILJQ:4IjzrqLLkW3zBBNgqiSQ
Score

7^/10

adware discovery stealer
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/newadvsplash.dll
- Size
  
  8KB
- MD5
  
  7ee14dff57fb6e6c644b318d16768f4c
- SHA1
  
  9a5d5b31ab56ab01e9b0bd76c51b8b4605a8ccce
- SHA256
  
  53377d0710f551182edbab4150935425948535d11b92bf08a1c2dcf989723bd7
- SHA512
  
  0565ff2bdbdf044c5f90bd45475d478b48cdbd5e19569976291b1bdd703e61355410c65f29f2c9213faf56251beb16d342c8625288dad6afc670717b9636d51f
- SSDEEP
  
  96:qD5UDaGxZH52QhtZafDP9BTS9nPg83UniV/zRzGEl1DMl1zN6LmeYt4dO:W5UDaGxZH5T0j+9nl3BzG0IZ6LqN
Score

1^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  4KB
- MD5
  
  8f4ac52cb2f7143f29f114add12452ad
- SHA1
  
  29dc25f5d69bf129d608b83821c8ec8ab8c8edb3
- SHA256
  
  b214d73aea95191f7363ad93cdc12b6fbd50a3a54b0aa891b3d45bc4b7b2aa04
- SHA512
  
  2f9e2c7450557c2b88a12d3a3b4ab999c9f2a4df0d39dcd795b307b89855387bc96fc6d4fb51de8f33de0780e08a3b15fdad43daeaf7373cca71b01d7afdaf0c
- SSDEEP
  
  48:6sG7qYBUYBFxhRwYCI0owYlOdkPm4LYZ5sRXEv26vqAa4GEVu:HhYBUYBL0Toa7+Q5sKG4GEV
Score

3^/10
behavioral7 behavioral8
- Target
  
  $TEMP/~nsis/Cloud-Web_nad_2_86.dll
- Size
  
  551KB
- MD5
  
  10b188c019ba9e23fec9b06f272c3438
- SHA1
  
  5c50e3ce77935a3ef6a2679bccf9a228f4d42eef
- SHA256
  
  90d999d46e21356297a1ca84ffe5e94e3e29d767437d4e805950dc2250269b8a
- SHA512
  
  018bdf75222bf7ce2edefcc9cf896658b2e7f63ef8cf7f2497c5145935d9b59591fec37dc9fb0c4801681d3d6178aa07a400fef88527119eb8366f8ca35ec00a
- SSDEEP
  
  12288:0skCLQe6u9zayEyag8laUVnXqfKTbqNKX0gs/hdiifbkn:l/L9TQNaUpJTh0gs/hdiijkn
Score

3^/10
behavioral10 behavioral9
- Target
  
  Cloud-Web_2_86.dl_
- Size
  
  123KB
- MD5
  
  cd80e012b768c6fbfcf209a10bcfb2b2
- SHA1
  
  e1c01bd52be5861cd20696484c043a2b77d22222
- SHA256
  
  ee3ba8b64aeaacac397cd4fe81bd4433f23bf7b144a65c18034b1323e6e75c23
- SHA512
  
  d1cc91089165ef8507bd8bf21aa76d2373579e7e5e793ee72bd123b9bb8135e8d61272db79aa5d47f3848d8a2a54dd1c9a5b3892ba1f00cc4dc8e2367063f44a
- SSDEEP
  
  3072:QNG0ZeC/azzmWxd/mZQA3NM46eqtGGrCxCnW:AtzyKYJmmAGeury
Score

6^/10

adware stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral11 behavioral12
- Target
  
  Cloud-Web_2_86.dll
- Size
  
  123KB
- MD5
  
  cd80e012b768c6fbfcf209a10bcfb2b2
- SHA1
  
  e1c01bd52be5861cd20696484c043a2b77d22222
- SHA256
  
  ee3ba8b64aeaacac397cd4fe81bd4433f23bf7b144a65c18034b1323e6e75c23
- SHA512
  
  d1cc91089165ef8507bd8bf21aa76d2373579e7e5e793ee72bd123b9bb8135e8d61272db79aa5d47f3848d8a2a54dd1c9a5b3892ba1f00cc4dc8e2367063f44a
- SSDEEP
  
  3072:QNG0ZeC/azzmWxd/mZQA3NM46eqtGGrCxCnW:AtzyKYJmmAGeury
Score

6^/10

adware stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral13 behavioral14
- Target
  
  Cloud-Web_mime_2_86.dl_
- Size
  
  210KB
- MD5
  
  e03152320af546785839f21cefd28ce1
- SHA1
  
  7264e5753bb5313b9ceb69d05c15e000ed938559
- SHA256
  
  6807aee8007988c5409a947a526c187c66e349886399541454800ce2a99c2442
- SHA512
  
  93681775e96cb80b8cc4b89c788902f5070497c5a0120c0ba965c14e651ab3726387bc0d3f8feeaf315ae45bd7bf40bf37f1e2fd379b89bc812c9dd2fdfefb5e
- SSDEEP
  
  3072:6a8sgv0ObRPWecmwdM808YQ1AyygLLdMFktjDVe7IFy4P0ngbSKNrXRenv:6Cgv0q0ecmf806ayyIL+Fujx4Iw4AuFG
Score

1^/10
behavioral15 behavioral16
- Target
  
  Cloud-Web_mime_2_86.dll
- Size
  
  210KB
- MD5
  
  e03152320af546785839f21cefd28ce1
- SHA1
  
  7264e5753bb5313b9ceb69d05c15e000ed938559
- SHA256
  
  6807aee8007988c5409a947a526c187c66e349886399541454800ce2a99c2442
- SHA512
  
  93681775e96cb80b8cc4b89c788902f5070497c5a0120c0ba965c14e651ab3726387bc0d3f8feeaf315ae45bd7bf40bf37f1e2fd379b89bc812c9dd2fdfefb5e
- SSDEEP
  
  3072:6a8sgv0ObRPWecmwdM808YQ1AyygLLdMFktjDVe7IFy4P0ngbSKNrXRenv:6Cgv0q0ecmf806ayyIL+Fujx4Iw4AuFG
Score

1^/10
behavioral17 behavioral18
- Target
  
  Cloud-Web_nad_2_86.dl_
- Size
  
  551KB
- MD5
  
  10b188c019ba9e23fec9b06f272c3438
- SHA1
  
  5c50e3ce77935a3ef6a2679bccf9a228f4d42eef
- SHA256
  
  90d999d46e21356297a1ca84ffe5e94e3e29d767437d4e805950dc2250269b8a
- SHA512
  
  018bdf75222bf7ce2edefcc9cf896658b2e7f63ef8cf7f2497c5145935d9b59591fec37dc9fb0c4801681d3d6178aa07a400fef88527119eb8366f8ca35ec00a
- SSDEEP
  
  12288:0skCLQe6u9zayEyag8laUVnXqfKTbqNKX0gs/hdiifbkn:l/L9TQNaUpJTh0gs/hdiijkn
Score

3^/10
behavioral19 behavioral20
- Target
  
  Cloud-Web_nad_2_86.dll
- Size
  
  551KB
- MD5
  
  10b188c019ba9e23fec9b06f272c3438
- SHA1
  
  5c50e3ce77935a3ef6a2679bccf9a228f4d42eef
- SHA256
  
  90d999d46e21356297a1ca84ffe5e94e3e29d767437d4e805950dc2250269b8a
- SHA512
  
  018bdf75222bf7ce2edefcc9cf896658b2e7f63ef8cf7f2497c5145935d9b59591fec37dc9fb0c4801681d3d6178aa07a400fef88527119eb8366f8ca35ec00a
- SSDEEP
  
  12288:0skCLQe6u9zayEyag8laUVnXqfKTbqNKX0gs/hdiifbkn:l/L9TQNaUpJTh0gs/hdiijkn
Score

3^/10
behavioral21 behavioral22
- Target
  
  Cloud-Web_run.ex_
- Size
  
  127KB
- MD5
  
  cc2c7d2ca1d6a2100680f77b32a3ac2c
- SHA1
  
  f23dfeb12c78a44cb2d6191eb3f405a147ae6167
- SHA256
  
  875589feb35cbc36355d6ccf062e97fba77b94f102a7560b636aecda570457a9
- SHA512
  
  7f11137990210a5130bd48be37b1496a3ce835a88a047d026e10a3484035a9749faa7105f9fd4e1658e7f3f8447b6dc784b6d941cc6a56511f65bf553baff578
- SSDEEP
  
  1536:ZscErAHEUo+d49J2uSF0/cyqsMYdLY3wvfpGqn/:cA3eB/cyqsMYo3qn/
Score

6^/10

evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral23 behavioral24
- Target
  
  Cloud-Web_run.exe
- Size
  
  127KB
- MD5
  
  cc2c7d2ca1d6a2100680f77b32a3ac2c
- SHA1
  
  f23dfeb12c78a44cb2d6191eb3f405a147ae6167
- SHA256
  
  875589feb35cbc36355d6ccf062e97fba77b94f102a7560b636aecda570457a9
- SHA512
  
  7f11137990210a5130bd48be37b1496a3ce835a88a047d026e10a3484035a9749faa7105f9fd4e1658e7f3f8447b6dc784b6d941cc6a56511f65bf553baff578
- SSDEEP
  
  1536:ZscErAHEUo+d49J2uSF0/cyqsMYdLY3wvfpGqn/:cA3eB/cyqsMYo3qn/
Score

6^/10

evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral25 behavioral26
- Target
  
  Cloud-Web_tb_2_86.dl_
- Size
  
  127KB
- MD5
  
  2f476c794155a6d41487ab48ca6091a8
- SHA1
  
  999d2036b8e6b4fb75db915e8fcd1447652c6816
- SHA256
  
  25fcf3cb6a01fa879cd8153ce826564505967049e9a66811c972a8384e320092
- SHA512
  
  f7c82513dcc6d6f09e0d7b634f2ff8d5fe6864fce05729a807a82150fb196666a355c19f01657a8628b3592d3d15c93dfe7ffee78816e9cfa441b52c4f47f91c
- SSDEEP
  
  3072:4csRZq+GIN/GR/7gkdIIZnZDNtni/psYSxs9Dqtnq:DH9geR/7wIP0mxs92M
Score

1^/10
behavioral27 behavioral28
- Target
  
  Cloud-Web_tb_2_86.dll
- Size
  
  127KB
- MD5
  
  2f476c794155a6d41487ab48ca6091a8
- SHA1
  
  999d2036b8e6b4fb75db915e8fcd1447652c6816
- SHA256
  
  25fcf3cb6a01fa879cd8153ce826564505967049e9a66811c972a8384e320092
- SHA512
  
  f7c82513dcc6d6f09e0d7b634f2ff8d5fe6864fce05729a807a82150fb196666a355c19f01657a8628b3592d3d15c93dfe7ffee78816e9cfa441b52c4f47f91c
- SSDEEP
  
  3072:4csRZq+GIN/GR/7gkdIIZnZDNtni/psYSxs9Dqtnq:DH9geR/7wIP0mxs92M
Score

1^/10
behavioral29 behavioral30
- Target
  
  cloudidsvc.ex_
- Size
  
  107KB
- MD5
  
  191d8246a87565d7291f8d518c60912e
- SHA1
  
  45cf9834d3930b1b91e075999c44dd143bcc5a4d
- SHA256
  
  9ae3b2a05985b28b28439b667b26f3bb2543f7ac757ca0187beacd67dd898b37
- SHA512
  
  208c2312317e776e6c63e7fe5504178142be6fcee03df00b392b249db529cb55b94974465d7282331f6dec096821208046b2ad462e66e8b9d2c7b13df12d7846
- SSDEEP
  
  3072:AdHnGCX1bqufhEjoed++1KOI5oGJs1t9zftnD:AdHGQqK9edD1KFo915
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

adwarediscoverystealer

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32