48eda05ebc3353d6a9386a9796a76c42395caa2ab9894936ee59484b17369fbf

Sharing

Copy URL

Twitter E-mail

General

Target

485fd9e0fa159847c99fae2d1463a838_JaffaCakes118
Size

681KB
Sample

240715-fxzrcaserc
MD5

485fd9e0fa159847c99fae2d1463a838
SHA1

e13d2db455d5c09738671cc906069b09a89d0655
SHA256

48eda05ebc3353d6a9386a9796a76c42395caa2ab9894936ee59484b17369fbf
SHA512

52cbf756b6d652b2b11d2b9c184d08d1b87afe596cedb26511ec0baaf5f3a6df16e0e6603b237604c1274953ae5605b7ae8b98b54281fd750e4add240a45e345
SSDEEP

12288:v0aOMEz2DmXYj1F9n5TBT3SXW3YoJ06N2xOqkaAqeUe532rGzduuSh:cEEbXYzogatKuGzduuSh

Score

7^/10

Malware Config

Targets

- Target
  
  485fd9e0fa159847c99fae2d1463a838_JaffaCakes118
- Size
  
  681KB
- MD5
  
  485fd9e0fa159847c99fae2d1463a838
- SHA1
  
  e13d2db455d5c09738671cc906069b09a89d0655
- SHA256
  
  48eda05ebc3353d6a9386a9796a76c42395caa2ab9894936ee59484b17369fbf
- SHA512
  
  52cbf756b6d652b2b11d2b9c184d08d1b87afe596cedb26511ec0baaf5f3a6df16e0e6603b237604c1274953ae5605b7ae8b98b54281fd750e4add240a45e345
- SSDEEP
  
  12288:v0aOMEz2DmXYj1F9n5TBT3SXW3YoJ06N2xOqkaAqeUe532rGzduuSh:cEEbXYzogatKuGzduuSh
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/ChameleonTomIE.exe
- Size
  
  185KB
- MD5
  
  6ac6f46f4202ae21f46fd0068a962d3e
- SHA1
  
  9e286b8f0f87df399f7a386c672d8d1473620b73
- SHA256
  
  db11bb695712303ff8c9d0abe08810bdd0b046794c26f342f22706e24446442b
- SHA512
  
  fb5906550c6de64b23deed80761ac7edc2bd0ee925656556dcd105aaeff3ebcc79cce849c70b8499ceae3f5be244e8dd0ea3cc6a12caa79e4e44243a57f3b3f0
- SSDEEP
  
  3072:F85FnEA0PNdJl45vHHtJICAohuq4sINZGMqEcyi5/rNB8iYUjt8A47:FgFEN9IHNuCAAunnG1RxLW7
Score

7^/10

adware stealer
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral3 behavioral4
- Target
  
  menu_en.htm
- Size
  
  16KB
- MD5
  
  9b3f1fadefb4823f9ff7d4e95235cc12
- SHA1
  
  35d62346a8529c464b340a541edc29e1d3c72f8e
- SHA256
  
  85dda9f138c28df9392439c7f2535cd263ac751ca016e0e302ce1c92040ca5e0
- SHA512
  
  8e74494cf77bd1818190c4f91aa8afefbb185c4b7cdbe77ec7fd4d49b5296ec5a50097d34b0e731e5374f55a4a5c5235661b1f9e54609cb8058a7cfa0f7f4517
- SSDEEP
  
  192:4qGVd+MXRWKvrKJp/5nqpoqFy+XeBPDyt2Jo/OrlX6F3idUI2ATCs:4ZVd+SRBSuU62Jo/OrlX6F3yUIlTCs
Score

1^/10
behavioral5 behavioral6
- Target
  
  menu_ru.htm
- Size
  
  16KB
- MD5
  
  cc83539cc650c37cf1c8c375339bbcbb
- SHA1
  
  d1af7cd3c138aafcad03a172027193dadfd8f681
- SHA256
  
  b2ebcff602d543d22b00cd860254a496daa6c73c2fa8d99c794ed7eda8205d0f
- SHA512
  
  2e07acf796d4653a9c5c172f10e186dcf2711144d1ba556860e6f344ad596d6bcd27db35017c5d9bb9733edaa2088e5fa8054520665fabea9798a8fc3eaedf16
- SSDEEP
  
  192:4q+Vd+MXRWKvrKJp/5nqpoqFy+XeBPDyt2J2vu1XiFnXtBWIg0T+s:4RVd+SRBSuU62J2vu1XiFnKItT+s
Score

1^/10
behavioral7 behavioral8
- Target
  
  uninstall.exe
- Size
  
  47KB
- MD5
  
  ab6f301fbec8e875706f56bf91741aa8
- SHA1
  
  af06afad8830356895719e9fe59ca0cb34abaae9
- SHA256
  
  6b9ade2208612a17824b35c002ce0223ac31ced224e66f84f0781ab8be82e07b
- SHA512
  
  8066ab37adc3e1212440b9c8d55d5e2784ec94f401261169b77ee239a8d710bd0a2aa1d25a9297a066ca2fea04fe9dadb2272d4d65064d833509a2a9168c631a
- SSDEEP
  
  768:+bAqMPUUDYXQYFnh2A9uxICjmtIh4dGkqEhMFBiihdJSMgd2iZQAm6kRRS+NoJRl:CM8ZbFnEA9uPI2TdJSMgdLeAyNl5+
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral10 behavioral9
- Target
  
  wit4ie.dll
- Size
  
  210KB
- MD5
  
  6b4513d6395fc100d3bf98f3428286f2
- SHA1
  
  321ae2a5298f79c6f27ef99c4a4c913c4284d31f
- SHA256
  
  ac3f100228ea22017c2bf09796a046bbd3710cc3fa843b5ebc46a94d9d9bd2b0
- SHA512
  
  14a7b9ad09b45c6b5c13246dbedcf0915468dce26ced5851fe7d09c495812ae3cccee51d9716ef76e8a22423b32f31cc489f644dd904bafead257dea0618c9f2
- SSDEEP
  
  3072:M2MyXOs+ehSVySe6IyvDelAzaZXrRSakxtUKgDVotxiwiQpUhaMuyIxA0kKU:6yL0VV7u3bwakkKgDVoPiwwa9A+
Score

6^/10

adware stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral11 behavioral12
- Target
  
  witapi.js
- Size
  
  17KB
- MD5
  
  a0276100dd67f8d0952b782ecf4fce0a
- SHA1
  
  d79aebfd34a75a2311afc59b6666629a922ecc76
- SHA256
  
  0ba8e2c65037d111bb1aa1fd6568e7b0a065a8ac766bd10f249426b7dbfc06db
- SHA512
  
  16ecb4328d8e5eec73e475b314ec471f6d42343a511c58ceae8e17c9ca8db28770a81ae61fab7bd84cd8a5778110a9549900e835134437f46c12e6d7b1997d08
- SSDEEP
  
  384:N8iSegr+WP1OOH6/omq/qJBkk+pDMKF1Kcs9SH8M:N8iLgrxP19alqrksAKFIB9SH8M
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  witmain.js
- Size
  
  38KB
- MD5
  
  60619580e4127e6414707989c8d5eead
- SHA1
  
  1f2582256a51532fef70a623012acc099000652d
- SHA256
  
  2fb5e0d7008fa78c37da29b467283f3b2aa1761442b17663ac75795b04efe86d
- SHA512
  
  8c158251e97640f47c9176abe9d7ed70f13872320c3f7bd517c134fdd3cf9acf8d3e17e56be38337810f6c929a9b57aea3021fe0bfd8e73fa20282139bfc11fd
- SSDEEP
  
  768:Yn184eKEWFvNUHcaoHwX3sVkHGTbHaGRLp49IdJ:M184eKZFFUHcao6sOTGRLp49IX
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/Components.html
- Size
  
  1KB
- MD5
  
  dbe2a173b32bc4132c30a386c8b41237
- SHA1
  
  303bf844136af8866f3c2c0901665b1024d71d53
- SHA256
  
  02c9a76d1b012a133e4ac5e95a2a29fc1c608c4a7245b4886ce89aa07f2c1797
- SHA512
  
  3398710971eaaa44fbdfdbbcfa1fa96f60e6fb7676d6521f853013be17bdb691f1cae6e933b2aa85378b7d30c5a3a0a34e55bdde9e63ac69c6afbb948f127572
Score

1^/10
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/Confirmation.html
- Size
  
  2KB
- MD5
  
  191aceafbad365636cb7643c203626a0
- SHA1
  
  eb6c68d54d6a000106ef98333e70a67095eb0012
- SHA256
  
  0de9b6c025ad8da5dcda86652f455edcac12737a8975acd770af18ac32c0beea
- SHA512
  
  4c3b2bda77ab2d52812acd5250b0fbec7f7be756d3e28ccb9e1c401177e682ca1f020de61b3311635829825365db222000555284502f8598332fa48fa5b4fcbe
Score

1^/10
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/Final.html
- Size
  
  2KB
- MD5
  
  939e3484e47b322c467a6a0f59b23d91
- SHA1
  
  f3a315beb9b37736ba7bb4fc15189f3a04d2296f
- SHA256
  
  222816c721c2d70a4af59e86840155c61c13d72faae90bb12f5fa6573542b1c5
- SHA512
  
  2150dfda6b5d74885bf6c79820bc5ebf1fc3b53c2df39a9da326377182d4a5dc75ac84e9fa75b3ce59cbf681cd751ced68bcc57a7b1a59454e5262d144497ba3
Score

1^/10
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/InetLoadEx.dll
- Size
  
  55KB
- MD5
  
  9fae574b1004bb0650eebba3d8040c59
- SHA1
  
  541583ec14af05915b8efefe520edd4f25914c9a
- SHA256
  
  73f4a1529acf2ea56d4db9ed8134bed0498cea38903105f7c2af8cc7d11b8db3
- SHA512
  
  ab25c429301f2d8a2da6b7c2a222c4028ad8e393c67dde83606762a8ba49c6c49460538624a799969dd0b3c810623d7e471c65a390e8661228a621580d7d54c7
- SSDEEP
  
  768:WFKaQrcF+ntygjX/+qEg469TRphsguCtPQpcQaa5jZ19K:WIaQrs0kgjx9TRsg1ox5H
Score

3^/10
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/Install.html
- Size
  
  2KB
- MD5
  
  746152806d63b105414333920dff74a7
- SHA1
  
  db442fba9da8136a6278aa6b1045a7ff0e4ac580
- SHA256
  
  84bba2ca5aeef4fb742f1a30f8006c712a5a2d46e5d163c9da8eeed61d1004dd
- SHA512
  
  e19f02c805966a29a9f9aa58065894ce333a20994e73315d9d559fc0cb714d71cf66ebb70fcca6675d38d10597067570a95d9a306f4d28c78cd0a3273fff9fb2
Score

1^/10
behavioral25 behavioral26
- Target
  
  $PLUGINSDIR/Processes.dll
- Size
  
  35KB
- MD5
  
  2cfba79d485cf441c646dd40d82490fc
- SHA1
  
  83e51ac1115a50986ed456bd18729653018b9619
- SHA256
  
  86b302fa9c85dfa0c1c03ba000864a928365dab571f3355347dba02da22949b7
- SHA512
  
  cca186a7f9c5cff3f4eca410fbe8cc13dad2514a7e36aec9b1addfbcb239ace9b9b2d8427771858e3fd11783abce7e24d43c286f98da9f8b17562ca095a4c043
- SSDEEP
  
  768:uxEiycFoaj/+WSiJfmjvab7L/cUf7IIlMLRF:uxEm7sgfmjy//cgdlM/
Score

3^/10
behavioral27 behavioral28
- Target
  
  $PLUGINSDIR/Progress.dll
- Size
  
  80KB
- MD5
  
  15e01578481287bbcf32d2217f1b5246
- SHA1
  
  67a7d05bb2f8b33980867d3352280fa0cd0b4e9f
- SHA256
  
  61d8f9eba68cc6e2a83ec6d1689b2aa45e06bc32e13cdfcec8b593a14bc8bf70
- SHA512
  
  9a83832faf20eaef5043f69d468bfe032d790274df25bae73bce4f7830ac83587d7e23dba531bff04951cbed67399386d9ea4337002a99d8cf61de3f8e33b674
- SSDEEP
  
  768:WCFSITRx/imU5IBAczjPj+NbHHFJUzWwrhABjknWgiLLhfv09jaYhdb5P8mDnbK:+8xzUKBZo0zWWhskjiLwR/5P3b
Score

1^/10
behavioral29 behavioral30
- Target
  
  $PLUGINSDIR/Register.html
- Size
  
  17KB
- MD5
  
  9e98a5ed249763fc62459d9137d712ee
- SHA1
  
  0fefb6aa793b98b5e8eab3339dfaea70036e64ed
- SHA256
  
  ae58fdd1ee8f76df9096451a6478f859b0d79a0c5a90abe612c6dbab2d249c98
- SHA512
  
  0875240c0ca0ae108f31f2b9e12ee79d7940596e2660a6022a1a02543388b31bf929bd9f6ec8b15a2ac9f1298bda1353f1dd50a54edc50a567b3082387b26a8e
- SSDEEP
  
  192:zDEyoZbgnNAa6x9Q2vOXQyuv48238xglTWlNr33G+y2SeSpUHCh:6g++2mG48238xkT4rm+ygHE
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Loads dropped DLL

Installs/modifies Browser Helper Object

Deletes itself

Executes dropped EXE

Loads dropped DLL

Installs/modifies Browser Helper Object

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32