Overview

overview

7

Static

static

7

48b87f5a44...18.exe

windows7-x64

7

48b87f5a44...18.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

1

$PLUGINSDI...er.dll

windows10-2004-x64

1

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...le.exe

windows7-x64

7

$PLUGINSDI...le.exe

windows10-2004-x64

7

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

MainInstal...ed.exe

windows7-x64

7

MainInstal...ed.exe

windows10-2004-x64

7

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

SetupAuto.exe

windows7-x64

7

SetupAuto.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...oc.dll

windows7-x64

7

$PLUGINSDI...oc.dll

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

2YourFace_Util.dll

windows7-x64

3

2YourFace_Util.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    48b87f5a44b720f542b53bd66025e466_JaffaCakes118

  • Size

    3.8MB

  • Sample

    240715-ht6rlaxapc

  • MD5

    48b87f5a44b720f542b53bd66025e466

  • SHA1

    54f33a5030be2983bac11d22da65f3c58bd0cb11

  • SHA256

    6058bf31d92d6ab4be098b9d318d5236c45d570b8d4af96a559311ac16d16908

  • SHA512

    2b151210c5c18d2d726986ef5dc9be871061650169c6c9590144131a0a6e95605866b7b962000a915faab5ffdfed7df57a46439dd0bbeb3e429e17a02d1b7423

  • SSDEEP

    98304:uCWcZE1nsF6n+cLvX3dU/XRAz5rOzO4MiEnR7HuQotK7oqp:uCWzFNHIXGOJMi8R7+K7p

Score
7/10
adwarediscoveryevasionspywarestealertrojanupx

Malware Config

Targets

    • Target

      48b87f5a44b720f542b53bd66025e466_JaffaCakes118

    • Size

      3.8MB

    • MD5

      48b87f5a44b720f542b53bd66025e466

    • SHA1

      54f33a5030be2983bac11d22da65f3c58bd0cb11

    • SHA256

      6058bf31d92d6ab4be098b9d318d5236c45d570b8d4af96a559311ac16d16908

    • SHA512

      2b151210c5c18d2d726986ef5dc9be871061650169c6c9590144131a0a6e95605866b7b962000a915faab5ffdfed7df57a46439dd0bbeb3e429e17a02d1b7423

    • SSDEEP

      98304:uCWcZE1nsF6n+cLvX3dU/XRAz5rOzO4MiEnR7HuQotK7oqp:uCWzFNHIXGOJMi8R7+K7p

    Score
    7/10

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/Banner.dll

    • Size

      477KB

    • MD5

      7a7127c1c951833b9b752b5b55aecd1c

    • SHA1

      86bdfd31cf14a831b89deb6852292ae012049a98

    • SHA256

      7b66a639beb9754776bdf123b0a389c83de2003c416fbd9d0488ab32e3f1f921

    • SHA512

      6b4631d294cdea1c76bfc2a7c9900364be7499e184eaf0be4cfcafe75c775ce057eb9940dcab85d97f6a75b4e29e8bde9c76d412366d9100623aaff69ba8f8b1

    • SSDEEP

      6144:F3qujs8hR5ycAT21eRBfE6LzA8zjZGeCD:u8RyRAeXfECA8zlG

    Score
    1/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      14KB

    • MD5

      a5f8399a743ab7f9c88c645c35b1ebb5

    • SHA1

      168f3c158913b0367bf79fa413357fbe97018191

    • SHA256

      dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    • SHA512

      824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    • SSDEEP

      192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go

    Score
    3/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/bundle.exe

    • Size

      1.6MB

    • MD5

      981780e62db7df6ebf7dc3fc94ff9df4

    • SHA1

      32cafdcfe5822f0eea2def9829afa30e746feeb6

    • SHA256

      c207ee428f0eb876e23f5b7ac859f0602aff15ac533eeb6b74262e99f3658342

    • SHA512

      a59c19741b258223dee6a8f631d2cc442c9fb5cc9d13b87e81cb9b5bdd2cede636ac442b3aa254abe9b50f88eb810cd9769d91697e8fabc5ce2f844ef47cbb99

    • SSDEEP

      49152:e8YWaDwae/oxwOLa1IgZ/yS4SS0emt5NMVqi:ZYpktoxwSa1IgEy7FRQ

    Score
    7/10
    adwarediscoveryevasionspywarestealertrojan

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      14KB

    • MD5

      a5f8399a743ab7f9c88c645c35b1ebb5

    • SHA1

      168f3c158913b0367bf79fa413357fbe97018191

    • SHA256

      dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    • SHA512

      824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    • SSDEEP

      192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go

    Score
    3/10
    behavioral11behavioral12

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    behavioral13behavioral14

    • Target

      MainInstallerAutoEmbedded.exe

    • Size

      796KB

    • MD5

      7fc6bc14a74dc69773587af10132d8c9

    • SHA1

      9d98b268eaa7f4ad208bde39944fdb1ab201e076

    • SHA256

      e288d49f6011dcd3f893e54ceafda9b6b491543966521c483064a7df43e5bdd2

    • SHA512

      a738205fb26bf259e70b1cacfd10f9168d381778ef90a49847b8d332d93b471cbdcf6357a3d2dfb2e41a4666cba98dd9dc2867a20d472636e5fc8080cc073742

    • SSDEEP

      24576:P7yrmq17YLUAl1+O50aT+1bXkS/EZQM7G7ZQ51bmtfWR163i95cVmB:jgbyLV1ILT/ES46S5Bmted6VmB

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral15behavioral16

    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      14KB

    • MD5

      a5f8399a743ab7f9c88c645c35b1ebb5

    • SHA1

      168f3c158913b0367bf79fa413357fbe97018191

    • SHA256

      dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    • SHA512

      824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    • SSDEEP

      192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go

    Score
    3/10
    behavioral17behavioral18

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    behavioral19behavioral20

    • Target

      SetupAuto.exe

    • Size

      512KB

    • MD5

      ff0198fd1f59b71c1deec34b6b0b0c07

    • SHA1

      cae622ad91a3bab0996589e3bf905c9d4eeb6059

    • SHA256

      f552d818f17841efb7f06803ecd2479fe5c9b2a0d3c4dad2c9d90b42e2e9d7d5

    • SHA512

      96795276eefcde81b0ad4ac85f4aaec368cb93bd9e9912c343316912f1502f3a22d845af3ba75ea5aa92b1936028558d48c11a77d331d49bd77f58b886868ccc

    • SSDEEP

      12288:Qnm2P17YuUAlhZk4ZN5lviET7MacVdekBCaeKOKEZQM7gM7ZQN:Qnh17YuUAlh+S5ZdT7sbekOKEZQM717M

    Score
    7/10

    • Loads dropped DLL

    behavioral21behavioral22

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      325b008aec81e5aaa57096f05d4212b5

    • SHA1

      27a2d89747a20305b6518438eff5b9f57f7df5c3

    • SHA256

      c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    • SHA512

      18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    • SSDEEP

      192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo

    Score
    3/10
    behavioral23behavioral24

    • Target

      $PLUGINSDIR/KillProc.dll

    • Size

      24KB

    • MD5

      6c2b245e89428fb917a5805815a4054e

    • SHA1

      5bcd987700dd761f02d2d1d024b8f20077985051

    • SHA256

      0558bbdfe61eefb680e8560a7d4b174447a9516098f9cd8b4c84bf1552cee5c5

    • SHA512

      ecb3fb77532d6ffa1ca08df05a6a86b18138356e63cb40edf68f97fc7fdf2e781a4ebeb1efdb9f13f947304312dd19ef5c4a78ddc60843f5f726cde69b2c57d4

    • SSDEEP

      384:DqIKV2NkzYqElRYhENOwN3uCyolsTMY29Goaz+QshqTPZHoErRZGAqcywHTswk4:D3KexROO3uCyow2/RA9VRZtBzLk5

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral25behavioral26

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    behavioral27behavioral28

    • Target

      $PLUGINSDIR/nsProcess.dll

    • Size

      4KB

    • MD5

      faa7f034b38e729a983965c04cc70fc1

    • SHA1

      df8bda55b498976ea47d25d8a77539b049dab55e

    • SHA256

      579a034ff5ab9b732a318b1636c2902840f604e8e664f5b93c07a99253b3c9cf

    • SHA512

      7868f9b437fcf829ad993ff57995f58836ad578458994361c72ae1bf1dfb74022f9f9e948b48afd3361ed3426c4f85b4bb0d595e38ee278fee5c4425c4491dbf

    • SSDEEP

      48:iYXzAm8HGJLvwM8GJFd6I7W4JtT2bxNNAa4GsNf+CJ8aYqmtlKdgAtgma1QvtCSJ:lz2mJkpGR6GY74GQ1YqmstgGCtR

    Score
    3/10
    behavioral29behavioral30

    • Target

      2YourFace_Util.dll

    • Size

      50KB

    • MD5

      4cb05fd996f8c1d5142ec77f52b3eb93

    • SHA1

      0d8122bc7b4f4991201dbc3e7313c51f38b40493

    • SHA256

      c05a336d4fd4719ae002c3befc690f462c64930b50912a632441a88f85bec77a

    • SHA512

      9682d34093e3e8bde0b289d3690722a3e590d7d9cdd058debb122f3c997493d52034aeb36adcc64b52d4805171d4054c9bec87e46e1ec995c6089d4d40d3e3bb

    • SSDEEP

      768:eh2p6b6ezNEqyRo0Mhjww4EBYkkJnFjGUED3inLEjfOWU3soAdi:eh22bBcJk0fLgu38Q

    Score
    3/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

Score
7/10

behavioral2

Score
7/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

adwarediscoveryevasionspywarestealertrojan
Score
7/10

behavioral10

adwarediscoveryevasionspywarestealertrojan
Score
7/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
7/10

behavioral16

Score
7/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
7/10

behavioral22

Score
7/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

upx
Score
7/10

behavioral26

upx
Score
7/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
3/10

behavioral30

Score
3/10

behavioral31

Score
3/10

behavioral32

Score
3/10