43dd818938f2a189ae43dcaffa558ad39d518aa60ac096f0cdc0f1c35677a249

Sharing

Copy URL

Twitter E-mail

General

Target

4ae6aa15892207c7e6323c9101c9a900_JaffaCakes118
Size

8.9MB
Sample

240715-w8dagstdrl
MD5

4ae6aa15892207c7e6323c9101c9a900
SHA1

513419ca2ba6531930e117d31833d39702121c27
SHA256

43dd818938f2a189ae43dcaffa558ad39d518aa60ac096f0cdc0f1c35677a249
SHA512

fbe7b4c1ae48d22f3b8a942127276a4cd1013d56880d8cea0acf6c584e5bb49054e9c948774d6debd29e8e03eedd753e84a0cb994534330a0aa03da38cc37ab4
SSDEEP

196608:dOxdnAHBH4QeK+UKoWSJplr0G9qj4YVemKLttARTzXcJ:d8V3QgloWSjlrZkcYVzKzsTzsJ

Score

8^/10

Malware Config

Targets

- Target
  
  4ae6aa15892207c7e6323c9101c9a900_JaffaCakes118
- Size
  
  8.9MB
- MD5
  
  4ae6aa15892207c7e6323c9101c9a900
- SHA1
  
  513419ca2ba6531930e117d31833d39702121c27
- SHA256
  
  43dd818938f2a189ae43dcaffa558ad39d518aa60ac096f0cdc0f1c35677a249
- SHA512
  
  fbe7b4c1ae48d22f3b8a942127276a4cd1013d56880d8cea0acf6c584e5bb49054e9c948774d6debd29e8e03eedd753e84a0cb994534330a0aa03da38cc37ab4
- SSDEEP
  
  196608:dOxdnAHBH4QeK+UKoWSJplr0G9qj4YVemKLttARTzXcJ:d8V3QgloWSjlrZkcYVzKzsTzsJ
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/Download_Energy.exe
- Size
  
  5.0MB
- MD5
  
  dd06d5bd99414adff053f29bd65abc49
- SHA1
  
  42827374cbaf21d4c58ed23644d38ade04916a61
- SHA256
  
  086c59c0cf90d477fb338e6af61647d02b169174c5e6aa0c3a5c9a29a19b74b9
- SHA512
  
  ef35ec985d997f9acf88223a00a41987e041054942ff823d52054eb7ece4556daef4eeee5d4590f23ca3236057009aca501794ac3d8d7d3359059fc8331b94ea
- SSDEEP
  
  98304:6wzOEtUIZUWlakoJOYm38KPKUU3lTzkOKVmhCtD8/WYJ7Kk:5/UIZvaZJW8K0Tz1KECtUWs
Score

8^/10

adware discovery spyware stealer
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  325b008aec81e5aaa57096f05d4212b5
- SHA1
  
  27a2d89747a20305b6518438eff5b9f57f7df5c3
- SHA256
  
  c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
- SHA512
  
  18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
- SSDEEP
  
  192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/vcredist_x86.exe
- Size
  
  2.6MB
- MD5
  
  5c82be7ad1775b67916ee19c15b99331
- SHA1
  
  7dfa98be78249921dd0eedb9a3dd809e7d215c8d
- SHA256
  
  eb00f891919d4f894ab725b158459db8834470c382dc60cd3c3ee2c6de6da92c
- SHA512
  
  2c505476c81ad32a4904d57d9214bbaa805891c261e010b08055896dca32cfd426f4d13d14a96022fda9a5d8ecd638d65bc37baefed216a2517f07e9acb6939d
- SSDEEP
  
  49152:7XOOTQyCR1e8HkA7pFomV4d4QN3uoxFit39/SZrPfLHkAZ0oI006q/HVFlQE+QD9:77EzzzJp0+ojyFALE4hIP/HRXP7x
Score

7^/10

persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral7 behavioral8
- Target
  
  Icons/proto_AIM.dll
- Size
  
  17KB
- MD5
  
  eee45687cce8b097f89f7369aaa6fb06
- SHA1
  
  be8f200ad42fae3ca06f097bfac853a15086f391
- SHA256
  
  320ecbba38eb16342711ac667d64be6a057c1f25e3ee800db52a13fab9f1cf35
- SHA512
  
  f512e6434cad51663153c5000219f6edb8a260f4d899bf39e43e7b8aceb50ce0be155c520bd6c2c84400e28a0a2c33ca37221678a22039d0102804abab41a648
- SSDEEP
  
  384:ZRR8HTD3ssY3JxOt0KXCh2Vngk/jnyRn:ZD8HXnwJxOt3S2pBjyR
Score

1^/10
behavioral10 behavioral9
- Target
  
  Icons/proto_ICQ.dll
- Size
  
  22KB
- MD5
  
  5aff6c0706434196385a80ea901ac4fe
- SHA1
  
  7a4e6ae0956b68f27f9924f91dcd430975ae4327
- SHA256
  
  cf514e4fa21549db4136ed794d00bb70e997a001f0a6284349eb88fdc7e6cb9c
- SHA512
  
  dda0be95b4191d42e6c400c2628b60bc251dd6b4717763f2ad6996bc90e64e695eb55ec2d9a06264f646efc651071645d007cb3ec298f47396668a6843ba07ef
- SSDEEP
  
  384:uRR8HTD3ssY3JxOt0EVK2VnLRdi782PdyRn:uD8HXnwJxOtJVK2pDiYR
Score

1^/10
behavioral11 behavioral12
- Target
  
  Icons/proto_IRC.dll
- Size
  
  16KB
- MD5
  
  b97ef1c629ea4b7aa2aad9eb1a52738f
- SHA1
  
  4e416a074355173edf8f64a0a8589f7f356b2f83
- SHA256
  
  d01519daa3da145f3e5ae1ab4b846b95d6f80bd9ea062604f8aacc590a698e0f
- SHA512
  
  32196b5da257fb681866147a278eb5da4a563db6ad5dc7e2713283a1f6e79ddadd6d68602da0696be4585c2903d2f6907a0559da991fd4e1b283fd9204a43aae
- SSDEEP
  
  192:LsTq6aQRUj33TwM3sDocjra6fW0CMxOR3XkEqtpc+Rb2Nbn3TYrxydDn:0RR8HTD3ssY3JxOt0d2gb2Vn3kNyRn
Score

1^/10
behavioral13 behavioral14
- Target
  
  Icons/proto_MSN.dll
- Size
  
  22KB
- MD5
  
  7da45bbc3b16c9eee6e3a5c8212f4c82
- SHA1
  
  5f8d4ad1faa793d2f3f32fa1a7ff6c80474a5080
- SHA256
  
  68771cb692fadeef55aac294b579bebbe0eb73e02ef10141a2df864f7ad60430
- SHA512
  
  f2885359d61244c4d347615619ef37ffbf6e00dbdc7263ea81897826641384cb533457115112105f4756c2132a725728fa82f8dc1dd1acabb755cfa68f6b27b7
- SSDEEP
  
  384:zRR8HTD3ssY3JxOt04Nq2VngngN2tUwyRn:zD8HXnwJxOt102pNwyR
Score

1^/10
behavioral15 behavioral16
- Target
  
  Icons/proto_YAHOO.dll
- Size
  
  22KB
- MD5
  
  45e7ad79a3c589cc66372657483795f7
- SHA1
  
  3db3a7f2d073d2454ee2a363f64507eff86266d3
- SHA256
  
  7e765564094de34383b29161ec0701d2cf383e07f5a5f296d95e957ae90b72d7
- SHA512
  
  9d326143283ff7b89b7cd8df96de5d057c12376db540e57b70de41876320ab284e4639a915fc533ecfa5f07ec441b191d31cb682a09e40c6d34eeecd8b9823f9
- SSDEEP
  
  384:PR5k9STI3s3gQ3BxOt06lyx2VngngN2fHUwyRn:PLk9SMDoBxOtrc2pN0HyR
Score

1^/10
behavioral17 behavioral18
- Target
  
  One Instant Messenger.exe
- Size
  
  652KB
- MD5
  
  fefbf897448d2357d87909ae99c73c1f
- SHA1
  
  7dadba678993b8f814c82eda3621d1f39b44583f
- SHA256
  
  385d6fc86ff71389fef63048033fac7f3a7b5d37283828f901b7ac616c7efc8d
- SHA512
  
  ec29ee66ae86bd6ec069816a2760ba757dd2402f513916e644c4c21b1c0d0233e028c9966d9c93af300429a6015bfd65828e4244edde77dada80ebf6a33cde1e
- SSDEEP
  
  6144:l7D2nSb7BcWJDE51YpzQXnqsaM+CNfZI3BqD8K6YI7E7qr3o13/vAgcuqM7S7Lv:l7DySvBcWq0aXqsaONfusdMo/3b7SXv
Score

1^/10
behavioral19 behavioral20
- Target
  
  dbtool.exe
- Size
  
  52KB
- MD5
  
  e283c72d04c1a3241ad78355ae27b1f5
- SHA1
  
  d8f079b794fa04c4ecb43a2758b0bad015d071bf
- SHA256
  
  7bf149b3d0bf57cb52b3ae5758c3391e00862f88a2ca87ce632c14d5d2fdb293
- SHA512
  
  2229a6e1455beda1dded32ad9a62d587eab0bae30120a0134c068f5ca1b3b124cdbcf172267f35ca4ac97ac6d9b9f55e6c491dd766c448cf561f0c16f9bf73d0
- SSDEEP
  
  768:4/l/9sscYks6qtFBw0PJArxkQp8zT9g8UhQ//mows80:G/ctqLBXPKVuHmo/80
Score

1^/10
behavioral21 behavioral22
- Target
  
  plugins/GG.dll
- Size
  
  187KB
- MD5
  
  6d379eac4af083ef380d6fb3b3bdc8dc
- SHA1
  
  867d33d91fa112ce83e8019ceada77b7606e1d16
- SHA256
  
  6e3379f90913796bf56b834f8a120fb7514c0e74004bd62d4707decfb93c9736
- SHA512
  
  e983e6aba1f870b665737278da98578a904de19e379b84e60ab3a0547180489b707db520dd527edf4e2f2445286996707a3db923dfeee082770275cdb2eef033
- SSDEEP
  
  3072:J07vrzCl2fkO3NxhjPt3sxUurh2n9ZV0HgjWtPjDryebpdstSTQELqgJ6DuNz7:u7vrh3rrsxBUjDuF
Score

3^/10
behavioral23 behavioral24
- Target
  
  plugins/IRC.dll
- Size
  
  272KB
- MD5
  
  f8e5d4329a15127ae372bf0e386e5d1a
- SHA1
  
  63de052f101ace8364a92edbbe325a17387a23ea
- SHA256
  
  6c65fd5554ca89f6c70ef1e62c6989161a43c0c700cc8ed42247b18f837896d9
- SHA512
  
  98629c2b8393c9591907196caab996bd34a76f641547ee0e96ddd1f2c1b7479f1f64de29855ad044d126fc72c3e862511771af00117e24e6fd0dcd6d00185c49
- SSDEEP
  
  3072:wuxa/BT3fRtiYR8H+/UonvMWi+CEre7G7wtIkrT14qHglDSPj1jTL50FBBWl50Wl:nqBWHbkv1i+trekCUO2BYWo
Score

3^/10
behavioral25 behavioral26
- Target
  
  plugins/Yahoo.dll
- Size
  
  145KB
- MD5
  
  e4bcac89f44235c6cada67d0e01df062
- SHA1
  
  aefafdbcda0eded7d794f09117c80609860c00e4
- SHA256
  
  1899a3f4433382e96cbe4a4d70d2105c186a7f170668bb05191b0b11e0535eb9
- SHA512
  
  e7122e259f2bf892a485fe8f2c8fc813312ae1209a712a57590c6c332b8f89d10d1542d0e2a0fb13c64e2ff251985635c2061cf23316180af625f015446711ea
- SSDEEP
  
  3072:2z9LQVMzWEGQlCPN9eNKAmlH9p2ppq097ztRw3NC:2z9MVMzfGcCveNKA2d8pf7ztRwo
Score

3^/10
behavioral27 behavioral28
- Target
  
  plugins/advaimg.dll
- Size
  
  372KB
- MD5
  
  df22a0cc0b3198f78ead3ec83c951488
- SHA1
  
  908fed0e7a0d9f84856deefd33651f4500cd62c1
- SHA256
  
  7a2f6f51cf335c698f8d1e92d0b7a30fb2c167b7f6c4ed15bcd99e1417a1703a
- SHA512
  
  208a692c6bf60ce1d6eef6fa9dff0dffec68e9e45f98890658da1a625732227948ba0c551a8ee06b9329c6396c82125002085b81945fb22c4f35d1e817a32459
- SSDEEP
  
  6144:z9vi5jVFfzFjWndAHFRz4tgoP4big1xQNBVxMUvamoBLiTowu2JK1On+CgcKVo0e:z9OjfLFjWuFV4tBP4bHrUvaNLlpsKmgc
Score

1^/10
behavioral29 behavioral30
- Target
  
  plugins/aim.dll
- Size
  
  187KB
- MD5
  
  74a4195319ed6be9ec6432eb93e88ab1
- SHA1
  
  f870c8a60746458b572531d2cdd3d547c7100e1e
- SHA256
  
  2751f4ca69cac30a285328aefc6f93f62078ec4a8a0e63bca094dfe813efc5ba
- SHA512
  
  06bbf3f4ce3da62d0baa1b4a717b68f2f2928bf90fe630dd5e8f958dca4f5798a12d474180a3f902054fda3b26fc2c2bb22b6b17b45b52118822b4446d028299
- SSDEEP
  
  3072:sKuTFp4hS/f/APRP53Jl0BJlLOorDrnAaZBjW/HNLtFaWRCb6XsCXI:BtPRP55lgLOotQBZiz
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Event Triggered Execution

T1546

Installer Packages

T1546.016

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Installer Packages

T1546.016

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Blocklisted process makes network request

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Checks installed software on the system

Installs/modifies Browser Helper Object

Drops file in System32 directory

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Enumerates connected drives

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32