6e763900cb89d7c94f43a3fa96e2338f0ff56add159447853225e8ac9e4b7706 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5a168b6e219c2c9c1e3ddb49ed1ae340_JaffaCakes118
Size

1.9MB
Sample

240719-cwsd4ayclq
MD5

5a168b6e219c2c9c1e3ddb49ed1ae340
SHA1

d9ad7a7472a88dd7a011dd571cda09048421f1af
SHA256

6e763900cb89d7c94f43a3fa96e2338f0ff56add159447853225e8ac9e4b7706
SHA512

a9c327bcda26a609d6e8d5fc276a7bd3b55e962e33dcfc85404c1d79e39237e917f3f7a63491c54ccadfed38e2b1121d649c09bd8fea05cb91787847804d08f5
SSDEEP

49152:PAt9zkdYt+66s1CRsMG1LxcsN/exbpLH5Cfizr32Ed3yQs1CRMt+6g:ITzIYQ+1CRXG1Lxd/ephZ9zrTd3u1CRT

Score

7^/10

adware discovery execution spyware stealer upx

Malware Config

Targets

- Target
  
  5a168b6e219c2c9c1e3ddb49ed1ae340_JaffaCakes118
- Size
  
  1.9MB
- MD5
  
  5a168b6e219c2c9c1e3ddb49ed1ae340
- SHA1
  
  d9ad7a7472a88dd7a011dd571cda09048421f1af
- SHA256
  
  6e763900cb89d7c94f43a3fa96e2338f0ff56add159447853225e8ac9e4b7706
- SHA512
  
  a9c327bcda26a609d6e8d5fc276a7bd3b55e962e33dcfc85404c1d79e39237e917f3f7a63491c54ccadfed38e2b1121d649c09bd8fea05cb91787847804d08f5
- SSDEEP
  
  49152:PAt9zkdYt+66s1CRsMG1LxcsN/exbpLH5Cfizr32Ed3yQs1CRMt+6g:ITzIYQ+1CRXG1Lxd/ephZ9zrTd3u1CRT
Score

7^/10

adware discovery spyware stealer upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2
- Target
  
  background.html
- Size
  
  2KB
- MD5
  
  b7d357be8cc4c11c58c93d6fd7999527
- SHA1
  
  2a86f49e41d1ae1c942efc3abe7a740def252d4e
- SHA256
  
  ac6e1a6a03b8e6c7565c0d0b856f9882ddf6a05fc9a1c0d6f8523e53aba7c403
- SHA512
  
  6e23c3dfb7cac97385d92b1e312e8bd3c7a534fb2de9a104de612cc9a6a479f977e77ab9c4f3ef628a69259db0e23d8daa9bb0890454a78278c9fdcf33ba213f
Score

1^/10
behavioral3 behavioral4
- Target
  
  background.js
- Size
  
  12KB
- MD5
  
  f2bee04a4b392400cc70dd997429ef78
- SHA1
  
  87ed1ee2adcf041d6378680b534982d3d0df95e1
- SHA256
  
  ef368ab22ef7ad41383ab04fabbc964f9ced5b7cb9dc5d706734b5f409f34e11
- SHA512
  
  44e4664c7555083eaf80e32ce94dbf8463583cadae93d0da25df242821c82badfbd120f495d469e756df0e5195bc147aae1735d108c9d4d04c8587bb5f996ba9
- SSDEEP
  
  192:CrXlfXpNxZy9fDPgrKveB7Q3IKCNqt+k8ussuPaOm3chAdyonLLFVPutjPKGxgUb:C0hDIHYCgnjssuCXeSLFVPulPPxgUiG
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  extension.js
- Size
  
  7KB
- MD5
  
  f1e13daf714637647aca5ec518ce96d4
- SHA1
  
  abaf3024430a7bc35c5e321776e7009e7f6bab27
- SHA256
  
  10679736358b9dbf38a4fc53b61b334639168c3a211e743a2a0252da6a654c5d
- SHA512
  
  de2c3f926d7928912f505da57505b695c343c187d1a21068c923ce5e6d00a090fccdf5c29167e3b25b0eda788b9ad7c84ac578132738e16914a4335747ebcde6
- SSDEEP
  
  192:f6A54AcMMKfxCFpJEAEEktqITQLCfa18nnrakHTbh3Y18Oxy1clGx0X:fffcMMKfxCFecwnuwTbh3Y18PeGQ
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  js/api/chrome.js
- Size
  
  2KB
- MD5
  
  8f98ee39c34e3218067b669f9311b0e6
- SHA1
  
  e5839e98202cc2a5fee75bfe58d5a38940213db2
- SHA256
  
  a81ee4ba74e932c2b7b73eef065840ba142b00f18663a2e8f8e2b5252e9bae61
- SHA512
  
  2c1f5ed2e0f20b0ae29254bc4d0ddaee459dae84e4326f680f4e55243892767ed9e4cfbb3d1bff87f580e57edda1799d7f58495bf76a984394552c05573b14b2
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  js/api/cookie.js
- Size
  
  3KB
- MD5
  
  d34233c7039a88311d7383704be5ec22
- SHA1
  
  6fec28b10082907ffc954ed79f4053508ed433dc
- SHA256
  
  29419599c3f50c1b1033b65f9f8caf6d3b2444fa3713e03f5d404c291daebae6
- SHA512
  
  8a8033361e1d1389fe51f73fe8f4c0fe08d3172a9ff6677a313ae688157e5c4441077972d3f4b73a80b2e61d52e8ecff72019d9702fa861daeec075722747290
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  js/api/message.js
- Size
  
  1KB
- MD5
  
  81a0d3d8480782acc7cc54a1c92cddc9
- SHA1
  
  0e3b23a5c515818cbc27c5a310894e7662506bda
- SHA256
  
  8fc214c928f3cdda45b558bd41a275c580a8985d2688dbc0382fdfd339b1ea37
- SHA512
  
  7c2b1205b18c3888c8ab395b5052ef2890091f80fbced1b2217e1402994b4c4431e557856231269a501c412f9461b6a76d65aad2bcd883f10615288a7b574214
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  js/api/push.js
- Size
  
  1KB
- MD5
  
  256714f754773b5e970dd5e2d5e3c605
- SHA1
  
  ede01916854e04da38d34393fd2ba6eb9d91ccfd
- SHA256
  
  fa4b7e891c021e9e15692d5042d6a7678958c623904c6e053a3efc1ff705cff1
- SHA512
  
  6d2c433c84e3805137159e558bf73804fa81b54b64fe6ae4ffdde12231b5c1b27303370ac383503ce82ae5a62247aced515178ec4ab50e8d6a7735dc68d73ca0
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  js/background.js
- Size
  
  30KB
- MD5
  
  3a95fba0d866e55be5cbd9afffbd59b1
- SHA1
  
  04e66d78b0adc1710fdaa9355448490e61342174
- SHA256
  
  1f4ddad1a8948f4122f531de5e93a9fcad85d28c06cc864e1b1e51475802ab2d
- SHA512
  
  0aaa1beb17795437c7a285898cf6a7d5417d6bd997b1ee576db4bc5d74ea64ed185fb75c7d66211368589010d201630e0540bede448dd00fbe6bfc0d81f10731
- SSDEEP
  
  384:HjMzVKz2zV0riR5AZR4EmSlylx3YObINbtf/SvylM6Sdbs1rhMwkiyA:HjEVw2zew5ORHlylxHbEasQbfpPA
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  js/lib/app_api.js
- Size
  
  4KB
- MD5
  
  5121628e1dfe945e453e65a7a60164d7
- SHA1
  
  e1e304bbb9ebb822f937cb0751202be3ad2f41b1
- SHA256
  
  98251dd640bfebfb3d2ecb7a56079fc22a71d76b302586985b8cc8b1949fb293
- SHA512
  
  7e20aaf20182f2f99fba8e0ba5aaaa3066e38709d4e6435953876929dea0e00661a084ca54585409090c3a498333820d9a0f242188ab383048a112dd91f06f24
- SSDEEP
  
  96:9DWBKTOG2rL0D6cZEqZuWSxSqKRWyMMRwD:NWBKTONw6LVWSxSqyMDD
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  js/lib/async_api.js
- Size
  
  2KB
- MD5
  
  63e99370260fe9e6f95f4c6b31abe9ae
- SHA1
  
  84deeb5ad34c7040523c57e5566056952ade226e
- SHA256
  
  25ccaa210cd9d34aca63e0215fc311faa703ad8647dabc05d5ca901de075f466
- SHA512
  
  6ae8b8c1c974348039c106f5786414c8273fca6c59799886695bf9ccc41b4127233f8b5cfc132847106078213b8112802b3b9f36de16ab4b2a25777af3f2d5fc
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  js/lib/bg_app_api.js
- Size
  
  1KB
- MD5
  
  f55c415e70631695b28fdc1a0ea7b932
- SHA1
  
  f9a43480e9eb71dec7b1a5331fa00ed99b716efd
- SHA256
  
  3bc5a149987dae560a5bd77412740c0eb3b4b13ea3ec9e93e79980956d0bcc8c
- SHA512
  
  ffcabefbbd450b004321ca3ebcf2efb675cb637ff27d5d7e5377ba70d716ee985c158077f70d50e90d6e6c960ecc9db3ca89e54edb5c554d80f53a1940b4b2fa
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  js/lib/cookie_store.js
- Size
  
  3KB
- MD5
  
  f8e85bffa7c33a56d88e9ca20be19fdf
- SHA1
  
  abd5932a14e1ec308329d23415c51c13d9d3e284
- SHA256
  
  92bbbb49ebbf9647980841fa3bf3605b7f0b1995088ad8501e3013b9cfa46d3e
- SHA512
  
  65a073b3793ce96f9a15782568773c7cf29a7d8a74919e14adfdce367b242de20613f25675966dc521b507836a12479fbde74c869691b30d51508498c0d50224
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  js/lib/data_store.js
- Size
  
  5KB
- MD5
  
  3b9c7c9afda0fa6e1de453425a8bde97
- SHA1
  
  1d9d16fe45f61cb9045ca9250d90d6aeb1f551da
- SHA256
  
  56768c110f874e8a4145e0b0edb43c97640ffb592730bd8f54af3c7a07bcf22f
- SHA512
  
  860780940a0caf5fbb8afceb820c6b49f7372245135e2c2fe3a6433e83d46645121570f3130c95abcf6a5395d44cefc97ecb07df077556195ead73a4f29f3dfa
- SSDEEP
  
  96:zjuo9efZ4ZeZFVpL0VUDyx/Yx2Up0kCRf8vpXzLZcGD86:zb9g4YyxTUpXR5z9pD86
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  js/lib/faye-browser-min.js
- Size
  
  22KB
- MD5
  
  414c41ba53c3be4ad03f86665d3009e3
- SHA1
  
  0805a60a7c0f3e2448b51ccf44744a2670cffbce
- SHA256
  
  2d924bda660d5dcd5209de04454c16ae76a43cc37ccf448e10929a1f5462de2b
- SHA512
  
  97ce7d4584124310628fc9681c55229a1c705b232faf527a68d01bcca38778496a4509ebc7a63d0b532fcb9dcf21db32fef9328dc8a0e422fbb100887b4506a2
- SSDEEP
  
  384:GLTLVN6xcKAQpecdyCaSXt7wc4ch8h3vGleECZrTESq:GLn5Kxd5SckfGleECFbq
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  js/lib/util.js
- Size
  
  1KB
- MD5
  
  71e7320b03281f56baf47aad5774d6f4
- SHA1
  
  80b952249df45a4b7f1f5bb771639ea87f052483
- SHA256
  
  c2089db233311f0fd2b031edecfebe901193ffc2694b099bc720b8f0bbb3d3c3
- SHA512
  
  4fee6a88ea389357e27fcdbb940b5f8229b1a34c4327ff41cba76eac15f39269330767b1129c1062cf33f23192ddcf56364798457f094c0113fc421ec8f008e8
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoveryspywarestealerupx

behavioral2

adwarediscoveryspywarestealerupx

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32