eac446bbf4f95d4780ab8573d3775f98de6a1efe455b39f087eb16655395df50

Sharing

Copy URL

Twitter E-mail

General

Target

6fae566b41f9c53f1f4d137ff241aac6_JaffaCakes118
Size

5.7MB
Sample

240725-p9k86azdrl
MD5

6fae566b41f9c53f1f4d137ff241aac6
SHA1

85203ff23317aa2df37ebbad2b7e08f9eef311b4
SHA256

eac446bbf4f95d4780ab8573d3775f98de6a1efe455b39f087eb16655395df50
SHA512

3a870f36e8384e72f17fc5504e4a46786fb0b0dcdde019f8764e0dfccf665e59fc319dda7c7d52a943de97bd2d9262a561cf5c33bf16c1cad84ae5c708bb71d3
SSDEEP

98304:/3af73bE2Q1V/37Gn4i0Y4bhuApBTR8pmiuflVmR6hqfBBMytuAsw/j1zd:/3i3bg/3CnL0/d8IQ6h6uccMjBd

Score

7^/10

Malware Config

Targets

- Target
  
  6fae566b41f9c53f1f4d137ff241aac6_JaffaCakes118
- Size
  
  5.7MB
- MD5
  
  6fae566b41f9c53f1f4d137ff241aac6
- SHA1
  
  85203ff23317aa2df37ebbad2b7e08f9eef311b4
- SHA256
  
  eac446bbf4f95d4780ab8573d3775f98de6a1efe455b39f087eb16655395df50
- SHA512
  
  3a870f36e8384e72f17fc5504e4a46786fb0b0dcdde019f8764e0dfccf665e59fc319dda7c7d52a943de97bd2d9262a561cf5c33bf16c1cad84ae5c708bb71d3
- SSDEEP
  
  98304:/3af73bE2Q1V/37Gn4i0Y4bhuApBTR8pmiuflVmR6hqfBBMytuAsw/j1zd:/3i3bg/3CnL0/d8IQ6h6uccMjBd
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  mcffplg.dll
- Size
  
  93KB
- MD5
  
  f92d6f4d91121d89e5ac05e7c593de73
- SHA1
  
  b67e3af243219c2c5162d12a67ea4e489880087f
- SHA256
  
  bdcd747b9d245e2a2990028419e7cca13cef4ad6529d28f749a1c933873d3606
- SHA512
  
  754af7b4f02371f4597b2eb53b76d51765f449211b9d6160cf7ec3602f2adfb3d1e62308fb98ee261a3d50c53437c716243d83336104255214434c52dc35b862
- SSDEEP
  
  1536:AQ8Jam86LCo8gxUNKHBSxyhiBLPeDc0kNASVy7dsvhxH5dJgbVa24:Gd5LCojuK3RcyxsZxH5dJgE
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  saffplg.js
- Size
  
  21KB
- MD5
  
  086492595f3f8499b23e551ffedbde72
- SHA1
  
  86dfca022b381470eb6f33ae699488cdfdc3c4a2
- SHA256
  
  1fd5d1458ffda14f689530237aee6e17663ade3d6fee8eee18fc8e0771965a55
- SHA512
  
  13ac9074a1dbec59cdc8244254b46e03a432327b6c0b5ea2083a07b516486cbe6e83bdc926280665f81b70cdfad1d1bf02b23b229f65595e92960512417de5c5
- SSDEEP
  
  192:OGGRhO8URTZjJLhkDLS45oStRW8bqdoE4VS6/KeCCXx8rdps:dAz7W82SE4V1SeFww
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  mcieplg.dll
- Size
  
  146KB
- MD5
  
  4428fa80c5ac5d0c8f764207e651b65e
- SHA1
  
  228946e860eb7632ce405685b6b49f9800caa323
- SHA256
  
  db51e34a3584db58921646283594acb4cdf7fd54eaadf9f648afa8092db6d0d9
- SHA512
  
  4eb7af0e184fb74f514d662e3c55326e7949ddad6612b243871709983a5cff6dd2abf41b7aa96d7d7d6a2ea19802dfea9cf6f61de70307a2704789f3a1de89b5
- SSDEEP
  
  3072:PbBzatXdlWWIJpSaJxknC6QteNFKQCdB5pYMl:DBYWWMwCLtIKQCddj
Score

6^/10

adware discovery stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral7 behavioral8
- Target
  
  x64/mcieplg.dll
- Size
  
  195KB
- MD5
  
  86da25bfc5d1094755f31d54aa41e85e
- SHA1
  
  542900d98fe53e739af61e0680198ca0d28521e3
- SHA256
  
  06a6d77b686fad1925f29f06f36bd1ead7389b3dbd3bb7707db2d30d47c3af5d
- SHA512
  
  cd347204470e13720315991b8af400119bb3524e459b055176e2f073af42b8b1eb1bd899e67ea3f528f33abb1fccfbc0d82c15da44a45a405d8a94ca93f4b80a
- SSDEEP
  
  3072:71wfYylR1s/isFssMD6f0lanFxXFgIVyh/IdBTldzId4XegmaCF5ucG0rK:71+H1s/I2f0laiMy5IBZ6Fmclu
Score

7^/10

adware persistence privilege_escalation stealer
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral10 behavioral9
- Target
  
  $TEMP/$_0_ /mcinst.exe
- Size
  
  307KB
- MD5
  
  23b956cb2a60d49ef2ed9ab69e3882cf
- SHA1
  
  51b77092db706d4f1431c1ab465382aadb434917
- SHA256
  
  05d81cf175981e93cc01a91db56d34c3eb00490290e67aa654ad09b6fbaa7b28
- SHA512
  
  5de45e0ebe9698d40e08fc3aa6b133b825da65b6080965b4105fe24d4321dbeb6e0939e876aa8018a3eeb7e38e4b6788d02170ac20471bada20b00860ea11ffa
- SSDEEP
  
  6144:IA6rRQ5ky441Yw7q/Y4EODKZUYWGkpOxQDUAW:j6V+Nzl3O+ZUYinUAW
Score

1^/10
behavioral11 behavioral12
- Target
  
  $TEMP/$_0_ /mcplgui.dll
- Size
  
  166KB
- MD5
  
  82a1a97820f29ff3cb3eb7eb9ecf86a9
- SHA1
  
  80e364bf127a24f170406a1cd7fa86eb597a9081
- SHA256
  
  7a45f37ebff001c94c2530e48b2b3c0697d1bac8fe30d89391a0a6cde2c1cec5
- SHA512
  
  a74c1aa9e90d0f8d0d6eee1936068868ce60f794a31f58988759eef3ece6f79fd0787deee8c86c8e88663d51202c5e23aba2af4eddfef5307dd128bb5c5e0a3f
- SSDEEP
  
  1536:/ZvvEFq8qS5hTMC5Lh1+OdDN3izA5+ELMO9/H8dkePlG7r7Z/N3hPiRa52KkbRMe:/iFx5hbNh1+OdDQQ+RXPlY9NhP/52dbL
Score

1^/10
behavioral13 behavioral14
- Target
  
  $TEMP/$_0_ /mcsacins.dll
- Size
  
  14KB
- MD5
  
  6ec43c7aad960d572b30effeef009b7c
- SHA1
  
  7c09bf4ee91bf53ee07358fa7a2e2873d6dab86b
- SHA256
  
  8ad8e02cf298fcc5210affd91b0cb6bd070180f5f0d78295b953bbf81ea8bc21
- SHA512
  
  259f9f7ef35e504775dd788ff0de6762a1372f1940a96c4c99073b5e7423763e7054fe8b76e6d1a393b699a19b47cca8bd03ceeecd5e49f22c6c441dbe6794ca
- SSDEEP
  
  192:816m+BGSJa9vPWdRUkgCZpokYR8yowJL/aMjGwP7ktM3oCU+ebMmDZgjlJMobc:7Bvu3WdpZpoX6YJLWqmb36jbc
Score

1^/10
behavioral15 behavioral16
- Target
  
  mcsacins.dll
- Size
  
  14KB
- MD5
  
  6ec43c7aad960d572b30effeef009b7c
- SHA1
  
  7c09bf4ee91bf53ee07358fa7a2e2873d6dab86b
- SHA256
  
  8ad8e02cf298fcc5210affd91b0cb6bd070180f5f0d78295b953bbf81ea8bc21
- SHA512
  
  259f9f7ef35e504775dd788ff0de6762a1372f1940a96c4c99073b5e7423763e7054fe8b76e6d1a393b699a19b47cca8bd03ceeecd5e49f22c6c441dbe6794ca
- SSDEEP
  
  192:816m+BGSJa9vPWdRUkgCZpokYR8yowJL/aMjGwP7ktM3oCU+ebMmDZgjlJMobc:7Bvu3WdpZpoX6YJLWqmb36jbc
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  saInst.exe
- Size
  
  122KB
- MD5
  
  f20017a9a655ca3604313cd982ffbce3
- SHA1
  
  ea40699e63a79ad12aad962bd6d0ad38b3abf664
- SHA256
  
  0b4be27c06c0a1a11a49ca9cc7b04b26a9b88dc80cfd9e38ae6cbe2a9398b3ba
- SHA512
  
  a1307150f2df5dfa93b7b62f7f25ec6ea7a8dbea8a9fe62a64703a4f05f8e928a9859a7a9cc2d48280e428cb66067175488fdd2eac5cfd5e18d668b08574829d
- SSDEEP
  
  1536:qYzYs5OVQPt/GAbmVPil2rbk1rjjCs9oYOwvjOg/+aNXto6LnXkXQXRZaca2C:dMeOVQPQZbbe3G2Ojg/+aNXto6TUADG
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral19 behavioral20
- Target
  
  $TEMP/$_0_ /saInst.exe
- Size
  
  122KB
- MD5
  
  f20017a9a655ca3604313cd982ffbce3
- SHA1
  
  ea40699e63a79ad12aad962bd6d0ad38b3abf664
- SHA256
  
  0b4be27c06c0a1a11a49ca9cc7b04b26a9b88dc80cfd9e38ae6cbe2a9398b3ba
- SHA512
  
  a1307150f2df5dfa93b7b62f7f25ec6ea7a8dbea8a9fe62a64703a4f05f8e928a9859a7a9cc2d48280e428cb66067175488fdd2eac5cfd5e18d668b08574829d
- SSDEEP
  
  1536:qYzYs5OVQPt/GAbmVPil2rbk1rjjCs9oYOwvjOg/+aNXto6LnXkXQXRZaca2C:dMeOVQPQZbbe3G2Ojg/+aNXto6TUADG
Score

1^/10
behavioral21 behavioral22
- Target
  
  mcbrwctl.dll
- Size
  
  277KB
- MD5
  
  fed0a7cda9fed47ecb28a664f44016e5
- SHA1
  
  fd5598d236b06be328b719f87f7a890a86d7a32a
- SHA256
  
  9130f10a4f486d92acbb6080a0c39c82abd88c32a52f51e621d7b7abe6021f0c
- SHA512
  
  2dcf49bd617482d8ec6aa975c295a2c9cfde11f23c5db10e570cb60c1f18191fbdde7189386f5d2a516b11c7cf090ebe7d87f4ba717f50b46ba8ed8c05fbf6d1
- SSDEEP
  
  3072:PF9oFc3EQY0rRXV74nrhRN5S6J93HdVPq2swF39mtl/lswJaMd+G721TEoKFbtu2:E3OrT74n/SsEwrm7/SP7MYVicG
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  mcsacore.exe
- Size
  
  205KB
- MD5
  
  2ed44415685945d691f5089cc33dd237
- SHA1
  
  e04cf48edf16f985864de91ceb917ccc863598e0
- SHA256
  
  0ebc8cd7f718d922af5ebec0a00339977fce76daaa86d708c945efaa4c8b7434
- SHA512
  
  e2d31e54c166e170839912bb8c205bfa52ffeed3c0b8ad47983c336759a5e4e23e8e5da8ffe1ae60edf5aed08cc0ccdd5bcacb199c0c8bbe0f811d1a2302b1bc
- SSDEEP
  
  3072:XOueiU9cKZSOJngvnHMvTAfabiITXyByr3FtWtLBYdtI7:euIMangvnHGhbi/yr3etLBYde
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  mcsacoreps.dll
- Size
  
  55KB
- MD5
  
  78a8104c1b4d817db074ea6d8e211f6b
- SHA1
  
  eaf8e9f2059bd04eb5438270cb2583565c404e5f
- SHA256
  
  c19e9ca1933817108cdbe28f09807fe52e05f02b97fbd30655e02a4518737b0b
- SHA512
  
  6b26ba73c03dbd92cf74de153c038a96a2831901c60c0a7f78122d8ffd370a4bf531a99ead75e948d6e8b2a0852535bd960e977ed0f39cf2a7b912e5e4e9cff6
- SSDEEP
  
  768:kmaupygSA8gRew/u6whRp1PT+/PcjOYi9GdVtdFaw1L2b3mm:kmCdAH9GnRpJ+/Z9etdUCa2m
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  saupkeep.dll
- Size
  
  356KB
- MD5
  
  f105c75dd9526ae4495bb55bd248e6c0
- SHA1
  
  92d5a6b93d09de031958f87cf66a36fb799bc966
- SHA256
  
  53643e43aff3f9fcbf2d447f488bc8cec19f27eb750c8e2604a7a1aba5f43a4d
- SHA512
  
  c9e3e9711854cfdcb8721df3fb4a892c61edb25f30a932cba0e7af1d900ab8ae2b66004c8087033456a3dad9e2124ec3d10d975cd5240fe2f0979651c797ad59
- SSDEEP
  
  6144:azwSjuxYCOGgx64d41onO5TwKFSh+dryd:o4iCbgx3aSOB0+Nyd
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  uninstall.exe
- Size
  
  84KB
- MD5
  
  9e12062c4c7df5fb24177007b6d380ec
- SHA1
  
  49d05bd18aad27e20aa41728ed84957af904c663
- SHA256
  
  1c8a9cc40b12b6143d0e7fc6af047b249cc6f64d2e285828ecacaaae13f4823e
- SHA512
  
  2526518def3a74b87f9ff5282539adfaeb08f25b984a73fe3017a33fb1e0efe49680d3dbf79fecda09827db232e0ea74086d6a3a04dfcbb7021fb12fe0039a18
- SSDEEP
  
  1536:D2YsSD8GOuCMckanb+D272Re5MPZafmC2t4TtXLhia2e:KYspGOJnbtx5AC2t4TtXLhN
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Browser Extensions

T1176

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Installs/modifies Browser Helper Object

Event Triggered Execution: Component Object Model Hijacking

Installs/modifies Browser Helper Object

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32