ced3a5d2fe45bdf9ee7a95ad64ca5034e5a23bbca315889c7f2041c4e0a973fc | Triage

Sharing

General

Target

724a832967b6f8fcd21bc43a1927e969_JaffaCakes118
Size

1.5MB
Sample

240726-c5ybpsvang
MD5

724a832967b6f8fcd21bc43a1927e969
SHA1

6c985edae5ddb648428ec09a13e4070e10e9e049
SHA256

ced3a5d2fe45bdf9ee7a95ad64ca5034e5a23bbca315889c7f2041c4e0a973fc
SHA512

f0f851efc64c83a9dc52d454d2fe6bc881dee7c544b149903d9429fc52d270dc91a4605d0489fe482544261861ecf3c6854e9ed9cdf10d0945606a7501c2f9e2
SSDEEP

24576:oGiT9MV7CCLSvhWZtGRbCr7EpmACmacCZ0ClEtgcR6i1G3SZrbAQ39xKRsyVDgNd:GT9MvOvQO+r7nAGZ0iYX6nSVFXByVgNd

Score

7^/10

discovery spyware stealer upx

Malware Config

Targets

- Target
  
  724a832967b6f8fcd21bc43a1927e969_JaffaCakes118
- Size
  
  1.5MB
- MD5
  
  724a832967b6f8fcd21bc43a1927e969
- SHA1
  
  6c985edae5ddb648428ec09a13e4070e10e9e049
- SHA256
  
  ced3a5d2fe45bdf9ee7a95ad64ca5034e5a23bbca315889c7f2041c4e0a973fc
- SHA512
  
  f0f851efc64c83a9dc52d454d2fe6bc881dee7c544b149903d9429fc52d270dc91a4605d0489fe482544261861ecf3c6854e9ed9cdf10d0945606a7501c2f9e2
- SSDEEP
  
  24576:oGiT9MV7CCLSvhWZtGRbCr7EpmACmacCZ0ClEtgcR6i1G3SZrbAQ39xKRsyVDgNd:GT9MvOvQO+r7nAGZ0iYX6nSVFXByVgNd
Score

7^/10

discovery spyware stealer upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $TEMP/TeamViewer/Version4/TeamViewer_.exe
- Size
  
  1.4MB
- MD5
  
  76d48872ed7b15e077120498d3ac3f07
- SHA1
  
  523a7528e1e2e58cc224aa974456969f8f91a820
- SHA256
  
  5cd3660829c4b3d8f7fafdb93c8b82c11198f6910662c09c92f65ac6035df7d1
- SHA512
  
  c3365c86aa5f5a171f2289eb3ee1f00368451553ccda9052e229cff35c94859c5dacd5d88a36d994c52c4b73502d7654b5dc0994c75437b1569d472fb229b8b3
- SSDEEP
  
  24576:eiT9MV7CCLSvhWZtGRbCr7EpmACmacCZ0ClEtgcR6i1G3SZrbAQ39xKRsyVDgNMy:7T9MvOvQO+r7nAGZ0iYX6nSVFXByVgN1
Score

7^/10

discovery spyware stealer upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/Base64.dll
- Size
  
  456KB
- MD5
  
  9459a28dbb2752d59eaa8fbb5cf8c982
- SHA1
  
  4ad7eb230cf6d05df967037225fa19dd385bf7cb
- SHA256
  
  4688dcd01db816485a770cb8fc047fef9a408f3dbec5a2c83752fee115ce6963
- SHA512
  
  7dff6414f4215aa4c7a168158b4ac5dd422c7dd35c6af58bce658c6bf9bf5a3545a5ee0db5f5d47a17c7ae53cb54551b98b492137e36c73e684b2041d775cd97
- SSDEEP
  
  6144:NbK5zygAJ/kzt5KdaoOj4uhorVoK9omsgL204E0bm+J7iOi6rG:5KlnAJ/CtkgPlSVoVgLYbxJ7iOi
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/GetVersion.dll
- Size
  
  5KB
- MD5
  
  c6910d6e78c2e5f9d57d0bc6d8f6b736
- SHA1
  
  a395099062298b3f3c015359b227ca02a72c6e2c
- SHA256
  
  b2c32af2b0d75dfd08ae4e1ad7c5897957240b32bf7a16855d6a46512d272b9b
- SHA512
  
  4cd45b887ce5b7fecfd863cae83817465d7378cc9f5b50f5762d5f209c55a37257d94e91dea4c91c66f2c5bf22cdc1f5545eeef52a090f05cceeedf59bbd2a10
- SSDEEP
  
  48:SQQhmkBkC+LRYvRPyIPm/QtO1l3NSphgPNy6C3xNsbj51SBNE46AQubLQlI:eRBkTLSvRtC5SpSM6MxOnSBi46AQuP
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  12KB
- MD5
  
  cba76738860b6d501ce742d0a6f2fbd8
- SHA1
  
  c1b9987f56244d9e8c3a6e2e52d2446fef026496
- SHA256
  
  17bc8aa627f3d71a81f3f698ca7c2768138178b7875afee4fb8d6144fd91f9a1
- SHA512
  
  ab2460149e7034843cdb28b1203a0b2082ce9ddfc3d9d8c09994ef5f392ba62e7b6c4125c181489d6b02f1a9ef4eb408d366d6c5e98a552ea724f48566cd73b7
- SSDEEP
  
  384:axHcylos+6YH6raH8JzJJx7q6aVUkTTAo:axHcyOs+enlj7/aVUkTTAo
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  0b96e50e5fd9b241435cfec46600b5a7
- SHA1
  
  1f79688c6bdd78b4e1812b110fd16d27c59b32d5
- SHA256
  
  10841d8d0a0fa457a62be63af7e30e72ffaec265470dbe16c0d61cc5b111d1e6
- SHA512
  
  01a5884ce81a622f81da23c4075aef4cbe68d18471908bb6082ad98bfd002c8a6c2b8069d250df0320cde22ad76eedc14a5d9369b370c2012d58575720da48b7
- SSDEEP
  
  192:yO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1a7gMO:nKAFERdlxhGRYUzqZa7
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  15KB
- MD5
  
  f6864bd1708daa67dc0e47d5624e8938
- SHA1
  
  dfbb5a96f13ab36712349d7c56e2e7fc9ab73819
- SHA256
  
  2bc962a7f596a0c0a40bf3c3dfcf77c4e8dfc49830115e636b720ab68094606b
- SHA512
  
  d935fb87b2ed6e668e80627f21d965df7b73dfbf47c33e02721f02cbab2c525c0f5a36eb2a84573af2fffe5db43ac8823079607b9b70bb2bf51b0df8195ff01b
- SSDEEP
  
  192:uMtWEALVfpLcBB5yoOINGaZYjWigGcr2fNxhRUNFd5dMAW5s+2oAw/8tox:xtpAL/G0zIBZqLlZUNXHMAW5BL/o
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  fcad39646b416b4c2e0ea259554c3ec1
- SHA1
  
  8cb881913d923de35e6e131c2329b20ce51fe84f
- SHA256
  
  bc3872dbafefc41db2191b11b7371e988736dc12c9913bead1aa953dd28ef62b
- SHA512
  
  d81e00ac4828cce4ada42d28845d91601a98a6647d7b4fabad23e45b1aa529297fc554771b8cf8e484525e91a58f892ba5836263a81d6c061a54801abf0beecf
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $TEMP/TeamViewer/Version4/SAS.exe
- Size
  
  53KB
- MD5
  
  bf3bcd752bdabfa1f1e84b7462738103
- SHA1
  
  34cb8ea7d47467cace271e03b7869f37b0ecb30a
- SHA256
  
  90fe790e189c384f2ab82958057f91fdf40888c2ed3c0471bd7b85d5b36c7810
- SHA512
  
  6d5362c4d354319845f4522e0d1132c32a6779efc4c013c8c7bd489fddf39cbb5dfb72b135487b660d156d7774e5be4acc03c3fcecdb6dabcfad12630a3f5955
- SSDEEP
  
  768:bA3C0RkYbVJEhDPCVbvv1l9OlKX8v8XAibCxHRgPjchVCK5EOahtZLXbdHa:c3CSb3E12VOp8Qi2xCP3KjytZ/dHa
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  $TEMP/TeamViewer/Version4/TV.dll
- Size
  
  64KB
- MD5
  
  4b030749eef3498b8efbaf2877a59fb5
- SHA1
  
  70d65a57582fa7145bcf7198e0751e5a3bfffcc5
- SHA256
  
  ee4f367a4074fa13d15eb17ae9e140d38b249959a29d6e4146c0577df2fed01b
- SHA512
  
  9a265c06a377bbcaba9b6b0e2752657701fd1fb82613d7ba520e4739108951d0059e1c8d7533a3e94928e5971a9d2fc575d3adc67f4ac768f844c63a5e11e8c7
- SSDEEP
  
  768:DwneoYqWGp6ja9akpdyRsi7Z3/HVtcM2:DJ+sIaIyP7FNtcM2
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  $TEMP/TeamViewer/Version4/TeamViewer.exe
- Size
  
  3.4MB
- MD5
  
  0337483f5fd42db82837d6927eb522e9
- SHA1
  
  9011557916c89e5a0571a95646a9374ad7c174fc
- SHA256
  
  5ea676632a55b195ad1a6a84cd6af24404482ef6357f73d77c76eb43f57e3845
- SHA512
  
  3477299ddf80b0a81d6236e4f111c236ee4c6fee4c9982d534be716d4794d86287582b12393ba9de0a67730642190706ee0f96cf11a67efedd88b7b4991d12be
- SSDEEP
  
  49152:sVSl5yAhOffG+diT/IfiX7CcLxYVfRi3PNNu+axk/jNjovY7icVJJ546C/otjy:UAhOf0c/yxYBRi3T7yvY/26CZ
Score

7^/10

discovery spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral21 behavioral22
- Target
  
  $TEMP/TeamViewer/Version4/TeamViewer_Service.exe
- Size
  
  181KB
- MD5
  
  82ea3814431d24fbc692f27ea67e176b
- SHA1
  
  0d0f1ee84a381728c65569e5ea3822b0c67fff3a
- SHA256
  
  9581cadfc5715729787b65d025d7fdeebaa9893b987a0dd3aeeb3db310ff9827
- SHA512
  
  d0c0a55506f1ae11e115d03b7ed76f918ce545e9e3efd11fa27a846182148e6031988a1056dde72dea921e732c9bd35d4b99a8192a40d87ff196c522f6d7a285
- SSDEEP
  
  1536:4EkQAbDmJCIemdRpF0l5cW1QJhXPB2dUoWeTj1UG+avo2Cv9wm/6PTulmI05W4qT:ecR/t/oWeTj11Y05W4NtTfA
Score

3^/10

discovery
behavioral23 behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealerupx

behavioral2

discoveryspywarestealerupx

behavioral3

discoveryspywarestealerupx

behavioral4

discoveryspywarestealerupx

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

discoveryspywarestealer

behavioral22

discoveryspywarestealer

behavioral23

behavioral24