0c4a85431263ae8c6e92df33ad45505af6201ee32a23d71b331b72701ff15144

Sharing

Copy URL

Twitter E-mail

General

Target

81c5844d084530bc41aac73b0c65b89f_JaffaCakes118
Size

159KB
Sample

240801-z133qawfnn
MD5

81c5844d084530bc41aac73b0c65b89f
SHA1

62e02641aac12077ddc90795df04f260fe9f082c
SHA256

0c4a85431263ae8c6e92df33ad45505af6201ee32a23d71b331b72701ff15144
SHA512

c7e830f2a18fc64172e15f361077e29ac59fa380c3c3690593e3ea9d3cee8e4d4dbb75b67d80acf3e31ce49d1e7d8d2b4f96d7189e928486204d36027b96f599
SSDEEP

3072:zNyah0mJdiUJmMPPSsE51eKFWBnj7aboWB4QuJNIssdMg:zwlQmMPW8Bj7abVB49PIPGg

Score

7^/10

Malware Config

Targets

- Target
  
  81c5844d084530bc41aac73b0c65b89f_JaffaCakes118
- Size
  
  159KB
- MD5
  
  81c5844d084530bc41aac73b0c65b89f
- SHA1
  
  62e02641aac12077ddc90795df04f260fe9f082c
- SHA256
  
  0c4a85431263ae8c6e92df33ad45505af6201ee32a23d71b331b72701ff15144
- SHA512
  
  c7e830f2a18fc64172e15f361077e29ac59fa380c3c3690593e3ea9d3cee8e4d4dbb75b67d80acf3e31ce49d1e7d8d2b4f96d7189e928486204d36027b96f599
- SSDEEP
  
  3072:zNyah0mJdiUJmMPPSsE51eKFWBnj7aboWB4QuJNIssdMg:zwlQmMPW8Bj7abVB49PIPGg
Score

7^/10

adware discovery persistence stealer
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  14KB
- MD5
  
  2a2af69379ed269c61893e8146e18f52
- SHA1
  
  03264b45960d3f1fde4b031db47ab7a3f863713d
- SHA256
  
  e323b74c36dc52c2a3fbda49d998744cf64cab102f0d72796472ab55d2c784d4
- SHA512
  
  49388047397e33f1ed502bd0c5e61b98b33881f794fb52ca229db5b589af9ecb370e9043e2143dcb62cd9d00df6cacc89589734c83f9fda0ceb3f216c0bedeab
- SSDEEP
  
  192:i4lsN55M8r67wmsvJI5a299sfoG8I+WhPB3RY+h/G3DNl/qYcVp/122gszA:iysdM80dCI5a2LsQ5IlPNRY00AlAWU
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  82f7926fd7d12e3eb8ed7b5232bcf956
- SHA1
  
  6065fc921b742cc86c77ce2533fc1d17359eb45e
- SHA256
  
  604b5e75f43ffae8f172018cdd8f136392d9c52ae0c100d27ef537bb2dfb3984
- SHA512
  
  b31a63ebbda8f147c32d8336c5ecde8c5261ad5526b01926d7cd74b7a9a1348da56e180e53d20e1e300daca76f9511f24d6e695550b705b7650c239e5b6e76c7
- SSDEEP
  
  192:BGO6dJA/ruAFEiUdWWE6hsD4YUdJfbub1a8SgMO:pKAFERdlxhTYUzqZaV
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $SYSDIR/$SYSDIR/$_14_.exe
- Size
  
  70KB
- MD5
  
  feaa04bba26d82e47b364bf3fa492ba1
- SHA1
  
  295ef48964288a63236192c2ea439cfd61c4a7e8
- SHA256
  
  095e81583257ab1bba0d2634f7feb31ed004edd9d74908e46d7b5bb1e3e0ceca
- SHA512
  
  3c2d4efa692b8bb6fb3edf69ef7543a4f05af29ae91adfcc3858b18b980bc8129de41a56b00a8f16295aa4dc5255864cc81f4e06ce76ad86d8c3a8e001094fe3
- SSDEEP
  
  1536:zu4EQalMK/ewGnh0mJ6Mbi6oDCypeKFl0OyY:zNyah0mJ6M2B7nsY
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  271b5d1043c4402f08ddeae383f6979c
- SHA1
  
  2b88c58aa27bfb4979239579cd65d4c6c67a5295
- SHA256
  
  90485cb175686c3e97b32ebf99daa939c1a6f46e7031f71b72b81cd114fd5b51
- SHA512
  
  f8bd4b316726f05647162bb52a2aeb4a6cf5ee976fdb7817a3d25b868b83fb482c38d078f01d3a629afb0d6fa6ce409b2b3404398563137e22010074f529c11b
- SSDEEP
  
  192:i6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxT3K72dwF7dBdcQOz:i6JaVh4I5rpPbT3+BdhO
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  14KB
- MD5
  
  2a2af69379ed269c61893e8146e18f52
- SHA1
  
  03264b45960d3f1fde4b031db47ab7a3f863713d
- SHA256
  
  e323b74c36dc52c2a3fbda49d998744cf64cab102f0d72796472ab55d2c784d4
- SHA512
  
  49388047397e33f1ed502bd0c5e61b98b33881f794fb52ca229db5b589af9ecb370e9043e2143dcb62cd9d00df6cacc89589734c83f9fda0ceb3f216c0bedeab
- SSDEEP
  
  192:i4lsN55M8r67wmsvJI5a299sfoG8I+WhPB3RY+h/G3DNl/qYcVp/122gszA:iysdM80dCI5a2LsQ5IlPNRY00AlAWU
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/Processes.dll
- Size
  
  35KB
- MD5
  
  2cfba79d485cf441c646dd40d82490fc
- SHA1
  
  83e51ac1115a50986ed456bd18729653018b9619
- SHA256
  
  86b302fa9c85dfa0c1c03ba000864a928365dab571f3355347dba02da22949b7
- SHA512
  
  cca186a7f9c5cff3f4eca410fbe8cc13dad2514a7e36aec9b1addfbcb239ace9b9b2d8427771858e3fd11783abce7e24d43c286f98da9f8b17562ca095a4c043
- SSDEEP
  
  768:uxEiycFoaj/+WSiJfmjvab7L/cUf7IIlMLRF:uxEm7sgfmjy//cgdlM/
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  82f7926fd7d12e3eb8ed7b5232bcf956
- SHA1
  
  6065fc921b742cc86c77ce2533fc1d17359eb45e
- SHA256
  
  604b5e75f43ffae8f172018cdd8f136392d9c52ae0c100d27ef537bb2dfb3984
- SHA512
  
  b31a63ebbda8f147c32d8336c5ecde8c5261ad5526b01926d7cd74b7a9a1348da56e180e53d20e1e300daca76f9511f24d6e695550b705b7650c239e5b6e76c7
- SSDEEP
  
  192:BGO6dJA/ruAFEiUdWWE6hsD4YUdJfbub1a8SgMO:pKAFERdlxhTYUzqZaV
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $SYSDIR/$SYSDIR/$_8_.dll
- Size
  
  164KB
- MD5
  
  22c0ab59ddae9b1bb9a905ecf5f16021
- SHA1
  
  3e976a5abccb34372633b8d6427dd45a09395718
- SHA256
  
  15d4993534c019859c56589d11d3328ef731d94e566798d98322ddd5538115d9
- SHA512
  
  c4d075a748bda7e5f7b20c7a28db040f3400f5bbd4073102ad879f36c9cd9d11ffe05ee3fb11171e6a556b1a9e9d8a1621ad23804c8508dde54ff8bf5131cb0e
- SSDEEP
  
  3072:i76fbF8fwSshuMG6plp88yVFnuhnGnMzAmyQv5rD:i2bCfwSoG6lpSFmnGnG9
Score

6^/10

adware discovery persistence stealer
- Adds Run key to start application
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Installs/modifies Browser Helper Object

Drops file in System32 directory

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Installs/modifies Browser Helper Object

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18