7dbbe22946c2437845591d5bcbddcc550a8bb16c8dba01e13e34cd52f3fc7c36 | Triage

Sharing

General

Target

89e1f6e9b795cd02158986f8c7f9d43c_JaffaCakes118
Size

520KB
Sample

240811-lnn65stgpr
MD5

89e1f6e9b795cd02158986f8c7f9d43c
SHA1

1d536cb12ced40413652ee09aa3c624093375b60
SHA256

7dbbe22946c2437845591d5bcbddcc550a8bb16c8dba01e13e34cd52f3fc7c36
SHA512

c4642fc54955d08a913df567c0efdb6e8a76b1751a7572e9fc8e954fda93960b75859d26180dda6bad0f65760b6e699e71bc3a0fc86bdf47178ccdba8667116d
SSDEEP

12288:6t0LO3PwABt4c/uERQ0PF+4CZR9AYDqHpNJKABZBCnbs3dY:6tSO3PEIuERdMlZR9FDqJNJJBsr

Score

6^/10

adware discovery execution stealer

Malware Config

Targets

- Target
  
  89e1f6e9b795cd02158986f8c7f9d43c_JaffaCakes118
- Size
  
  520KB
- MD5
  
  89e1f6e9b795cd02158986f8c7f9d43c
- SHA1
  
  1d536cb12ced40413652ee09aa3c624093375b60
- SHA256
  
  7dbbe22946c2437845591d5bcbddcc550a8bb16c8dba01e13e34cd52f3fc7c36
- SHA512
  
  c4642fc54955d08a913df567c0efdb6e8a76b1751a7572e9fc8e954fda93960b75859d26180dda6bad0f65760b6e699e71bc3a0fc86bdf47178ccdba8667116d
- SSDEEP
  
  12288:6t0LO3PwABt4c/uERQ0PF+4CZR9AYDqHpNJKABZBCnbs3dY:6tSO3PEIuERdMlZR9FDqJNJJBsr
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/license.rtf
- Size
  
  193B
- MD5
  
  beea38d906aecb227da5df5ab302290c
- SHA1
  
  33f1c86ed87c49a39e0d4a2a8302d2b970947133
- SHA256
  
  c45a69c256f70d5643d61870210cb0f21bd22cc07189d58e74c060e27f9bc6f4
- SHA512
  
  f9f001ed3406718300b4312e975834d5a7408c0e8318a5bdfb9c0d8da7918481e0cdaac9832e6841de21e25f1ced38cc18e13f2f5f6dc64065df975fbf7bdb9e
Score

4^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  c10e04dd4ad4277d5adc951bb331c777
- SHA1
  
  b1e30808198a3ae6d6d1cca62df8893dc2a7ad43
- SHA256
  
  e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a
- SHA512
  
  853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e
- SSDEEP
  
  96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $TEMP/minibar.exe
- Size
  
  468KB
- MD5
  
  16095be07798719a78e3ea1bffa16598
- SHA1
  
  f3f534cd840381d5c882b50a2c7d29d48a567c02
- SHA256
  
  f036edda3c9b41ddaa2950e475f63b59183bc040eba436a7d369a46bf4304b63
- SHA512
  
  327cac6d56bb834adaa3ab953df093dea274da355ac5ba916170be9c99bf0b8348c0bbe83857b78162bcf409e719af2ecce9303bb435d7f20b1fd1367becb586
- SSDEEP
  
  12288:7Cog8XMjQnPzj+eKqsZ02ryZjVkI+EDBf6ZH1aH:7C7onPzj1sKTZj6I+ifUHS
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  acc2b699edfea5bf5aae45aba3a41e96
- SHA1
  
  d2accf4d494e43ceb2cff69abe4dd17147d29cc2
- SHA256
  
  168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e
- SHA512
  
  e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe
- SSDEEP
  
  96:M7GUb+YNfwgcr8zyKwZ5S4JxN8BS0ef9/3VI9d0qqyVgNk32E:eKgfwgcr8zylsB49Ud0qJVgNX
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  4KB
- MD5
  
  05450face243b3a7472407b999b03a72
- SHA1
  
  ffd88af2e338ae606c444390f7eaaf5f4aef2cd9
- SHA256
  
  95fe9d92512ff2318cc2520311ef9145b2cee01209ab0e1b6e45c7ce1d4d0e89
- SHA512
  
  f4cbe30166aff20a226a7150d93a876873ba699d80d7e9f46f32a9b4753fa7966c3113a3124340b39ca67a13205463a413e740e541e742903e3f89af5a53ad3b
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/nsUnzip.dll
- Size
  
  146KB
- MD5
  
  77a26c23948070dc012bba65e7f390aa
- SHA1
  
  7e112775770f9b3b24e2a238b5f7c66f8802e5d8
- SHA256
  
  4e4e429ecf1c49119a21c817899f64152b03b41b036fc1d92aee335043364c43
- SHA512
  
  2e7ffa4ed5c97f555e1b0d6f55ffcfd53cd28302fc77d95fdaea89e0b6b42e67e366331e52358e78e8266d079cc2ca3ea4c909197fb38a5b4c8151c7678d0065
- SSDEEP
  
  3072:3imoHcJg67rm+2X7jiYwJAmcxaw2VvnCNizd9XER4I6CAZJPtAY3:3I8Jlrm7SnjCNizdhER4I3kP3
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $PROGRAMFILES/Minibar/Froggy.dll
- Size
  
  121KB
- MD5
  
  dc54d75a1158c97495da0ef04582031b
- SHA1
  
  7c5e311c2d595e026dae31db892bf7b28caeab2d
- SHA256
  
  a2628956fd4c9f1cb3ab4154841f882cc734b9c8cb04c06edc9532beae9556af
- SHA512
  
  a2fb3dad8fcc593da0cb34ed4cfac14dc37cbd888f08596969c4d2d6f8a0dd44b18146977bf0c1b98b9014ba955822b3d4ba666a646834268baf496f2d3fa8b3
- SSDEEP
  
  3072:t4DtLxFjQ6mjO1E6oaMRn51YgT1j4u2oiD55rOC:0tLxO6IOia85pj4us
Score

6^/10

adware discovery stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral17 behavioral18
- Target
  
  $PROGRAMFILES/Minibar/Kango.dll
- Size
  
  330KB
- MD5
  
  160a97b232075ddb4a4b8eb268de3c56
- SHA1
  
  12aa3f8f0cfa74a5dcf907a251a2532c87f636d8
- SHA256
  
  efd5072ef5359a48f7a99e4ef90b4fd28cb57bf9b4dd876a11fd604976f70472
- SHA512
  
  c8c713538fde91738a621b0edc43e9153ec72e14ac1049bcd674d93bb2cec57f1ed03e6da420b68b2bf3c38d85b9dd79123b11fb87d6e6bb27f666dde55c8f0e
- SSDEEP
  
  6144:cA9JBm/Sdw1edsnGZX5ikypiMrcHqDuyRPYnMcaO6r:cA98Ew1edsnGZpvy8ocHqDLRPYyOG
Score

6^/10

adware discovery stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral19 behavioral20
- Target
  
  $PROGRAMFILES/Minibar/MinibarButton.dll
- Size
  
  200KB
- MD5
  
  170c930cb24585f4e2c7df0045ed55be
- SHA1
  
  af08a0c2d92000f874bebdf134464a17fdc9b359
- SHA256
  
  4c32a22fb3fbcbd258e3ab1fdebbb2a7f26d389104c11b5b49c1f22a92eff0ed
- SHA512
  
  5a70bcc904288e16d7a829aa8f1c631821783a73aae9e3054222aa27e24bfb527e6d593385be253b6777888fc5f3bce6967d087fcc80487fb76043cf545d3699
- SSDEEP
  
  3072:dVS4KUH8e89VUxblUe1f7FygHNzMR353oQEDLkUr1qxTwFw6K:vS4Sr2lUeHdMR3toQ0lUiFwf
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  $PROGRAMFILES/Minibar/kango-ui/browser_button.js
- Size
  
  339B
- MD5
  
  17be26d6fbf30b71d86c83b931dc170e
- SHA1
  
  b29b65d0d72ff500943ffca5f3971dcc33bff97f
- SHA256
  
  55257ad6accdea9db75830df8f2014d29dda9b52a938e509b0b4f8048c45b761
- SHA512
  
  594d6c720a2025618dea3e8401cd2293e8580fe01677c8107685f7bbd668dcc58c74585ef040ee39b4a59aa37d3b679bd36a66d6cb56663e753e1a4a287df3d2
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  $PROGRAMFILES/Minibar/kango-ui/commandbar_button.js
- Size
  
  2KB
- MD5
  
  a1ba97621f5f3970a2b368d3a2da7ff5
- SHA1
  
  c8682cabc21d7a126d78c0631c94df1f0c4b2407
- SHA256
  
  7d1ecf6126d53baa0e03970c6105ce9f9641934a6261de2b62026e00b1a61afc
- SHA512
  
  b4ceae5f851c5eaf3a6180ff2e97e7a23d9a585b1bae2c9b8ad6bae7c53c384fff8e205f5bbf59e8a3e75d524da81aaf42588a29d7401e3e9c27d9231282d7bd
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  $PROGRAMFILES/Minibar/kango-ui/ui.js
- Size
  
  1KB
- MD5
  
  c794edc4b73c825d12de0ea77503abba
- SHA1
  
  a43fd21b5c5760462af0e60293df782dc2510376
- SHA256
  
  72cf286896439cf41fff1621452a949463ae18715bb673558b1567a1e92f8cf4
- SHA512
  
  b4ca0a7e87f68242741743586f94c42c5c4d19e921c95fad0aa91d77bf3b234e2b925a0a91629efdb10500a1f0ef5c98cb4a8b6be339d8debf9cd6e7bc3e5a2c
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  $PROGRAMFILES/Minibar/kango/browser.js
- Size
  
  2KB
- MD5
  
  f8294877c760bfbed9f149568d9ccff3
- SHA1
  
  1a44816bd32bc4c9ffe0ccef52880482ca3b5543
- SHA256
  
  8a38111cc3876cda7a16d4b862954578d407a30f6152845fd87ddb65949bb03c
- SHA512
  
  2dc9bf55f5c5bd85644c845a9a8253f93408855bd08229d912be6981ee9b701db60d0146574340a978e2356e62b4de7b4941f630e4ade45db84f205db9f65647
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  $PROGRAMFILES/Minibar/kango/console.js
- Size
  
  627B
- MD5
  
  e92a1ca3bed1282f1c129b628d99dd89
- SHA1
  
  d6c17a5a5544e7b546417d3dc207519a377c3102
- SHA256
  
  de956d0f8a79e584ce32fe49208071bf3417c0cacfb5d5ef6be72e98e796e89a
- SHA512
  
  7494206de709032cc55989513a1562018fbb6b0c84653cdeb4dadc0f02e5558315edadfbb6bf5e419a21934ddbfd2ac307d49f3087d093e1c2b7ee66e1b5234b
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

adwarediscoverystealer

behavioral18

adwarediscoverystealer

behavioral19

adwarediscoverystealer

behavioral20

adwarediscoverystealer

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32