ed863ad84b6756abb7bbc319f191e415302754222096d4742638a747d32bf6a5 | Triage

Sharing

General

Target

aa54f68350b8a0bac01e02bbe3805ae3_JaffaCakes118
Size

6.9MB
Sample

240819-kmt6bsvaja
MD5

aa54f68350b8a0bac01e02bbe3805ae3
SHA1

4792f087fa16b4ab28d33ae80ba82538a92befa7
SHA256

ed863ad84b6756abb7bbc319f191e415302754222096d4742638a747d32bf6a5
SHA512

daaa109757e9a98fe9fc7f6add83317fb383a7e69a2c08f698839d3280a9795cc5ca910dc0932cf92407905dd874c58dfb6a535c9b62ef9303f04255c498cdce
SSDEEP

98304:Bc+7DKcZOHu3fX/spy8LpDt/4HJM26g9WwVuiYuvqfBgkLL08QHFzPoqDStke/m6:LDKpuvXRYx4Hz67wNbya8L9elGuH6

Score

8^/10

adware discovery spyware stealer

Malware Config

Targets

- Target
  
  aa54f68350b8a0bac01e02bbe3805ae3_JaffaCakes118
- Size
  
  6.9MB
- MD5
  
  aa54f68350b8a0bac01e02bbe3805ae3
- SHA1
  
  4792f087fa16b4ab28d33ae80ba82538a92befa7
- SHA256
  
  ed863ad84b6756abb7bbc319f191e415302754222096d4742638a747d32bf6a5
- SHA512
  
  daaa109757e9a98fe9fc7f6add83317fb383a7e69a2c08f698839d3280a9795cc5ca910dc0932cf92407905dd874c58dfb6a535c9b62ef9303f04255c498cdce
- SSDEEP
  
  98304:Bc+7DKcZOHu3fX/spy8LpDt/4HJM26g9WwVuiYuvqfBgkLL08QHFzPoqDStke/m6:LDKpuvXRYx4Hz67wNbya8L9elGuH6
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/Gossiper.exe
- Size
  
  5.1MB
- MD5
  
  1c89e1b7b17c0ada4b6dfe347493a835
- SHA1
  
  1215b533ec5b67d23cd59551da50658b5d5e6288
- SHA256
  
  250d3b191f5a723fc9b045fbb9b89c747cade393d85705966f8cec58e6373a00
- SHA512
  
  1b9bcd900ed17e3441c9691c85483c5d82809c009da01ba74e8f6f8dd3da3d06fd0949f7d4fc6dcbbc3aeedb10d495e5699faa14b802ae4f5fad2167f35bf77a
- SSDEEP
  
  98304:LnREBoBGZxci3pItnmLufTzki76yvdvwwWcUCTivQI7qQ9l7f1FzbQt:LkoBGTNSQOzv5vccHT27TlvG
Score

8^/10

discovery adware spyware stealer
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  325b008aec81e5aaa57096f05d4212b5
- SHA1
  
  27a2d89747a20305b6518438eff5b9f57f7df5c3
- SHA256
  
  c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
- SHA512
  
  18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
- SSDEEP
  
  192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/inetc.dll
- Size
  
  20KB
- MD5
  
  e541458cfe66ef95ffbea40eaaa07289
- SHA1
  
  caec1233f841ee72004231a3027b13cdeb13274c
- SHA256
  
  3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420
- SHA512
  
  0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c
- SSDEEP
  
  384:b1JO6XgZkjxm+NpXaWgzxUX//EUhU7ya4LQ0Ac9khYLMkIX0+GBty3Sm0:b+6Xgsm+NpKWgzxUXnEUhUua4Li70
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $SYSDIR/SkinCrafter3_vs2005.dll
- Size
  
  564KB
- MD5
  
  b5acb37197211dc215907499bc105745
- SHA1
  
  9f49f51cd716de78439617a10dd640b7f8f3a669
- SHA256
  
  5aaa62566d7daba371fbf221f0d93402b6560ef6032e23aeab55cacb1462c8eb
- SHA512
  
  bed50c385a3c1535a855720c616eb8540cf49a8f36793a43874416b0882f27ed4dbf11340ddb48308f9a0933d53add24e0392af53e692af6337ba951d9fa93f1
- SSDEEP
  
  12288:aNWqllnRg3Fo8e+xYFvqgMiMtF+YJ6ihCT34g:aNEFk50xvMT34g
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  LimeWire Acceleration Tool.exe
- Size
  
  727KB
- MD5
  
  e0e5aae904f39bd4ce07e4c24f7feba1
- SHA1
  
  c50faab1fa2a3dc70db2f3b9b4298fbe84c879c0
- SHA256
  
  00c04a73b72a2992e5fa3a698af7a31325a68014222e8c17d48987a76f4e2d9c
- SHA512
  
  29acd5a70377e14d95ddee4afd2f0962d5cb63bbe5059de1f0bc12f580b0e9368a47ba65a1a1794238268e761967996631773009c980b92fcb3e90c552ffc429
- SSDEEP
  
  12288:3ogFl7toUTulioIdmVTnQzoaQ804Ifbqjb83OK/Ncz/3a1/km+8J:3ogxyIdmVaoaN7qOsOK/NczW/kgJ
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  UpdateApp.exe
- Size
  
  326KB
- MD5
  
  656db181de0a89379af136de3d651229
- SHA1
  
  83e57f44281f437e383445edcd5617a6bc17e2c8
- SHA256
  
  68b9cf08eebf53aeb82a4fba84805d0f7d1771b72f87bade2c4880d5cfb8fb0c
- SHA512
  
  c6d23a0c04cd4e03be5e3f120d9eefb0f4a664ba7994789007320e30c3e49cd6e4f59c656596a3e7c6d5abcd5494b04fdf1d079ed7245d42f23514f7b993a3d1
- SSDEEP
  
  3072:w5ZytBlrzu2WI0OHzHtBlrzu2WI0OHz6TytBlrzu2WI0OHz:w5knzu2WITnzu2WI3nzu2WI
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  gdiplus.dll
- Size
  
  1.6MB
- MD5
  
  d0aaae16ba162dd89d646887f1539855
- SHA1
  
  0a222f319b7712b861ef6adf0c38cc2c5a2790fa
- SHA256
  
  d84e7eb505adee8ea660f48c89705977f5eb33b7299d0bd981624e3ece320223
- SHA512
  
  6d7cf7b3a1dc0560791bc3db4fc836ad0f58b8b531c593d96a37bb77afa3ab7dd6bd4d66a97e37cde3443078eb189609d8d36119198c60ce6b74c1a093000769
- SSDEEP
  
  24576:i0CiGmsJ2LC4jJmNwP+6fBUAK8C0m1DQucWM9nul/SuyZfWPP90bTv6:i0K2L1Pjf2AKWmFcLulMZ9H
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  mfc80.dll
- Size
  
  1.1MB
- MD5
  
  1b7524806d0270b81360c63a2fa047cb
- SHA1
  
  d688d77f0caa897e6ec2ed2c789e77b48304701f
- SHA256
  
  ceef5aa7f9e6504bce15b72b29dbee6430370baa6a52f82cf4f2857568d11709
- SHA512
  
  b34539fbda2a2162efa2f6bb5a513d1bb002073fa63b3ff85aa3ade84a6b275e396893df5ab3a0a215cade1f068e2a0a1bbd8895595e31d5a0708b65acec8c73
- SSDEEP
  
  24576:Tp2G61fY62if0Vra3QSNhJK6hIAloY3XjrN/:TcGifY6tOaASNhJK6hPaG/R
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  packet.dll
- Size
  
  60KB
- MD5
  
  c123eb3439ae8ab13a971bb6f0515411
- SHA1
  
  3ffa02b544b90433e816136e3bbffad0ca19735c
- SHA256
  
  0b681d867089f44fd9c25a343b94b229b3d9db65d060c6c3767535a31e3eeee4
- SHA512
  
  99f91d83d43dd73b6737dbbbf4eebf045d9e6a3f2a690210c67f363fa734d1a60b8b306798950668f80762798f52c7c2cfb65260766bbc5aced65ef306fb7aa7
- SSDEEP
  
  768:ZPwRf6Bph61db4Ws71Ti/kZSC2pZplWsv9Q/OpKX:wZGr71TiYSCa4ilKX
Score

3^/10

discovery
behavioral21 behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

adwarediscoveryspywarestealer

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22