76557b0f1da2b21272c8a141ead19e15851bc8ab104c59f50e6651ebebfcf379 | Triage

Sharing

General

Target

b3cc763a76402e48178b277e21feb079_JaffaCakes118
Size

10.0MB
Sample

240821-rl2x4sshmh
MD5

b3cc763a76402e48178b277e21feb079
SHA1

e203fe02a0962b83f73895a1c03cbdac4a4953f8
SHA256

76557b0f1da2b21272c8a141ead19e15851bc8ab104c59f50e6651ebebfcf379
SHA512

4d448a4ead0e042d06d8b45a9c4c8c42522df6fb4b752e22b8b0876ac9c0eac924e30f9eb309422cdf81df5ffdfe18448f82da9f7bc97d2d863a7a8051f38a0c
SSDEEP

196608:UqvYPMj6hAXhmhSwkeUpuz3//Y1NvTdWBV36ZdtR6+fdnE7imhieu:paMjmYmhSbetIjTOK91nE7Rvu

Score

7^/10

discovery execution

Malware Config

Targets

- Target
  
  b3cc763a76402e48178b277e21feb079_JaffaCakes118
- Size
  
  10.0MB
- MD5
  
  b3cc763a76402e48178b277e21feb079
- SHA1
  
  e203fe02a0962b83f73895a1c03cbdac4a4953f8
- SHA256
  
  76557b0f1da2b21272c8a141ead19e15851bc8ab104c59f50e6651ebebfcf379
- SHA512
  
  4d448a4ead0e042d06d8b45a9c4c8c42522df6fb4b752e22b8b0876ac9c0eac924e30f9eb309422cdf81df5ffdfe18448f82da9f7bc97d2d863a7a8051f38a0c
- SSDEEP
  
  196608:UqvYPMj6hAXhmhSwkeUpuz3//Y1NvTdWBV36ZdtR6+fdnE7imhieu:paMjmYmhSbetIjTOK91nE7Rvu
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/firefox_plus.exe
- Size
  
  9.8MB
- MD5
  
  ba26cdeb3fd7f690ee82e9845c93fc40
- SHA1
  
  e68398de276f5e9af6df407c016a847543597405
- SHA256
  
  79d9047bb441a2880849d8e62410d463911dac4bad88393f004f2fa01715250d
- SHA512
  
  6041eb3576df60d633d91f4e10798cb4e96cb8a98172af52cdb32ab126f354a79414dfbe744102d948d467ce695eae5aeb84336ba562f66b5e62c1be94a0ec54
- SSDEEP
  
  196608:8vYPMj6hAXhmhSwkeUpuz3//Y1NvTdWBV36ZdtR6+fdnE7imhieS:iaMjmYmhSbetIjTOK91nE7RvS
Score

7^/10

discovery
- Loads dropped DLL
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  08c82a46416a5e2b471d457968f53816
- SHA1
  
  3e3897c20b9e89b279b4764a633f67955bf8f09a
- SHA256
  
  435baf3b7282c9110697a4916834ef9371dd29fae6b4cb8e19c19eb126562dc9
- SHA512
  
  91e2055b91d04b2348a923cb298ac6ba3637de5038dc4f849c4d2f1665d17de9cd6eb6a97d42d0f894d65348c8fd8e79cd61b667ea5a78e8960347e8cc8db81d
- SSDEEP
  
  384:PKlm7i+c3QW6ckPhyDEaLni2bbBBIXwZ:Sqi8BcyhEhLPbbTI
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  61151aff8c92ca17b3fab51ce1ca7156
- SHA1
  
  68a02015863c2877a20c27da45704028dbaa7eff
- SHA256
  
  af15ef6479e5ac5752d139d1c477ec02def9077df897dadc8297005b3fc4999d
- SHA512
  
  4f5c943b7058910dc635bdcfadfea1d369c3d645239d1a52b030c21f43aac8e76549e52fd28e38ba5341d32aefe3c090dd8377d9e105ad77f71ab8870d8e326e
- SSDEEP
  
  192:2OShJI/rmOAIPkWpUybQ9WhP4t5Rwc89XbubZaX5:n6OAOkWWycGP4XRwc2qFaX5
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $TEMP/Firefox/firefox_inst.dll
- Size
  
  44KB
- MD5
  
  30c96ef06b2d89ce7f32a0ab7e85017c
- SHA1
  
  5736361779aee705764d1b0bb8eb8a2f4c45da33
- SHA256
  
  e8513c2d35e821298b91e3226089ac66ab75e44c4c5afd436bac6f290e3fe843
- SHA512
  
  188aab49635e99831a99933dd55654dde107d7751b5612f9e27e7f2246aeedd6de0d6d8b0968fabdb253d9fb2a1745858e796bf6ac2091a6b0fd4df0142cefe1
- SSDEEP
  
  384:fF/KXi0O+rRTO2ZenG6CpPc7d1wZ8HkRUbqMOLVnuaIuNc4F8WiuWmQrXvcD4RUo:fP0XT3BpW1g8HDeMOLBuaIulXiYOEDW
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  content/cck/cck.js
- Size
  
  675B
- MD5
  
  97226c00be2d3f8cab7070976f3b75df
- SHA1
  
  2ff6671cf871934a2da68843a58af2460313d6f5
- SHA256
  
  a9861ba26a0100eef5f05b2e9c8bac4939f198b0885e95b655e258b863d5eea1
- SHA512
  
  12e338d20fea0cc73406dfb00c095231dfab65813d0f7b470d92af761dd1325fb7fe337731becaa59d310ec6b13b8b726c2ec4a6a3d3aa3f105d9fadd9846ed1
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  App/DefaultData/profile/extensions/[email protected]/components/cckService.js
- Size
  
  21KB
- MD5
  
  9a567eb500bc3da1bc1ca7e14965f48a
- SHA1
  
  a323d57af492c7913231b08336497ca084927ba1
- SHA256
  
  0c3cd47799fda2a417188ed5ebd5b5ab8712415d11e4b71c0565258e22cbc420
- SHA512
  
  dd0014e8b9f2b459fab060ef630ef21a57cee00e720f5e355a66ae2dbbc91caf7bfe1568fdf9a6b3a6bc6af43be4c02695c4de000a43ada28dea02b3992cc3a3
- SSDEEP
  
  384:r9yuIQ7xDZz8iIVhmZJ2NCJe1ovLEADP1eMgueBJOP+OFrYDx1eVKaI1U52gS3Tm:r9yurNDZz8iIVhmz2NRovLEADPPgkP+u
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  App/DefaultData/profile/extensions/[email protected]/defaults/preferences/firefox-cck.js
- Size
  
  592B
- MD5
  
  846a026075a6155b2fea079a1aca6397
- SHA1
  
  150fcf2cf69ce796f020bd77bae93479ddd377c9
- SHA256
  
  aaf7ab704dd92e5ebf6ed4911642dfbc5ec90bf53c3410037542aa4a570fa670
- SHA512
  
  b3313238399c19b3e17a1ba17823b364fa6033cb785044028f38c3f3e35a8bc870dd71fd080d16a6237fba57e96776b11c2779cdddad709dc8027aa502d73792
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  App/DefaultData/profile/extensions/[email protected]/install.js
- Size
  
  2KB
- MD5
  
  075a83bae27ce49c2560800ea53b151a
- SHA1
  
  17be193eceafab87c7935851a66d8f408792cb3d
- SHA256
  
  a9fd7e7f6a7953ad0c771f4d85710a528f50c0ad52128ed1ff94094e3c2a7823
- SHA512
  
  151304394a8c5539778bcc0c0d2e6b0990e335701febad7aa3e83fffaedf3b243f7c09804225c3b8c028476c7f93812fe790de985af85d53b96168ec25e77739
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  content/flashgot/DAP.cpp
- Size
  
  2KB
- MD5
  
  5ab5fbd317b5e5168583cb7fe17ce737
- SHA1
  
  a1b4a232b503926be5861a727de9dcfa1dcc815e
- SHA256
  
  bd1ed13793975158c4a789aa2ad118b2533333dd6d759b1a5e43a0a1d79077bd
- SHA512
  
  e2c40fccda2679a307464c6dd7d8510f1c9336424c4bf6610dcd0cc0792886f9054943aaf5f1a076820f68616cca21d04eff1f69188cacf6877029384470115b
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  content/flashgot/FlashGot.cpp
- Size
  
  35KB
- MD5
  
  2eebdf5867c0c9490969e22870133073
- SHA1
  
  8ab516de589df9ba32a209bfc113c0105687f570
- SHA256
  
  744067abbf7891168aa9d9bcdd12b067cae28419fbabab06af114f843464b75e
- SHA512
  
  eca170676bdeb2a1677bed0eb6f4acacda7fa18bac17a645e33f5536fc5219d2e2682b841818e122d40752444b18aacf180870df9d464dc82104879a140bf4da
- SSDEEP
  
  768:tDAQw6BxB83/AKAVB1FN52ifKqWbHC6X7cHjpelHzg7qqOXV:SQw6/B83/U1iF
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  content/flashgot/FlashGot.exe
- Size
  
  160KB
- MD5
  
  e0626cc25a5b6390d1446f0417355be8
- SHA1
  
  2670cf0839d74883baf701df74b20e3120b50139
- SHA256
  
  5b2223d8840a9e9f6018242f9f02f5130197f874a1e6b7c538f4a88e57b6119c
- SHA512
  
  5fe035421bcae969a2504a6783044d0936afaeae5da0d38469e47e1b1b3d6cc3a14bcd4786808dd9b82ecb61557391f7b570a5afbff859802d0ef69e9876f1d2
- SSDEEP
  
  3072:/1Z+H0SacDc6gmqmyaKPntz+iwWtKQapoatLH:/1Z+USDQhm/yaUtz+71vH
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  content/flashgot/filepickerOverlay.js
- Size
  
  1KB
- MD5
  
  931b96f5eceb834e3a2281b7c8c55199
- SHA1
  
  601b72e363ccee6c18c1279a710bd4f1dc0c149e
- SHA256
  
  f7744d7919667fabf7e582e9f19b9ea32bf53d99895a3194c272150d9753a671
- SHA512
  
  dc77314d9cf7b61857379484754d8814d0fcf58a0167484483a584cd0a80f95b39aa45d84abfa66de4f51a57f2421e8f2093f0894552f62473bc61c564509bfd
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  content/flashgot/flashgotCommon.js
- Size
  
  427B
- MD5
  
  f2405313b05a6ad2dae9e9b4f15929d3
- SHA1
  
  3bd9f01815a4d57403ec85e01d2a0068c332a157
- SHA256
  
  f090b39ec370d2217e5a2ae2667b6403d15e9e0124e70b8ddd215cf77607e075
- SHA512
  
  4134dc4cc1b11ed41db920ca1666924cbd7145f300b042f3d251252383e2aa0b91d1e22aeb20a94e89d678513b40aba6384c6f63792597ec4ae015f8d98dcf25
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  content/flashgot/flashgotDMOverlay.js
- Size
  
  6KB
- MD5
  
  a2f205e7925598d78079d41bee656d2f
- SHA1
  
  d327532e033ce2e1ef2d60eac8c380a8f77fa081
- SHA256
  
  896c3f8e88d6cb18ad83e6d43e91fd3affc582e9cc775ba82cf56074b8c987b9
- SHA512
  
  8a8928af838108d2c1f5227089678f186bc1bbe343dd7722f794d5ace57829c595ed7175e86d6c39f7e133b86c019933d05a72c3fda19f18d7623f1957efc24f
- SSDEEP
  
  192:xdcHPYrcBbEm886xaib93GMyf+haiFiKU22jnGbwhpLk:IHQrcBudF93GMVojG+A
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  content/flashgot/flashgotGalleryBuilder.js
- Size
  
  18KB
- MD5
  
  326aa1651c530847e972bb02e624ac7e
- SHA1
  
  4f6901ca91efd0fe2049097f31ff54477e34254c
- SHA256
  
  215a3dbb3f98f986226ab10a8aaea4595f28c950659f9186446b7ca6ca8a6183
- SHA512
  
  a2c1bad508bcd5c63eb20996be3da278ec99ec7a148c8c5fa1234e0c7536bbc9a607df16db9f2c394cbed3f6a10a5cd1bd537924576e2c3602da438d20e76eac
- SSDEEP
  
  384:PKEARGR+gUTbeKm/dGQmNc3XCFm99G1v/Qv3jgzD03XODyqxq:XYA+kmUbE/ny/
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32