fa027c15cf301bc64327eff17dc8290e09c8b6ce3cf6f07a604bf9c328334ceb

Sharing

Copy URL

Twitter E-mail

General

Target

cf1a7cecbefc3fc6abb7a8c9a8a56222_JaffaCakes118
Size

3.9MB
Sample

240906-kal9yswdjp
MD5

cf1a7cecbefc3fc6abb7a8c9a8a56222
SHA1

19e6e8b732e3d9d0e8192e52c31cb225804a27db
SHA256

fa027c15cf301bc64327eff17dc8290e09c8b6ce3cf6f07a604bf9c328334ceb
SHA512

6ee924e5d67e87ad851688213f79728031fc216904a797db8e6c3b6d07aed3150eea1cbcd5e53da7c95729a3b418988838006b636012aa51c7ef9096d3e73e5c
SSDEEP

98304:PK+gWFrKZxApUQT4mOcbRFCv/+hHpSMOVNy:PK+jKY1LBbTyNMOLy

Score

7^/10

Malware Config

Targets

- Target
  
  cf1a7cecbefc3fc6abb7a8c9a8a56222_JaffaCakes118
- Size
  
  3.9MB
- MD5
  
  cf1a7cecbefc3fc6abb7a8c9a8a56222
- SHA1
  
  19e6e8b732e3d9d0e8192e52c31cb225804a27db
- SHA256
  
  fa027c15cf301bc64327eff17dc8290e09c8b6ce3cf6f07a604bf9c328334ceb
- SHA512
  
  6ee924e5d67e87ad851688213f79728031fc216904a797db8e6c3b6d07aed3150eea1cbcd5e53da7c95729a3b418988838006b636012aa51c7ef9096d3e73e5c
- SSDEEP
  
  98304:PK+gWFrKZxApUQT4mOcbRFCv/+hHpSMOVNy:PK+jKY1LBbTyNMOLy
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  14KB
- MD5
  
  a5f8399a743ab7f9c88c645c35b1ebb5
- SHA1
  
  168f3c158913b0367bf79fa413357fbe97018191
- SHA256
  
  dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9
- SHA512
  
  824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977
- SSDEEP
  
  192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/STWSetup-IEFF.exe
- Size
  
  911KB
- MD5
  
  88ccc2784d4a560c1ae8e39ee2793e79
- SHA1
  
  c7b35961ba8907acb2b2713c7f4f028c6c69e98f
- SHA256
  
  ec679df15856afe81d254824e1efe9c31bf263116b6dbc95a7996342a12dc823
- SHA512
  
  0bb3c1538439f428fa54572982dc922e5ab418d19ae82d775ba52c3bbb3cfbf8f06de6664ee4edcb0610719f5b662430ef0bcf1801586f7a0438908598b36d61
- SSDEEP
  
  24576:TMjh5b3fJRsG2jPounorrZQ1lKUTH7MGbER/QH:msG2jPounorNQ1lKU/MGbEZQH
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  a4173b381625f9f12aadb4e1cdaefdb8
- SHA1
  
  cf1680c2bc970d5675adbf5e89292a97e6724713
- SHA256
  
  7755ff2707ca19344d489a5acec02d9e310425fa6e100d2f13025761676b875b
- SHA512
  
  fcac79d42862da6bdd3ecad9d887a975cdff2301a8322f321be58f754a26b27077b452faa4751bbd09cd3371b4afce65255fbbb443e2c93dd2cba0ba652f4a82
- SSDEEP
  
  96:2fiqP7bO2qHkAC40KhvSE+6nrxtMn0iGd88qRLqtJ1tbRhElfRx2:siqP7OHX1Q4xtcf8qo/ttgfRx2
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/WSInstaller.exe
- Size
  
  108KB
- MD5
  
  8966b7976be47a04b0cec6b40cd51282
- SHA1
  
  7e1e7b11544e7ed54a6df1e89d8b051b4856b246
- SHA256
  
  3b5eaa25c6f8de14ca21af058bda116fd1de1c4cc0daf65f81d9b9896c9f78d8
- SHA512
  
  514a72a71ccb5647ceb057a6eaae05d5a86e6ccb62eca1575caae93248d9c41a4a7fb287c68ff0203f023c34f480b49638f903ddfcf0453a7920318540850e9e
- SSDEEP
  
  3072:ZrQcVs55GReMIHFJhJ6uwouttbk6MG5vPIP9r:ZsnGAMIlLUuwoStbk6MG5v89r
Score

7^/10

discovery upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/WeCareSetup.exe
- Size
  
  1.9MB
- MD5
  
  d811e82d6bcd53ab7c60c59d82ba81c8
- SHA1
  
  b2821560debdd7898e884b038235bd8fe3030d0a
- SHA256
  
  c49533ccf494e50216f1d997508ea08660a63d186061cf780b762280b25a4176
- SHA512
  
  96f6b086e75a4a061528df8153f17e0d9ae446209fcb8afdbdcf395215f4f87ef5a6409fecb6b14e75e0e9c8e6cc18da064c3deccbd04858b03b9a0a2776a9d0
- SSDEEP
  
  49152:6icfbB4vVsCsBg7eH2U41Ysf3mKXEbYeDhd2FJ6kz/JlWSNH:6iObusB0eH2U47+KmPiNN1
Score

7^/10

discovery
- Loads dropped DLL
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/inetc.dll
- Size
  
  20KB
- MD5
  
  9a7d35d1e9e5dfb6a7872d49cf64db83
- SHA1
  
  4da9dd5427c0fdfa2cce3ee29ac5147b74ff3834
- SHA256
  
  c7a365c50611e7b3bbec6f73e9b33fa83d9ca91c34cde67969cd7cab79293160
- SHA512
  
  cb98bc94b883ecd88102a017de484560085c0f70fa379489618cc10c017d543e53b12502a0a7cae49682887676c4c590fc481ab9cd531467b1d090499783db3a
- SSDEEP
  
  384:qYJFIiP3ZudtjmSBSWY1IAxNOzqXBrxzs0UhU7ya4LH0Ac9khYLMkIX0+G0cgLGh:qaBcdtjmsSW6IAxNQqXBrx40UhUua4Lx
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/md5dll.dll
- Size
  
  6KB
- MD5
  
  0745ff646f5af1f1cdd784c06f40fce9
- SHA1
  
  bf7eba06020d7154ce4e35f696bec6e6c966287f
- SHA256
  
  fbed2f1160469f42ce97c33ad558201b2b43e3020257f9b2259e3ce295317a70
- SHA512
  
  8d31627c719e788b5d0f5f34d4cb175989eaa35aa3335c98f2ba7902c8ae01b23de3ccb9c6eb95945f0b08ef74d456f9f22ca7539df303e1df3f6a7e67b358da
- SSDEEP
  
  96:GL2PcvGn5olZMTZxEp8agTsflVwn4GogZcko5N1ub:U2Pxn5UZMTZipyaw4ZkKP2
Score

7^/10

discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral17 behavioral18
- Target
  
  ReadOnlyInstaller.msi
- Size
  
  4.1MB
- MD5
  
  d22df2c75a529bfb101aa8434f855358
- SHA1
  
  02e59f189a863d8fc8fea73fb52b7d9542f214c5
- SHA256
  
  2407a69d5dc0409a465a0378f5345a7a13bd5aa7e5f4561a0fb9987a9fe7a21a
- SHA512
  
  87d1b41f1aebee51d1a48f335ecb341c62886258f53c1ca133f2fdb116074767ccedb9dcb21f912649253fa1657d687329c578c60864388d57d70bf58332c0be
- SSDEEP
  
  49152:rMfVBwVPCsC6uh2ZVZ/c/yEn6z/LX+RbS2MNFoo:reVzsC6uh2ZX/czn4LuRZMNFo
Score

6^/10

adware discovery persistence privilege_escalation stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/inetc.dll
- Size
  
  24KB
- MD5
  
  1764c943028e6cd9b6b2c0e0ce5fbcf0
- SHA1
  
  0cf2d2909046e06d929f879846a8a24560c5dc52
- SHA256
  
  9cc6c754782f553da45fda2f720cad17e2399aeb08e6cb600477cf6c6f69e63b
- SHA512
  
  7584aa3885bf6b7ebbcf82e4a346e2ea6d4740a55a421938d02ba8b93c901de6f8c314fbbaf1d8a8f6f61eaa30fd45ab93efd48e2f6e487fe3e0d427fbcea94e
- SSDEEP
  
  384:0uKxsWTuUn/AjMn/JM07fx186vZPiMUTMF690Ac9khYLMkIX0+GvQWXEhY:07xsin/AAnRtfY6EMSMg
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/irtr-gfg-zugo19.exe
- Size
  
  713KB
- MD5
  
  edfe8beafae93f1890e314a8d96c424f
- SHA1
  
  402a02d0cd224c837971217753250f478bb5e16a
- SHA256
  
  7fa2e46eeaf269a72a57d2a1a5a3ac98e682e455327fdaa3b0718c8c152aa82c
- SHA512
  
  563c6ad63f30e64e7f5210f7e7016f0668e85fd0fb330db3a5322b7caf65190451468e9b0cef22638c0aa277da16350de33ecb64f6b9110ffde04cb0372d9fb2
- SSDEEP
  
  12288:BKm8eMh9Oqt4GrRzWAVdrnab8m+NCe6UwuGVTLfpvEv0zJa2jgVICiC:BKm0h9IGrRzR0bUwucWOa2Qn
Score

7^/10

discovery spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/KillProcDLL.dll
- Size
  
  20KB
- MD5
  
  de2b06d8abcd4a1d3330e415ce638a6a
- SHA1
  
  2f1bf738915b288530dedb861f4ea4f60069a91f
- SHA256
  
  8f62633831a326174f05e89503e42a493aa834fa6d7ba7138d9d57ac5873512d
- SHA512
  
  8dbc0edb71d6acc327418270b33d5627d7940ce406e54152af9f6c8f6d90c7239aa647a0e1f4769d0aa8bd3e38d60643e6356ff7a5ccf7dc44c5617f72277b70
- SSDEEP
  
  96:J1szPlsFYmIGExrjwIqiwZePAYyU76b+4d:Juztr+8wzg7xN4
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  $PLUGINSDIR/Math.dll
- Size
  
  66KB
- MD5
  
  b140459077c7c39be4bef249c2f84535
- SHA1
  
  c56498241c2ddafb01961596da16d08d1b11cd35
- SHA256
  
  0598f7d83db44929b7170c1285457b52b4281185f63ced102e709bf065f10d67
- SHA512
  
  fbcb19a951d96a216d73b6b3e005338bbb6e11332c6cc8c3f179ccd420b4db0e5682dc4245bd120dcb67bc70960eab368e74c68c7c165a485a12a7d0d8a00328
- SSDEEP
  
  1536:0P43WZ4Ql60gam+2MwRmPeqFVHbQH0ZZ1Iet:0wU609VMH0T/t
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  14KB
- MD5
  
  a5f8399a743ab7f9c88c645c35b1ebb5
- SHA1
  
  168f3c158913b0367bf79fa413357fbe97018191
- SHA256
  
  dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9
- SHA512
  
  824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977
- SSDEEP
  
  192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Event Triggered Execution

T1546

Installer Packages

T1546.016

Privilege Escalation

Event Triggered Execution

T1546

Installer Packages

T1546.016

Defense Evasion

Modify Registry

T1112

System Binary Proxy Execution

T1218

Msiexec

T1218.007

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

UPX packed file

Loads dropped DLL

ACProtect 1.3x - 1.4x DLL software

UPX packed file

Enumerates connected drives

Installs/modifies Browser Helper Object

Loads dropped DLL

Reads user/profile data of web browsers

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32