4fb17ba8b6943800a972385c7fde7e8e45fc4b1a6b6edfb0dcdad3671243f480 | Triage

Sharing

General

Target

d12234a95be5e9025ad3872c34a6f8da_JaffaCakes118
Size

1.2MB
Sample

240907-fn96qawfjh
MD5

d12234a95be5e9025ad3872c34a6f8da
SHA1

053e7dc9fa37df4c78dc0e66f1f8620640b73740
SHA256

4fb17ba8b6943800a972385c7fde7e8e45fc4b1a6b6edfb0dcdad3671243f480
SHA512

5d548e2ee1b91118a74105f083c0dc8d4b572889e293852391acb85bbc041630de215303bdc84064b0ab6b85b3a573d0ae631cb29088f67e5fdbb3e22b434d74
SSDEEP

24576:q5pkYOEi9IYw2T1Cd12iC75Jvos5YahVZWn2EmrclFmTX3v:CIvwuCd12icJ2SVe24y7f

Score

7^/10

adware discovery stealer

Malware Config

Targets

- Target
  
  netdict.exe
- Size
  
  1.3MB
- MD5
  
  f68d85ad4d059cbfd9b27d212b8741c9
- SHA1
  
  ece0e4009164acaaa579c66c6db96d715018d8f8
- SHA256
  
  5cb4fa32bdb43158af0981f4fb8efa9254bbeff99c2eb842a9ccb3afe58e39f4
- SHA512
  
  ecea6ec901ee8c673cd51c30cd190ef4b2a296fec597b3cd2b60d1c351640caf89eea816b965cd1c836b5033cdfaf6d8b853fdcda21043fc059a79597938e96e
- SSDEEP
  
  24576:FjoYo/zb0tfwxquHJuDeJJO56vayCBZ0+jRKdetboqTuOUyCHwDV+n:FjoYo/zbgyqu8DEQ56vaDBZ0gRKdw/f2
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/AccessControl.dll
- Size
  
  10KB
- MD5
  
  055f4f9260e07fc83f71877cbb7f4fad
- SHA1
  
  a245131af1a182de99bd74af9ff1fab17977a72f
- SHA256
  
  4209588362785b690d08d15cd982b8d1c62c348767ca19114234b21d5df74ddc
- SHA512
  
  a8e82dc4435ed938f090f43df953ddad9b0075f16218c09890c996299420162d64b1dbfbf613af37769ae796717eec78204dc786b757e8b1d13d423d4ee82e26
- SSDEEP
  
  192:8SEWBGgiJM4LN+xq56XdNcNz/NWdlJmlyOcROQ:8SEPgii9KTzyt
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  f62d03fcb1473110e920a9bb2c701006
- SHA1
  
  c48444ef2daa60dcdf91f1645cd4ecd8e66545f7
- SHA256
  
  17e2f205af12d5a86638dc83c95fc69199c41af2fa6daeb1e91ec330f68c5372
- SHA512
  
  701d531d405d08054d53298141d5bbd56e74df7b22bcea5f9f0e5c4407421ea0ca9617aa84e740dc1dc44e6d14e58852c1ca2087213cc2319f2da44eaed0bc05
- SSDEEP
  
  192:g6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTxK72dwF7dBdcQOz:g6JaVh4I5rpPbTx+BdhO
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  0bbcbaee7b703ebd55cd8658a0e8dcd3
- SHA1
  
  6ed448b8b67cea36eb45bfbc67fed9a6da9623e4
- SHA256
  
  e67277ecc4f6c7beb3c7e586ce508677269db056c7541eacfecf6c719f559da6
- SHA512
  
  604c524bd00313f6411cc9878d5c9a1db77588049feeb5bb02c971df44f8becbd18d251cc20e551b878173eb2a78be61f31352769597c6334cffc0bc2326b008
- SSDEEP
  
  192:WO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1azgMO:TKAFERdlxhGRYUzqZaz
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  temp/modules/addr.dll
- Size
  
  175KB
- MD5
  
  fd5651a643324b4fd69b19a3f7f9b1da
- SHA1
  
  babbb4b0e5273751c48f54a9e27515ced2ee47ce
- SHA256
  
  9800c9bddee74939b2f2e839aa682a10c9e09a680018c306ff2720bf3cb5e27b
- SHA512
  
  c158a49bebb9f5500894113b68d9807fb02057a04fc75bfcead8d58abc3f0316ea4f09ecca727bd2fbf031931294877813661f079463bccfbba750e8cb603bb1
- SSDEEP
  
  3072:vrWydRbYSW9NxgGfavDNV9cuZ7B2DLBZ6K10XpXjl1u0ZhD:vJsmGibYdgu0dP5ZhD
Score

6^/10

adware discovery stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral10 behavioral9
- Target
  
  temp/modules/auxr.dll
- Size
  
  63KB
- MD5
  
  028f7e21f1af85cda9f56b17e070a351
- SHA1
  
  eb41bfa32295408105f37e58da3d8e6d99372335
- SHA256
  
  562ba29edb59b0032402ae913ec270e463b4b1f7c5ec58a746b744db0521b6c3
- SHA512
  
  f362c68c264e9f9a84f42d5ea2e4a9f8d153c8c2de56c4f44ff042f779b718418ee31f92f1c14b5d80181c55c0d2ee2906836079a0052135832a12b4946c04f4
- SSDEEP
  
  768:XQkBeqgp6xFpvVAdSNifT+PqsUtLfO10a5LiE0r9RahAN6XoTzvouxbvTJ:XQIe1iAdkifT+otfOTefsAwoTzvzd
Score

7^/10

discovery
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral11 behavioral12
- Target
  
  temp/modules/netdict.exe
- Size
  
  2.0MB
- MD5
  
  7a0691b3541522327c9c0fcdac0acd37
- SHA1
  
  4c20861ec41b96b568e0d9256735d27e4bf3236a
- SHA256
  
  501c4258839ef9c9baf8d5f5e1eceb321ac5b403e99430352736e96c9248243c
- SHA512
  
  fa7517064f519e19f79db9184dae342e095c8f962f1bf3445aacf95de5dbfb7ce8e408553d6b5813698a9ba30d52860b0ffea8d8201f8abec398b3cacbb55952
- SSDEEP
  
  24576:8/xEbl2ZH/3Df2fVNR+z32S9Wyss8TuXaKdxh3CM9YmrPVaEQb2YMhZNlEnb90lC:8/xmYZfDf/rwyrqKsM9FZezjTkb38
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  temp/modules/netdictsvr.exe
- Size
  
  211KB
- MD5
  
  921ce46167fe8f75fef37405154185c9
- SHA1
  
  ad52017e7afdb03443f8c240a0de10b59d69bf54
- SHA256
  
  4c42f55e8151a83d58f901d495cf66a9614d113eee7d79fd791aae1cd97077b6
- SHA512
  
  b5c6831ca2664c8ddaafaad21bb28ff79f8f6bbff6d888480f08ff75d6e8435a0aeb3d203e876689842d21f5321ab499e1e95e711c6712250b7535050e212b64
- SSDEEP
  
  3072:U7vXsah8D2hRv0EK2Zm7DNlU2/YpOTT7bziwy7bHWm7P/C:YvXs5ox0EN0DsUwOTTNm7i
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  temp/modules/shell.exe
- Size
  
  83KB
- MD5
  
  a14000e5343753332d4cda363efb43a1
- SHA1
  
  601d0ec1f15ac3191fb442b6e4f9fc35a3c786bf
- SHA256
  
  a8b5386816b47b834db099b3d3af6c124645ca6cd99e43be1b1db030300f5bd4
- SHA512
  
  b7123141df9b1196b2689fe5c1fa259229bfacc7e930106e361fdddf999eb93e2bf39fa6ac6e00648d0cd875f6d49021ed9ebca3d5296b437b63008027a3d014
- SSDEEP
  
  1536:MnqRj2HfwTS9FoRti+lujE2l1zRzFzSVIcgi:M8jaNFeXIjE2l1zRzFzzcD
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  temp/modules/sign.dll
- Size
  
  75KB
- MD5
  
  7fde6c06d2a99b85ba8d4b22c664685e
- SHA1
  
  234ecf66f81d4d40ca21486eca4ff5447fc06ad9
- SHA256
  
  909b87f0ceae4996e4fd188395831c48833b2ef19583914623a87a721f17a895
- SHA512
  
  3dce5d7d0a0a643dc856224146e696293351f085f3100bee785ef9088aafe859c7d72f57997407bda955c8eb199e1768aaaea4d0c1df07b852cb7b2f9c3f2a8c
- SSDEEP
  
  1536:lynl3IQCjuOqhADwPMTVjwbRkLMlEWcQzZmvl:CK6Oqymc0mLMlRzkN
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  temp/modules/skins/Office2007.cjstyles
- Size
  
  486KB
- MD5
  
  6c81f596bfda0b754e3514a46ee48119
- SHA1
  
  bc7f447ca8b41beabf26f9556c58292cf8774d7d
- SHA256
  
  fc91fbb7d3e77ebc949873d514679be783c100b352d6737c25d1ef47550145bb
- SHA512
  
  b8c9789cb3062a5d670b199e586f6bb126c14da450e2bf874d0f1f36b043db61db77542aca411d5bea4a593564405d81520160043e7fbbea3d0d5b63f991dd15
- SSDEEP
  
  12288:IDNw5k4u34yKisgR4Jfi126PbrPzNq3dElPcr1j53dEE:Xk4u3HJVqNEg5NEE
Score

1^/10
behavioral21 behavioral22
- Target
  
  新云软件.url
- Size
  
  133B
- MD5
  
  4f0017b3b346bd0626f0c3b915e6e734
- SHA1
  
  823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92
- SHA256
  
  df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678
- SHA512
  
  0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6
Score

1^/10
behavioral23 behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

adwarediscoverystealer

behavioral10

adwarediscoverystealer

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24