b0fe5e9cc5e5529bf71dfd6818c259983a51f2f17960a91736bbacc065403e18

Sharing

Copy URL

Twitter E-mail

General

Target

d255b7d1030974c6e5cd7da6f956805c_JaffaCakes118
Size

2.7MB
Sample

240907-tqd3ysvblc
MD5

d255b7d1030974c6e5cd7da6f956805c
SHA1

e4c20fe519b1c213458389c26e2aa53cd7d002ba
SHA256

b0fe5e9cc5e5529bf71dfd6818c259983a51f2f17960a91736bbacc065403e18
SHA512

a48034ef8afc1d8951c8a4645881a2edff01aca01ae4228e027b1d6170c07e2425a92ae1c6d7cce086547d7860cb51d9cb2698ab3bd3e40f41c5e7e475eb54f8
SSDEEP

49152:pcbXc7MoGjIuNOxhL7XGypGf32BXV7YxMnih6eLeRB6NCINY6b5CYO:py+OOxhL72lf32F8Mnis255CD

Score

7^/10

Malware Config

Targets

- Target
  
  d255b7d1030974c6e5cd7da6f956805c_JaffaCakes118
- Size
  
  2.7MB
- MD5
  
  d255b7d1030974c6e5cd7da6f956805c
- SHA1
  
  e4c20fe519b1c213458389c26e2aa53cd7d002ba
- SHA256
  
  b0fe5e9cc5e5529bf71dfd6818c259983a51f2f17960a91736bbacc065403e18
- SHA512
  
  a48034ef8afc1d8951c8a4645881a2edff01aca01ae4228e027b1d6170c07e2425a92ae1c6d7cce086547d7860cb51d9cb2698ab3bd3e40f41c5e7e475eb54f8
- SSDEEP
  
  49152:pcbXc7MoGjIuNOxhL7XGypGf32BXV7YxMnih6eLeRB6NCINY6b5CYO:py+OOxhL72lf32F8Mnis255CD
Score

7^/10

discovery spyware stealer upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  14KB
- MD5
  
  254f13dfd61c5b7d2119eb2550491e1d
- SHA1
  
  5083f6804ee3475f3698ab9e68611b0128e22fd6
- SHA256
  
  fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28
- SHA512
  
  fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7
- SSDEEP
  
  192:t5ZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRYgsfA:fBo/680dCI5adOjFOg9//p27uNw2bo
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/ReadCustomerData.dll
- Size
  
  64KB
- MD5
  
  703598aa5ff97f512112cd766543a2f1
- SHA1
  
  0bfb74b03227ee8510e153785edd76625404ab55
- SHA256
  
  5f76752e83789bb8184070d618d83f43c2f565cc7fad2c4266e44339223ba69b
- SHA512
  
  3eff4670a3c97ec931eb1240d22a943ad6b19ea07ce781dabcc656ae2049d36c42b8f5bf3ce59366057ea3ece8913e83da3ec98c2c1434edf144dd9d4731fe58
- SSDEEP
  
  768:TWaFM5hBUVVsDPytWyIBvsdfk3Nhs8o6S5uymhRv1OInQ/bTLZmTtxHWQ:CvnuV+TcWGIPOChRwIQ/XLQtxH
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  00a0194c20ee912257df53bfe258ee4a
- SHA1
  
  d7b4e319bc5119024690dc8230b9cc919b1b86b2
- SHA256
  
  dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
- SHA512
  
  3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/TvGetVersion.dll
- Size
  
  130KB
- MD5
  
  8872006dd07ada62805c1b80636ef36d
- SHA1
  
  c611f017808eac2a144933520e86ae25f5e78fdb
- SHA256
  
  7b49d6b41d6125dd64765abd450b4f78e01767547047b184d0a1bdb561c37384
- SHA512
  
  70631d52b0e4e411fa2e4be75e809d5b362a3230876d7e821be1390b8aaad11443296c82dce03e6cf308b5f170a9695603b8b5876350571ae68a0f6d7cf30a4e
- SSDEEP
  
  1536:JYsbJRUSRFwlPlW+1YO0a9J76sbxXpC5VI4bUj7syyBsUndwFrtYP+yOcI:hWPl065+UEy8dw1tYPDx
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsis7z.dll
- Size
  
  176KB
- MD5
  
  06ff2b95b8e123d32487b0cb73409031
- SHA1
  
  8cb3f584112db4e74cea4ed02d4ce0b3a5373bfa
- SHA256
  
  0dedad042a306da32784c3ce79bfac0475b827e416c17e1a1dfdb461151f4271
- SHA512
  
  174e7599ba87bc45111ce340d7563771353df71988d6b9094d8bdeab4b45ec730cbd2e6bf3943ad66daa02d7f1f1eac0020b987109fabed96b2e0def8d0602c6
- SSDEEP
  
  3072:rfSCQ4FYoKhEHvf4aytolZ8MMNjXtWXTkibb7zHetRYFJ8:HFYosEH3UtoX8fUtXPOm
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  TeamViewer.exe
- Size
  
  7.0MB
- MD5
  
  32ee99a3ed45271f210e12b23eeb2861
- SHA1
  
  ed2e6f46706d04e3689a708208ad6fd814c75936
- SHA256
  
  7ba0a16c534ea3669bdbd13112fc1071adbaa0422a655dcb525369477872b536
- SHA512
  
  d552bae95356da2ffcf2cfc6c4643456dd1334bbdc8059397e25945d90c09e2550fcc76170f89476c6a061a8b556e801d000dbe498e27fb0f1fd76aff0a23a17
- SSDEEP
  
  98304:JP0XJBwgh42m9j89bkCN2MZ21YZDvb/Fo+fFrUrUu3N7byJDZho0hOk0C33jywVT:OvwnDi9dZLb/BfGrUu3N7m3hcazvV/
Score

7^/10

discovery spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral13 behavioral14
- Target
  
  TeamViewer_Desktop.exe
- Size
  
  2.0MB
- MD5
  
  81675ba925818ab731e372159ea9cdd1
- SHA1
  
  75165f2d8040e3494251c739f3680d37b28ae525
- SHA256
  
  a1617ecd096789b5c898474837ea38769a7256793f36b80dbc28dda63d517e6a
- SHA512
  
  ac7e23df4b30ce94482e9b6d2f80c5c748384b169197ca0db0ea832815f48f116b18e42e178d7d54d125de63eb1aaea0a38153d42bfe75049fc8055851116cd9
- SSDEEP
  
  49152:yYFOvyAPoQSkpdbzG1pUllWtNTyZ/MUcQNLJm5:zOvzo3kpY1eGu/XlJm
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  TeamViewer_Resource_fr.dll
- Size
  
  1.3MB
- MD5
  
  6322931fab86af48a0940f744f7925c4
- SHA1
  
  7abb55a62ab8133245bdc3f71b2360f745f95db3
- SHA256
  
  e706ac5af4fc3ffbd36d8aac1efbf4d8dffb9d2a721e3bbf35da37a50e0ebfe4
- SHA512
  
  262e0fd4d0a73deda4e1a255848b7963007e539a72099ab1c7b27ec7cc8b8f309bdb939b91e7b6f3ec27efd7a43bcb556dd4ff9c800985abf839b8093216fc8d
- SSDEEP
  
  12288:Zhmfaa/lRMxerSaye0dHVGFlSyhUcTm8i1aWjp3n331C34QN6TO:XmfnJrSayGF6Kp8S
Score

1^/10
behavioral17 behavioral18
- Target
  
  TeamViewer_Service.exe
- Size
  
  2.3MB
- MD5
  
  e03e8f543a1f8c0a7e07e8095c16fa73
- SHA1
  
  5cd12e817c2b0a7c1439289069a934c7514c798d
- SHA256
  
  5ced4599fdb86edc80170665d8156888b683ba8e3e7258b8d1b5b6400bd5307e
- SHA512
  
  fb66e215db8438104487eaf1a21c2701c51169a8e11eac6ba521cea2f06124b176649a3ae254a9094ff12f2710af84d4bda107a22fc7a32ba5500fc40d5dc146
- SSDEEP
  
  49152:Zlf2clpXwZpK2lnp+g2KXMgUu3YHt+zC1dTUHB/SLjux:Pf2qgC2lnpB2KLUu3YHt+ufUgL
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  tv_w32.dll
- Size
  
  48KB
- MD5
  
  8ed1d2b0875cb6197f0d99b24ee9af66
- SHA1
  
  51a3363a1499f4fea4de464debc4ba11a18be911
- SHA256
  
  663b890fac656a12db0044d9cd2a4d2311c69715665b03b1e4e5e876b497b05d
- SHA512
  
  15bf86375300fb78d9ec5f0aeeec7265439adbe9491184fb84497c07b8921b60ce99d0369d796252afb720894f2493fbf82d217b73da2272b9004649dd717bba
- SSDEEP
  
  768:vnbNOCWYFawkf5soDYunk220HOtUM3CCGVkQiFptzsk51MIIL1:/BSsunocCUDJVkjJsk518R
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  tv_w32.exe
- Size
  
  105KB
- MD5
  
  732dfe958b012ba8622d312d8594c0c3
- SHA1
  
  2f247c1975937d72dfc1ea851c9e9d8c75fbaca0
- SHA256
  
  9b9c3634d0ff1e408317515557b74beb050a8bd0973db10186a11c4cce3ceaaf
- SHA512
  
  4661413276664021e84425505420bdaf24cbfee4e6c8feb32662cf6b03027bbab6377d99f1b309919d630853efdd4be889ee8253e8d945416c1548f4f753c532
- SSDEEP
  
  1536:uaooQTXvqXtkFFCN3bzLqFu0azJPPY08MPMyY/eetFDiCc3NwGzpi1+4ooahteac:uaoD2Prpifahteac
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  tv_x64.dll
- Size
  
  51KB
- MD5
  
  100cc2667789dea561aad9ce4d2307f7
- SHA1
  
  1e9505fb9b5114d332f2f83035ad0b8254e8fb0f
- SHA256
  
  d4cd7043c7d88c2ba3ca171f010037a4dc8ea4438ebd8df132f67d8f00a2e59f
- SHA512
  
  0612f6698884a3a9d0233c281ecc5706324b16bf52a0bbd049768ec2b31001854ab87b52624491d87fc072d9c551e082c926cb62beeec13b7d0bff3fa4c1cd88
- SSDEEP
  
  768:dRbXkYJwW1DSveW1oI8iGkDDTn/Azi5uQat0bxJYQll6nQIIL:dRbnJj1OvDv/0z7t0bflso
Score

1^/10
behavioral25 behavioral26
- Target
  
  tv_x64.exe
- Size
  
  140KB
- MD5
  
  1f1b6f7d707654577d7e261ba3e4c66f
- SHA1
  
  242e1a2e13842ab388666e03683895ca33c54e1c
- SHA256
  
  2ceef031a02f4389857ea40a2dd0e24e742f08c33debf1e466b546259700918a
- SHA512
  
  be078bf4bd3977e04d574af6faf7caeefee1701f4dbf370ebdb81048e7bf3b1c6f1152f9b4797347d3907bd336056a04153a11609f79c1d2f4c366c95e90142f
- SSDEEP
  
  3072:nWINt2c3+Iiq7oaXVb17FXLxKuiYsS/iYgWxYYYTOS/wOBLWT1vV:nZ+IixaXVb17FRVn6Y9uYYawkTh
Score

1^/10
behavioral27 behavioral28

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

UPX packed file

Checks computer location settings

Reads user/profile data of web browsers

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28