94082c6d7e553aa8875fc199fc8cbeff5a27431e9087378fd3e4b3f565cc285a

Sharing

Copy URL

Twitter E-mail

General

Target

d4e1776072220e733ba26a74e6131a7b_JaffaCakes118
Size

13.4MB
Sample

240908-vxsqcsxhlm
MD5

d4e1776072220e733ba26a74e6131a7b
SHA1

7986a62aea77c432029a61d18b49d62949a11d30
SHA256

94082c6d7e553aa8875fc199fc8cbeff5a27431e9087378fd3e4b3f565cc285a
SHA512

908b20a9edf0d1918d2d5c73568d8e97dea156d9fb0cf0c5d95fd89b971304b6d37264b39ed6e057d8d28280d407e700f2161cf8b5b85dac73d32443dbf116fa
SSDEEP

393216:FpAzXLKi/KForUnnXFwtAdPUqJyBTIm1GQv8:FpAfnlAnXFBdPU4yT1GQv8

Score

9^/10

Malware Config

Targets

- Target
  
  d4e1776072220e733ba26a74e6131a7b_JaffaCakes118
- Size
  
  13.4MB
- MD5
  
  d4e1776072220e733ba26a74e6131a7b
- SHA1
  
  7986a62aea77c432029a61d18b49d62949a11d30
- SHA256
  
  94082c6d7e553aa8875fc199fc8cbeff5a27431e9087378fd3e4b3f565cc285a
- SHA512
  
  908b20a9edf0d1918d2d5c73568d8e97dea156d9fb0cf0c5d95fd89b971304b6d37264b39ed6e057d8d28280d407e700f2161cf8b5b85dac73d32443dbf116fa
- SSDEEP
  
  393216:FpAzXLKi/KForUnnXFwtAdPUqJyBTIm1GQv8:FpAfnlAnXFBdPU4yT1GQv8
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  InstallTools.exe
- Size
  
  274KB
- MD5
  
  7bfcafbcc8ee124ce3ea6b098105865a
- SHA1
  
  f404c9a50e0740e465106321012c3b7859c999dc
- SHA256
  
  d7ffd96c98cdcd1bacbe7542b403d60a8b700ab8305de02738f1f1c2d98aa71f
- SHA512
  
  02b873be813abc8a50b882bed60ad2c57ad6cba8f83984c30d2ca0b5dba6c5b6427d44626bd2689e179bff539160b78b3ff6b604d1d134a147e41c9861b1600c
- SSDEEP
  
  3072:0l7g2UXc+gHjgXqJV0BhZ1hgC5VQ+dVg6tsH3kksA7XDCEtXFD:SkxM+gE607ZEC5VFgkks4Xx9
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  bytefence-installer-5.5.0.7.exe
- Size
  
  13.2MB
- MD5
  
  bd660f5e0f39dd05d5eefff4ce65c017
- SHA1
  
  956847325b76f4f02c8803f71204f4c747823ea2
- SHA256
  
  223ab46425284dd4ae73f8e7ad478eca6a0dcb4902cbc2f203b73b7cfe0da90b
- SHA512
  
  4fb02afb13c67c3d99cb0b183ca20ede069fb7a92cacd2f9bc73891e05a51bd6bd3ca2988fb71813444f9c9853ab8ad42193b234d5d0a60ca6a63355b51c0469
- SSDEEP
  
  393216:TAzXLKi/KForUnnXFwtAdPUqJyBTIm1GQv9:TAfnlAnXFBdPU4yT1GQv9
Score

4^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fbe295e5a1acfbd0a6271898f885fe6a
- SHA1
  
  d6d205922e61635472efb13c2bb92c9ac6cb96da
- SHA256
  
  a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1
- SHA512
  
  2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06
- SSDEEP
  
  192:yPtkiQJr7V9r3Ftr87NfwXQ6whlgi62V7i77blbTc4DI:N7Vxr8IgLgi3sVc4
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  ab101f38562c8545a641e95172c354b4
- SHA1
  
  ec47ac5449f6ee4b14f6dd7ddde841a3e723e567
- SHA256
  
  3cdf3e24c87666ed5c582b8b028c01ee6ac16d5a9b8d8d684ae67605376786ea
- SHA512
  
  72d4b6dc439f40b7d68b03353a748fc3ad7ed10b0401741c5030705d9b1adef856406075e9ce4f1a08e4345a16e1c759f636c38ad92a57ef369867a9533b7037
- SSDEEP
  
  96:o3W4JlD3c151V1gQoE8cxM2DjDf3GEst+Nt+jvcx4K8qndYv0PLE:o3p3ggQF8REskpxZdO0PLE
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  50ba20cad29399e2db9fa75a1324bd1d
- SHA1
  
  3850634bb15a112623222972ef554c8d1eca16f4
- SHA256
  
  e7b145abc7c519e6bd91dc06b7b83d1e73735ac1ac37d30a7889840a6eed38fc
- SHA512
  
  893e053fcb0a2d3742e2b13b869941a3a485b2bda3a92567f84190cb1be170b67d20cc71c6a2cb92f4202140c8afd9c40a358496947d709e0c4b68d43a368754
- SSDEEP
  
  96:17GUxNkO6GR0t9GKKr1Zd8NHYVVHp4dEeY3kRnHdMqqyVgNT3e:5XhHR0aTQN4gRHdMqJVgNa
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsisdl.dll
- Size
  
  14KB
- MD5
  
  732b08d61117e442df209d6e2e4165a4
- SHA1
  
  4ced1f43e94800dd08f6c2efc73be978dbca028b
- SHA256
  
  73a1d4339513125be547a038321e26a3de13593df96ed715efd8a1683ccc0665
- SHA512
  
  f79e75f2637072c07f55f6e2192a1c7a997f184432a8179afde38656034b3167fc3e275755c17f298b9f554c7a20571aa4df165248a42315c5f1a1aa52bedc03
- SSDEEP
  
  384:yck76gi51kE5aYOMLDC4UnDp9B0Jc5HNw2+E:yck76gibLCMLDLCx04HNV+E
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  ByteFence.exe
- Size
  
  3.8MB
- MD5
  
  b821cd61e2d66b1ca5c795230f6b1b8e
- SHA1
  
  a2e0cea3af916f98233ad73992cbac1dea55b234
- SHA256
  
  16e0d6966e98794aa18719606e41f4d4ae74683d652e81374717282fc8b3239e
- SHA512
  
  6f88f403aadb97612bb409bae098bfba28d863a97c4fdb5a69431732251d7a91d3bc76750d30e30db38df1e7d4cf2f633c2b5a09cfef08437d5d1a6cfd55ebd7
- SSDEEP
  
  98304:YXrXAQnL22v90UxMwbV1J29H0SF8A9q4er:YTL2mewhn2ddrur
Score

9^/10

credential_access discovery evasion persistence privilege_escalation spyware stealer trojan
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Credentials from Password Stores: Windows Credential Manager
  Suspicious access to Credentials History.
  credential_access stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral15 behavioral16
- Target
  
  ByteFenceGUI.dll
- Size
  
  402KB
- MD5
  
  64d417dc29e703c1ce96f6883693bb48
- SHA1
  
  959cdfea412e43fbf0992a6fec142802148ad2ed
- SHA256
  
  4653f64b3374bd12df745ed33e46d27c7a33010bc92d0d2a5f4b2e45fb3a2fc2
- SHA512
  
  5970fff0e2f6ec1ed8835078ef2001f54d0364c846c26a32826d3ae534e368c159e49f16b1f201b8b83b17a34b7f7c16ab7dbef02ceb2b93ad49f0e1863b75e0
- SSDEEP
  
  6144:x5UfubKSlfRgMhU+T9DW7X5GX2ypXfC0SYdC:x5J5gz+w7XYXw
Score

1^/10
behavioral17 behavioral18
- Target
  
  ByteFenceScan.exe
- Size
  
  809KB
- MD5
  
  6e0e63eb8b8022286b9cceddce76c5dc
- SHA1
  
  8bafea55708917c27f98c44920f6d0bc8ca2a37a
- SHA256
  
  434e30c59249506dde85ce9e22ffacb2dcfbb05625c5853e9e72397c22f2cc53
- SHA512
  
  de73bde33e8f702926bac7c93d681edf545d178b78601e17fa64a751c4c66e771fb12177f46a4d43fda60785e8af7831c4bf5c72ca16f36f0c89a38239bfab65
- SSDEEP
  
  12288:qM0Voclkzj2+OeO+OeNhBBhhBB3RauRtg8awP1NGcMWU2g50M341SJ0BGZsGXgs4:qMToiDXtg7wecMFogJ0BAV81suqdpE
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  ByteFenceService.exe
- Size
  
  157KB
- MD5
  
  b7748eb9fd8de26917eed1f341e3cd99
- SHA1
  
  275ad76abb350fbb0c77050d99fff8c8696b0de3
- SHA256
  
  ee8b257ada017afdec76c7bbaa436afa2d77ac6887c6ff84431866517396a956
- SHA512
  
  0c343c1a7f7bdff2f5652350e05dfff1f9ae3424c70302d4abdd1693660581414a5ea5db712cfa266f4e35e12a2af7447dd0538186ae6654c4c0e7cc4c83d9e4
- SSDEEP
  
  3072:rzUhP2vWKB4IsWyZpiOpEFzsfDuBurPm3/IheRy:nUhOvvyzxpEF8K32
Score

1^/10
behavioral21 behavioral22
- Target
  
  Microsoft.Diagnostics.Tracing.TraceEvent.dll
- Size
  
  985KB
- MD5
  
  d09b4a4509907f75f506b996a5ff7554
- SHA1
  
  bdb299cf617da297cbcfea321879f669e465069a
- SHA256
  
  6f8a2f1d045efb952c1ea9988bb5dcc72555eccafe9b32c2c51b439ea1f28453
- SHA512
  
  ea29579f19aa55429e7254a7a6953f127a7520c43ad1e15dad7e4b25d17a167218997fe98d3096606164284616963c81a53f10eeaada7163472a6102e66de478
- SSDEEP
  
  12288:Y+TaIGsAE3CBF4vgwWNjVYUQjwciLzR3Sx+1FfNJyPnKrA:ZT2VESLEUQjXiLXNJy/
Score

1^/10
behavioral23 behavioral24
- Target
  
  Microsoft.Win32.TaskScheduler.dll
- Size
  
  303KB
- MD5
  
  1802e6df96046cfee62c63c4c8469a3e
- SHA1
  
  c5d6444fcd8f46e1832c99614f5e71adff582f6d
- SHA256
  
  cc6c472f666239ed270cc3754852f536b8981d6fd22e4ad1ee15a1aa788a3ba9
- SHA512
  
  339f5b917c4afbc25175bd173cebefdd8f4671e157ecfb8a9c21b78db9d34fd9757787c231575e8849509cac59162c6c67fb32af6febd6903ec285e21c0fd304
- SSDEEP
  
  6144:pSNrAMLv8oXq9/7hbTD9S9XFiU5xsM2N0b9tCud+FrXSaG5rcfFr79E:CH8oXq9Dhb49ViU5xsTQd+FrXSJ5eFrZ
Score

1^/10
behavioral25 behavioral26
- Target
  
  amd64/KernelTraceControl.dll
- Size
  
  217KB
- MD5
  
  23ff4b3eadf12465e19f39b0c19c4361
- SHA1
  
  ce0f61dfc428532dc645d2aaed9153d79dbd27d5
- SHA256
  
  2005f94acc7c541771066ed98aff6321b911d10c59d2544b853446dbe91f25a5
- SHA512
  
  cc618b926c22cabeb2156fe9d82dfa0a181e9bb03e9f1d823f68f656a72fa56fecb92fafbe84ec3712805ec0bd5a903fde6ea33cd05dfc57027800bc516c7538
- SSDEEP
  
  3072:nX5gE72vcK8s7pTxEl7Onygi9wDO4z4WSYB0JuPr8AjT//PqLVFUYYBHoC:nXX20y7HNz14RU0J1ALqDUBHoC
Score

1^/10
behavioral27
- Target
  
  amd64/msdia140.dll
- Size
  
  1.3MB
- MD5
  
  c241e5b86b651da6e2b8fd9b07660635
- SHA1
  
  bc7317c284770245116b4a77c6d454970625fd19
- SHA256
  
  25a17a77163d1f18d780b06546dbe53c49d184c08cae60598b81cce655c53e34
- SHA512
  
  1b8e06fc562413b110f2ed8ee752f704948a77c4f4b8d855d1f14a91f9d3cbaaeead625b11d82d655613e89b7345c3299ddadc0fa9bcdad400068916587894be
- SSDEEP
  
  12288:Ppo5lxPC6r9vjOqfmX/yyOZWS6ggBwCX0dX007AedX0oHQUcV8gv2MQo0pzx:xo5lxdoz/yl4rEdE0cedrQPV8gut7x
Score

7^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral28 behavioral29
- Target
  
  protobuf-net.dll
- Size
  
  205KB
- MD5
  
  1ef639ae78e59f44b0ef43bbcbb893f4
- SHA1
  
  a78cc9f87e611a017080ad9b28d0c344d58bac0e
- SHA256
  
  ce817ea26d88d86ab917460039b0bfabb311790cd702285c92f977ca6c293508
- SHA512
  
  3b7d7e57b2db0a5c68e38ab2494995098d91ed32de4bb092a4947e17cec800c725d879aa8a106b46c714945b2358d2e37e62813d88d772bc4a9c1ee05bc12559
- SSDEEP
  
  3072:cDS6s11CNtSu01ck48ChK8CShUlNIUAQwXaQ5edod9hoiexKcMva3rdYg8CUD:zzWMGN8CckUnAt5edod9hoisKbvydDUD
Score

1^/10
behavioral30 behavioral31
- Target
  
  rsEngine.dll
- Size
  
  5.3MB
- MD5
  
  5efe47270e2ad4111ff66f53a0502cb5
- SHA1
  
  896ace118b9224eb2bb62e2c1964ea506291f619
- SHA256
  
  bf7d8e6051c13f8b20f87c11103ab153e692ef26c409fea9893d4f7d5223dac5
- SHA512
  
  32782f15ad6491bc358264cc6373ed3e8039fcc428263e3b6498c48c19eff2cea3294d3cb0085418d896a81a27f73f80e7ea85a05bb5ce5aabf35d7db63e8ab1
- SSDEEP
  
  98304:MQOQ1D5RJP/WaqS5xJ/9lO2L8qnwIaDpMtDMRmxfMx5qIaB9Ic6:/pFRoat5xV9lJ80a9MCRC0x4IaBR6
Score

1^/10
behavioral32