2dd81749fd674fec98269ee6c40ab9d3247b788d8a5cb9640d7d5bd70cd77722 | Triage

Sharing

General

Target

dd4069cb46beda157be20450bae4fba2_JaffaCakes118
Size

7.1MB
Sample

240912-3n3g7ssema
MD5

dd4069cb46beda157be20450bae4fba2
SHA1

07090334daa349b513b6584b05d42b205e2bae1a
SHA256

2dd81749fd674fec98269ee6c40ab9d3247b788d8a5cb9640d7d5bd70cd77722
SHA512

a559238daeca8cb94eb1c0784b1dbe7c81fd79b03ebf45205cfeb1bb563f6c0bbf44df57edef7dd989b6c40f982cb72a999e2287d5f93e8eaa8b741a4b9c698d
SSDEEP

98304:aCXZGgMhv+5aR+uPCkQ4YCZL3zNc6a9Zpn6d/3VrDkk4EdKy3NixJ9pfhEhcyNoy:xAr254tQEOD3YdPlDkpA3yn3MrN1As

Score

7^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  dd4069cb46beda157be20450bae4fba2_JaffaCakes118
- Size
  
  7.1MB
- MD5
  
  dd4069cb46beda157be20450bae4fba2
- SHA1
  
  07090334daa349b513b6584b05d42b205e2bae1a
- SHA256
  
  2dd81749fd674fec98269ee6c40ab9d3247b788d8a5cb9640d7d5bd70cd77722
- SHA512
  
  a559238daeca8cb94eb1c0784b1dbe7c81fd79b03ebf45205cfeb1bb563f6c0bbf44df57edef7dd989b6c40f982cb72a999e2287d5f93e8eaa8b741a4b9c698d
- SSDEEP
  
  98304:aCXZGgMhv+5aR+uPCkQ4YCZL3zNc6a9Zpn6d/3VrDkk4EdKy3NixJ9pfhEhcyNoy:xAr254tQEOD3YdPlDkpA3yn3MrN1As
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/ExecDos.dll
- Size
  
  5KB
- MD5
  
  a7cd6206240484c8436c66afb12bdfbf
- SHA1
  
  0bb3e24a7eb0a9e5a8eae06b1c6e7551a7ec9919
- SHA256
  
  69ac56d2fdf3c71b766d3cc49b33b36f1287cc2503310811017467dfcb455926
- SHA512
  
  b9ee7803301e50a8ec20ab3f87eb9e509ea24d11a69e90005f30c1666acc4ed0a208bd56e372e2e5c6a6d901d45f04a12427303d74761983593d10b344c79904
- SSDEEP
  
  48:6jOBtU/BXN8kUByyy/Aklkcrkyg7Vg5RibGoTCTo0gqVeeaeQqzM5rv774YRljmB:y/DMy4ncrkyg7tbpQFLUEYRxe
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  325b008aec81e5aaa57096f05d4212b5
- SHA1
  
  27a2d89747a20305b6518438eff5b9f57f7df5c3
- SHA256
  
  c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
- SHA512
  
  18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
- SSDEEP
  
  192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $TEMPImg/Installer.exe
- Size
  
  6.9MB
- MD5
  
  186b0136f303bbdfa28d4186073bea8a
- SHA1
  
  6cb4cf0098b71a486ff5deaf222b8ffafcde818a
- SHA256
  
  091088c5d1ee6da6b7584af2a7fd1315f5cd5b09789c3f375654f29b372bbdea
- SHA512
  
  b0f47bdba9914e1f114039b2a90e224a980fa5b83d7d1981a80592a84ea06760cac2a335e78b38323f71c4bb34e3590fe9b2123318e704a38d9bd083229688af
- SSDEEP
  
  98304:3ZGgMhv+5aR+uPCkQ4YCZL3zNc6a9Zpn6d/3VrDkk4EdKy3NixJ9pfhEhcyNo6Ne:3Ar254tQEOD3YdPlDkpA3yn3MrN1An
Score

7^/10

discovery
- Loads dropped DLL
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/ExecDos.dll
- Size
  
  5KB
- MD5
  
  a7cd6206240484c8436c66afb12bdfbf
- SHA1
  
  0bb3e24a7eb0a9e5a8eae06b1c6e7551a7ec9919
- SHA256
  
  69ac56d2fdf3c71b766d3cc49b33b36f1287cc2503310811017467dfcb455926
- SHA512
  
  b9ee7803301e50a8ec20ab3f87eb9e509ea24d11a69e90005f30c1666acc4ed0a208bd56e372e2e5c6a6d901d45f04a12427303d74761983593d10b344c79904
- SSDEEP
  
  48:6jOBtU/BXN8kUByyy/Aklkcrkyg7Vg5RibGoTCTo0gqVeeaeQqzM5rv774YRljmB:y/DMy4ncrkyg7tbpQFLUEYRxe
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $TEMPImg/AskInstallChecker-1.5.0.0.exe
- Size
  
  242KB
- MD5
  
  8f9b5f4f87207be1cf810ddc95124f92
- SHA1
  
  f5cec54c9aac59167ba95ec8077438be381fba3d
- SHA256
  
  4501e3f8f41966d403e76d3b1d04525098f0b6d41b65741a8351f3b0d3e4397e
- SHA512
  
  dac421d8132e474ddfc9ba5954928b40d952af17c4c2085c30f5f3dc631962c2f05db52cb487371108b6b61e6fbc0a82d68ced48e9075a1fbc5a214d5d201097
- SSDEEP
  
  3072:L9Sc/cBP7ZyFQyNGhwPjVr88LkkPl5qcV21BSA5mffoL6xB3UCWT4zeNpdrhUu5g:L9+B9AHKyjVrTLkkP7qcXvxZzchm
Score

7^/10

discovery spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral15 behavioral16
- Target
  
  $TEMPImg/FVM.exe
- Size
  
  1.4MB
- MD5
  
  7647c48e0ac6a521e9b97bd107b2a215
- SHA1
  
  d464f46d7532f2f23222e61657d0c9ee43777b2d
- SHA256
  
  24f96b0e81b026f81a6d7a3f4c86eb0e4cd86f2e003324c374f69d23445e848e
- SHA512
  
  d470c7b17e9bcade5cc677396282b541e3d8d5823ffc6b9f9faa37a2f88e9041d89f8b0a9ce6406a880c45f0194207919596df0982e74a17d3b5205aa94af96a
- SSDEEP
  
  24576:XKkTWMfcFPkyuYyCUMJvuGHtekf8Iu8SzFnGpGcJ/5QrIjf4zdkB/huKb:XKkYayuYyCBxuGHtekfLjwpGpG8Xadk9
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral17 behavioral18
- Target
  
  $TEMPImg/PazeraToolbar.exe
- Size
  
  2.8MB
- MD5
  
  4d14c69f86a74fc25ad116c38f8f05f9
- SHA1
  
  bf8399d5f22aec7e4db7b4c385591ed5d42e71d0
- SHA256
  
  db3119182761d71fe962e662aaff8aba64121130f3f1d39ac548020f26deec77
- SHA512
  
  2f4acf84eb9e588ebe7a1c4731a472c0664f280982f90ec104c04021fbf6e9fc1c4708ce639fb1433ea014954ed24cd79fa94a5d3617e13b8b2e2058cac7a4dc
- SSDEEP
  
  49152:qKmU/FmbvQyw+Lx8GtekgJV2cEraOdDJLQDwydRm0qw9d/YDTn3UOesiX9iYvmEd:JmUoU+LSGtYJVqraOb5yds0tf0EOevXT
Score

7^/10

discovery
- Loads dropped DLL
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/CABSetup.dll
- Size
  
  17KB
- MD5
  
  971a2e4b537d8b3f0bf5699c4b086192
- SHA1
  
  72c062e122288b8c015cd1cd806bef4a22530b60
- SHA256
  
  82f78bcf453ef5bc4383dbb586bcdb7db7b79877ca79991f8b83c9284b6eeedc
- SHA512
  
  2269002046c774112201a4ebb86638e554c11fa3ef2ba2f48266b5427b64fc35e66a94a1dc45c085f713aaf2852ac55a40876ff6bd0fe8625dce9eac05ace657
- SSDEEP
  
  384:1+euflfDS/VtTPYCfdW/QJCG0wNXB9SNCNLH:1+eufdpYg4JCwnSENLH
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/InetLoad.dll
- Size
  
  18KB
- MD5
  
  588d2a4e27dee47f1d7a9c10e67ca948
- SHA1
  
  019aad53a317892c3875761a5f6f2fb470376b7b
- SHA256
  
  b908ac66f5e0876fefe0be8ee692095132a780a8362ba3a68e99ba0d53dc8ebc
- SHA512
  
  c9de72dcb87f27e0a67c6b0220dab67b8c5813bc803bd76fb2b3070e88447457afdc76ffc391be42c14e9f31218fb74e8ddcd2a867e1f4d6f057986a8e31955b
- SSDEEP
  
  384:kUyPTZJ/XdzJwwTh8W1cyMjPzt0Ac9k+LMkIX1+Gn+XHfs:k37/luwTh8W1rMjPzbus
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  1d5c649dde35003a618b9679d5d71b92
- SHA1
  
  0409bbab3ab34f8c01289cdd847b4d1a32d05b18
- SHA256
  
  0f4d3cee24e3f310fa804983c931d3628613988a24f0be7854f63a9309b8e45f
- SHA512
  
  b432ebcc52905662d61a3f17e08e209a3f9d836a9071b3b5e80070af7ebcf34cf66c44426dda041c2a258fda4787e5692e2b35acbcd73288fb84fe3c977bbfd9
- SSDEEP
  
  384:pKlm7i+c3QW6ckPhyDEaLnA2bbBBIXwZ:8qi8BcyhEhLBbbTI
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  $PLUGINSDIR/ScrollLicense.dll
- Size
  
  58KB
- MD5
  
  9de28704babdcf38f423c36eae737e17
- SHA1
  
  dd7f7b03430bbc9d568c6ea31de88fc281c3eec3
- SHA256
  
  d81d764e13b8e7a7ede9964f118d2de44b13c39c442527c0ffa11ed25cac5014
- SHA512
  
  74e0b8b2cbf2de7ffde19e31567976e4c59fc68df351621acee5b0f00734fe7cb95f29fc822313f58ab9cf5f2822763d6021643e088fa6a37bf6d4672f6cbeea
- SSDEEP
  
  1536:IU49ZxlN9m68X7Yo7n8roGNHyJelIXkzqGvl/H3C:OZxz9QA1SkHzvl/XC
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  4eff5fafd746f5decb93a44e3a3d570c
- SHA1
  
  a11aa7681b7e2df1c7f7492a127d332d1495ea8a
- SHA256
  
  cf61ddd15d63c25a12caee70f51ea736cfc02195c42e56ee01b33f689d3754c5
- SHA512
  
  cde82d2a1f28506e4c2264f6b82017a00af32f138ebcdbaf4cc58463870fa626f708aa57465294c5a6f096c886841e7b9112b85bf3ea2f1d8f2da816b51b2d72
- SSDEEP
  
  192:0OycJo/rJVCmIDNLU0dq5RD00lspbub76yL:6/QQ0d0RD0USq/6y
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  eaf5036ef8e7fbdfa76d42c18233764f
- SHA1
  
  acd9f46c0500b00648933c4a172ef258ec64a1f3
- SHA256
  
  74a4283da525512b7fa14d40cafd905e63a8c2a3c9faca4d0605ad71f1a05a7d
- SHA512
  
  93d3e698c5d40f28c9d899f95f5b8ae60eceb8e96e57000ed458b9bffadcc98616aeadd4d6b930f3f91bd2a822681ef284dfc0eda6ae776ba1b7cc6ff87704ef
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

discoveryspywarestealer

behavioral16

discoveryspywarestealer

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32