8a9598dee0a5f5d86e7e0677056fdcdbc4834d9ba38a28a9c30336387b1f0a30 | Triage

Sharing

General

Target

dc543ffe00d73f7bafc2e91116d75b6c_JaffaCakes118
Size

10.0MB
Sample

240912-p9q5eawcmf
MD5

dc543ffe00d73f7bafc2e91116d75b6c
SHA1

ec692fd9360c987f8b68e39aefabdfd1b5814560
SHA256

8a9598dee0a5f5d86e7e0677056fdcdbc4834d9ba38a28a9c30336387b1f0a30
SHA512

f336466b83a6b707a12b60e9817807ee0654c639c881e0b493ee9a519af90f8745d5eea310ee4af3e7e20c048141df03976b694216cd0404cab0b9c8f3a97f65
SSDEEP

196608:nBh0Nm+lRHLuAfdyQVsjXfYA2z6/ixIIHMLXf6lt:Bh0NlVLpVymA2z6M+f8

Score

8^/10

adware discovery spyware stealer

Malware Config

Targets

- Target
  
  dc543ffe00d73f7bafc2e91116d75b6c_JaffaCakes118
- Size
  
  10.0MB
- MD5
  
  dc543ffe00d73f7bafc2e91116d75b6c
- SHA1
  
  ec692fd9360c987f8b68e39aefabdfd1b5814560
- SHA256
  
  8a9598dee0a5f5d86e7e0677056fdcdbc4834d9ba38a28a9c30336387b1f0a30
- SHA512
  
  f336466b83a6b707a12b60e9817807ee0654c639c881e0b493ee9a519af90f8745d5eea310ee4af3e7e20c048141df03976b694216cd0404cab0b9c8f3a97f65
- SSDEEP
  
  196608:nBh0Nm+lRHLuAfdyQVsjXfYA2z6/ixIIHMLXf6lt:Bh0NlVLpVymA2z6M+f8
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/Download_Energy.exe
- Size
  
  5.1MB
- MD5
  
  96a9c13cdb1c931c8d232dddf929a6ac
- SHA1
  
  7f29702918924cd1b9bd943fa0eaafecaeab4c75
- SHA256
  
  468eca855754732e658ac1d2ac677a9105f5c62580989f53295e6827232dfc68
- SHA512
  
  97dba7c1dd0f8a2bcd3afe92730f20d0171126e1ae0cd1f2218cbb91d0caae298b90bf7950733ff8c7a42daa8b5a747d7c9e00045a0ff73697b2a7bf66c11dd3
- SSDEEP
  
  98304:MHopKHIn2zDWnuL0uKVFWM1fYPSM03CNl4rDWd4u3czc1exjMtbQt:UCyDWuL0uKPWYfxn3CNk4eitG
Score

8^/10

discovery adware spyware stealer
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  325b008aec81e5aaa57096f05d4212b5
- SHA1
  
  27a2d89747a20305b6518438eff5b9f57f7df5c3
- SHA256
  
  c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
- SHA512
  
  18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
- SSDEEP
  
  192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/ProsperasoftwareAcPro.exe
- Size
  
  866KB
- MD5
  
  31abc2169a1a16bb337c396fe28fdd7e
- SHA1
  
  27b5e845228440876687b3a5ecc929d60c5aa7cf
- SHA256
  
  53dc1171e970e3acf956e746e8788eb67c0561e8c83fbb9dbbfb358de7c1014f
- SHA512
  
  2b0f0b851412dbc0d289b0e4fca3356bec8e751a16b9096c175d11a1700c4c8702051d51d394284c302b81078b2b742f9ec618f891175f620324f92523f7c6fd
- SSDEEP
  
  12288:1na9+q0FKLl/LdWSYWBH/9w05FTxTpITYRpECHGPC2uryEggVQ2l1/6tU4fi5rok:1naM/KR/LgYlFnxTS2pEmUqSYR6lUdVR
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/SimpleFC.dll
- Size
  
  175KB
- MD5
  
  d38543fc9ae37d188a23e06ee11d3504
- SHA1
  
  174fe778f66db4a527fddf21b1c23e1bc1ceceeb
- SHA256
  
  72f33da081b8d579f437e7aa2ba8d9cb9602270b88093ff9411ac6316b52fc6e
- SHA512
  
  43d1874e5821d8e5530eaa34d42b76aa867528368779fadcfd2691825297accf04e94bd34867442a76c25d4729edefba9469de6500acfe6f665949f11878c54b
- SSDEEP
  
  3072:l2sd6EP05etg+rKTTmYjcnPMdsRrdU+/mbM/AuaNoNglzppVn5O4z6ULfLb6Cu:Us4zIg+rKTTmnhfAoSxZ5OVu/
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/inetc.dll
- Size
  
  20KB
- MD5
  
  f02155fa3e59a8fc48a74a236b2bb42e
- SHA1
  
  6d76ee8f86fb29f3352c9546250d940f1a476fb8
- SHA256
  
  096a4dc5150f631b4d4d10cae07ef0974dda205b174399f46209265e89c2c999
- SHA512
  
  8be78e88c5ef2cd01713f7b5154cfdeea65605cc5d110522375884eeec6bad68616a4058356726cbbd15d28b42914864045f0587e1e49a4e18336f06c1c73399
- SSDEEP
  
  384:voJLJVqG5WLJgu/Emx1Ywxd2ZmX66vwUhU7ya4LC0Ac9khYLMkIX0+Gv8gcLom7:AJVkN8mHYwxdWmX3wUhUua4LeT7
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  7ZipBuilder.dll
- Size
  
  78KB
- MD5
  
  bf671593d679caacd09a250a7ecb77e2
- SHA1
  
  856cf226d95d5b2946508acc0911a9d2f3f91c55
- SHA256
  
  d49e304ba399dcdd9657e339e05fd6b0bb405322381a60cdfdcf1d8c8a801b5c
- SHA512
  
  c173cc9e0647a2141d68c06be22abadf2002eff60ce56a866b4d79ee660fd87782dc191e109e100b6e44ba894f546fed9ecdfbf063814619d7420ecd28558e02
- SSDEEP
  
  1536:DoJPWvozDqtbkJEtPH/PsmA+zDf97r14z:ctGofqtQJi/PsmA+zDfV2
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  7zxa.dll
- Size
  
  171KB
- MD5
  
  1cf011c4c0aeb50a46ce6d04ec47adf2
- SHA1
  
  80edc3f772084a8cbec182f1c588cd9f6f9c7df4
- SHA256
  
  d86b46836fd0a1d7488d1f8a01dbd831c5301c2a7b733aef584de7891cf2771a
- SHA512
  
  095f340db7c279832711ac4ed3bd932fe809f3d30d72ee6dc1357ffe4d77c6a68825967eaef4a33763bd1bfc1b476314dac44bb0552fac152ba6acd73d0660b8
- SSDEEP
  
  3072:Gc1Cwwna6ODBgYc6MDV3WX+87F0z19T1BoFOysbK9IKFFZpGCGklyIAv:GtaHDBgYP0wB7F03xysmBEC0Lv
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  BugTrap.dll
- Size
  
  245KB
- MD5
  
  5627d035360a76164dea74aee9d142c3
- SHA1
  
  e3604be7d3746c820997b0bcb38cd55fc988953f
- SHA256
  
  f468107a3e401087a5ed8ed5153a9d0ac1c0923bde9a42dc4097a705dded55ac
- SHA512
  
  6627c3721a830a802d2611bd67cced8325e7dc40d1ea02da539ba6bee2f1f2beb1df36f72a8650d3df5813c80a88a57b10c97fb463cc31ccab8ec81828628630
- SSDEEP
  
  3072:/uj9UeV71NBHRSDUPxfCFRFYFE0szgzXyILtdMD0qcxryarYEctBYWBLZvdK:/ues7pHgDUPxfCFRFYFrsiXykDEa8dK
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  DocumentReader.dll
- Size
  
  133KB
- MD5
  
  06e5061ae5ca129049edeb490ea392bc
- SHA1
  
  0c9ae5edd89b4ab99a2d316a3a20d57acfe73e14
- SHA256
  
  1abf4d3d6fd50eb8f63f9c9ca6df9825a580201249b258bbbd4ffe49afc07c0f
- SHA512
  
  3f21b38bf710a5e6e32d9cb5e14fcc1a9ea7c680d812e10e20f80eaf36134866fef2fc27fab8ba2258b2fffe2ca6835062d27c2714dfd7e22fb8b5711d0e9d83
- SSDEEP
  
  3072:nSGlTEZNIr1KqsnVA5OctzRD+wc0XlfY2:nSQhV5xrfXX
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  GFLImageServices.dll
- Size
  
  92KB
- MD5
  
  2d84a2480e47714a2005a2ba5a062a64
- SHA1
  
  f4a892ea486fa458ef9da076744e9a487dd08b6d
- SHA256
  
  0469029caa3eddde5dd564c32354e4bd15e8c7e09b6f9638d2d704110d7cdd1e
- SHA512
  
  6553f87c19b30ef530c165ea46ba7594473f66ebcfc28c4651207b2b6de85849215a3af080a5d84d952f8d46e46c535592bee2b927ddb1cdca1551640cbc7745
- SSDEEP
  
  1536:awjHHjxL0c9Eart1R4KfGhglPjCVHS2Twn6KOJDtY+16E11kd:aaDxwCEaJ1DGhOMyGDtY+16E1Od
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  GFLLibraryBuilder.dll
- Size
  
  94KB
- MD5
  
  230220c0c478f4bca8a366d2857e31bd
- SHA1
  
  254984110b74e4d553a3f0c80dccad08e6bc9bd0
- SHA256
  
  38a058114b98d57cfcd9480bc27423734782f1925911bd492a9336c4053b656d
- SHA512
  
  3229046d4137d395436fc06d1d1c745f15b4eac83541acf12f714b10628a0220aa5163d83298e213e4374af9527a132ebebe91e877a2a1bf8e3c004aaa97eb13
- SSDEEP
  
  1536:wa2bA5dMuyhOfgr/BLkL5onLKR9Ci3Ky+xwdogh4Vkg:wa2s5dQSgr0TfCiay+xwCag
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  GeoIP.dll
- Size
  
  95KB
- MD5
  
  230b4f17ec90264e26556662ae2f2393
- SHA1
  
  4501831fafdf59a8d08d5bce4d3aad2dcfffec49
- SHA256
  
  1f6a823ad088bb050245c1a983b7bf49f4650dd6b6a348da69a16d488ef3e470
- SHA512
  
  9b963b3198b5c958c23cb5e89b54ab210b906d5c0cba54ab763a0345ff04ac51bd14a8f9878f9f9ed06359cbd6012a090d021dcebc0829fc54ac0e7ca0437409
- SSDEEP
  
  1536:BvYtAjfQa/bvEB7dD/xFUyYW0AVGURtgty90D0p+9lE:qPaI7dlFUac+gW0De+9lE
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  HashLib.dll
- Size
  
  85KB
- MD5
  
  daf9f8e01f6bc09660332f6657b6b39f
- SHA1
  
  dc83b2cbd243ebf6be8386223e91bce577b32c71
- SHA256
  
  b85979ddd027e589cf2c839d4c381091420c10566a435a34b25f4bf5df8e54e0
- SHA512
  
  4589759e96007c5c197f552500505efac52facfab13d92639946eea24eb550ba4207ccd3beb0d8373a182c964d24ca289c2f8441f27717e3df20acdac037985f
- SSDEEP
  
  1536:oN+QKy8A04dWZVRxyMfKpKQwOmu2J3QykO8hvELaT0:3dA04RbZ2JAykOTaT
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  ImageViewer.dll
- Size
  
  145KB
- MD5
  
  3dea2d67e8894613e26129b0c73d70a3
- SHA1
  
  6864cf6ae59d8cf5c9449de45486ff53619b51fb
- SHA256
  
  3da1e6bdb32f9f76dd2a241792deb13c08d48cc3b0f3d83ca01750d191dbfc03
- SHA512
  
  592010a54d78e276b1f91a7858bef2adacda91eec050d54a699afacf8ac9960539ff864dad003470e849d20bd7a1cd5521a4fbee613a82f35631c4c2125dad92
- SSDEEP
  
  3072:FHgEXahY97035OLr6g+jhZho6VhiLVF32TJK5L:RhXbV0p7bE8iLVMTJ
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  MediaImageServices.exe
- Size
  
  106KB
- MD5
  
  4b1c0d267bb3816e1f7accd3b0bf3f05
- SHA1
  
  c191015660419caea14f3ca5c3b8310d09d3279b
- SHA256
  
  d68771e49515d648b408441153781f21268cdc1b1bfa630157ab4a2c57b05725
- SHA512
  
  af002bbe3bb18cbc44460f7fe7c44505a342f5bdf5b572cfe5bace0df4f6dfc3965abd105eeacc2397f7043840f4a2c90a121ee12329e4d82c22b5054f07aee2
- SSDEEP
  
  1536:Lc7QTyRcHS5kJP6BLINox7piYnsKEYh+kOgnrroju5:Lc7QTYcH6kJSBLMu0YEYh+kOKroju
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

adwarediscoveryspywarestealer

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32