6946f7381bf339caa8cba4a521f7d09cf96514351e50c0a1a6ff0201a0c8a3f0 | Triage

Sharing

General

Target

dc61820296e57c7a09b8c824d02f4c66_JaffaCakes118
Size

1.2MB
Sample

240912-refrasxgqh
MD5

dc61820296e57c7a09b8c824d02f4c66
SHA1

d256ee3cf2c22c17aa1d32b623bde8897f45099b
SHA256

6946f7381bf339caa8cba4a521f7d09cf96514351e50c0a1a6ff0201a0c8a3f0
SHA512

36678a53c0c240ada34cd07caee412aecd39bf2b958dbb64fae2215a36a72b1222cf8b0332b259300e5de76b0bff6f0b251e525f2fd1dc16778f5e5f78c8abdb
SSDEEP

24576:0liOXWZwC6S79ggmAfx/GeEGPsuHajCb1rQ1toIx:YvG0umAfxueEG0uHa+58nx

Score

7^/10

adware discovery execution stealer

Malware Config

Targets

- Target
  
  dc61820296e57c7a09b8c824d02f4c66_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  dc61820296e57c7a09b8c824d02f4c66
- SHA1
  
  d256ee3cf2c22c17aa1d32b623bde8897f45099b
- SHA256
  
  6946f7381bf339caa8cba4a521f7d09cf96514351e50c0a1a6ff0201a0c8a3f0
- SHA512
  
  36678a53c0c240ada34cd07caee412aecd39bf2b958dbb64fae2215a36a72b1222cf8b0332b259300e5de76b0bff6f0b251e525f2fd1dc16778f5e5f78c8abdb
- SSDEEP
  
  24576:0liOXWZwC6S79ggmAfx/GeEGPsuHajCb1rQ1toIx:YvG0umAfxueEG0uHa+58nx
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/KillProcDLL.dll
- Size
  
  32KB
- MD5
  
  83142eac84475f4ca889c73f10d9c179
- SHA1
  
  dbe43c0de8ef881466bd74861b2e5b17598b5ce8
- SHA256
  
  ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729
- SHA512
  
  1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1
- SSDEEP
  
  384:3rYz6grZodORNWATt4TBmlk5ooyzFh7BukAUdJoUtSOSR:3QggDWATWNCFh7BNddJoxO+
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  13KB
- MD5
  
  431e5b960aa15af5d153bae6ba6b7e87
- SHA1
  
  e090c90be02e0bafe5f3d884c0525d8f87b3db40
- SHA256
  
  a6d956f28c32e8aa2ab2df13ef52637e23113fab41225031e7a3d47390a6cf13
- SHA512
  
  f1526c7e4d0fce8ab378e43e89aafb1d7e9d57ef5324501e804091e99331dd2544912181d6d4a07d30416fe17c892867c593aee623834935e11c7bb385c6a0a8
- SSDEEP
  
  192:vIARvmFvcukSWn8EAKVZ8148Dj33RZgqWVWYuOUEjRuFzEun0J:v2mukSe8EA88pRZAVWYuO3cFznny
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/inetc.dll
- Size
  
  20KB
- MD5
  
  e541458cfe66ef95ffbea40eaaa07289
- SHA1
  
  caec1233f841ee72004231a3027b13cdeb13274c
- SHA256
  
  3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420
- SHA512
  
  0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c
- SSDEEP
  
  384:b1JO6XgZkjxm+NpXaWgzxUX//EUhU7ya4LQ0Ac9khYLMkIX0+GBty3Sm0:b+6Xgsm+NpKWgzxUXnEUhUua4Li70
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  c10e04dd4ad4277d5adc951bb331c777
- SHA1
  
  b1e30808198a3ae6d6d1cca62df8893dc2a7ad43
- SHA256
  
  e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a
- SHA512
  
  853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e
- SSDEEP
  
  96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  acc2b699edfea5bf5aae45aba3a41e96
- SHA1
  
  d2accf4d494e43ceb2cff69abe4dd17147d29cc2
- SHA256
  
  168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e
- SHA512
  
  e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe
- SSDEEP
  
  96:M7GUb+YNfwgcr8zyKwZ5S4JxN8BS0ef9/3VI9d0qqyVgNk32E:eKgfwgcr8zylsB49Ud0qJVgNX
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  Chrome/7za.exe
- Size
  
  574KB
- MD5
  
  42badc1d2f03a8b1e4875740d3d49336
- SHA1
  
  cee178da1fb05f99af7a3547093122893bd1eb46
- SHA256
  
  c136b1467d669a725478a6110ebaaab3cb88a3d389dfa688e06173c066b76fcf
- SHA512
  
  6bc519a7368ee6bd8c8f69f2d634dd18799b4ca31fbc284d2580ba625f3a88b6a52d2bc17bea0e75e63ca11c10356c47ee00c2c500294abcb5141424fc5dc71c
- SSDEEP
  
  12288:myyKdVnyNhXCV4EkP7AIfzNXZ0b5NrnkcAqIV0A1caRI:mKvyNhXCV4E8BXAfrnkcAqU0A
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  Chrome/InfoAtoms/vitruvian.bootstrap.js
- Size
  
  1KB
- MD5
  
  22743e344a17bf00b1ca45514e7d2db0
- SHA1
  
  a46ddbf0c107eb3ad1eb9c68ba2abbdb5b802191
- SHA256
  
  6f1cd65b3cb48a07e0be6f6b4b92aebf4b82929ff40028c5b58ac2705af71763
- SHA512
  
  fc3b59206e337eac227edb2dd088baea0b2adac722845add6bcce9bbebc2a931ffbd75e2d179693d4e173827b07457f7e5c0dcb00e6fc63f453cf7d55a657069
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  Chrome/buildcrx.exe
- Size
  
  1.1MB
- MD5
  
  c6b12b30016c0a82cb73da936879dddc
- SHA1
  
  1c1e5f2e23d92ac39e29f9e315be9d50f0a52563
- SHA256
  
  0b1ce1d073f24b03d4e1e449089dc9da24f26f2247c16a0befcce5214897eec2
- SHA512
  
  fd5c71b400bdad23c7bbacedef0e9628c610006a37ef2344d03ce754ea9246e26d4e90883c6ae29e6c9cf0793fa523d28c6e850654f30f7737810815e928200e
- SSDEEP
  
  24576:IDLcI8U/l3usK05pDABEIJ/gwF4gNQLpWbKUA:IhuuN0gwULTR
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  FireFox/chrome/content/vitruvian.bootstrap.js
- Size
  
  2KB
- MD5
  
  934148d6e7d3312a798776a5c33a0c98
- SHA1
  
  0273960480e9964f254d91aa37fe4890495ad617
- SHA256
  
  7bbfe4e0f3ae2681c2d695de921ca29e5db03218f6cf97471e2c3b72d17da1c0
- SHA512
  
  2c64e9d617815d7148902a85de5054a0a5d9b00586b5b8ee766cb343699d84b776f6e1cadc171a9e406b4c94c9f01eb4eada249d6c72f6335f3227875a11f611
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  IE32/bho32.dll
- Size
  
  33KB
- MD5
  
  7865f0fc83a0c031395a74022885adba
- SHA1
  
  b43d2fc764ef40e50c90e280d019c5e775808e5a
- SHA256
  
  c267e0746a97a5f639f4aa1db27302dd562d8de66bb7f496d09386d6e57860e3
- SHA512
  
  e618736714c865239ed7c016356f6bef44ee019067ac7477cfbda2ee74372821e9a35f27541bf546666c1203816b529c50cbeb04b678dd105360f81fca8589ce
- SSDEEP
  
  768:m3dmG/9Y8UBLK2KDcJzcKeOr54LPlGBSXQOZkdm9CLneE:mtmG/9Y8UBLK2K0eOrkPAVOZ99CLeE
Score

6^/10

adware discovery stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral23 behavioral24
- Target
  
  IE32/msvcp100.dll
- Size
  
  411KB
- MD5
  
  bc83108b18756547013ed443b8cdb31b
- SHA1
  
  79bcaad3714433e01c7f153b05b781f8d7cb318d
- SHA256
  
  b2ad109c15eaa92079582787b7772ba0a2f034f7d075907ff87028df0eaea671
- SHA512
  
  6e72b2d40e47567b3e506be474dafa7cacd0b53cd2c2d160c3b5384f2f461fc91bb5fdb614a351f628d4e516b3bbdabc2cc6d4cb4710970146d2938a687dd011
- SSDEEP
  
  12288:Seb8zxr1aWPaHX7dGP5frhUgiW6QR7t5qv3Ooc8UHkC2e7wx:Seb8Fpa6aHX7dGP5Gv3Ooc8UHkC2ekx
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  IE32/msvcr100.dll
- Size
  
  755KB
- MD5
  
  0e37fbfa79d349d672456923ec5fbbe3
- SHA1
  
  4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
- SHA256
  
  8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
- SHA512
  
  2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630
- SSDEEP
  
  12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  license.rtf
- Size
  
  55KB
- MD5
  
  260a5ca21a233929f90eef26d4108ce4
- SHA1
  
  55cab04686ab18b9aba6ef746ccd6ebf2250cb6f
- SHA256
  
  fa0244cdd58387151001e4ad37eacf7da22fbdd49341ace977bf2e588cff2ad0
- SHA512
  
  aead7337cc5cb4ac3b7c4b9aefb9cda971aafeb196ca51cc1ffea4406188ca79ddfe5dacc901bcc96df2343cc30b64bc2c325afa7aa58f26b05ff37d82511463
- SSDEEP
  
  384:323s2CrN79ozVzEFH3WLYG8UcyQJuCiptlfhkmD8jl21h2atyF/vNgpG4c3CR4Jc:323K3WLYG8/yJThxqNR+8BPUWmhAZqCE
Score

4^/10

discovery
behavioral29 behavioral30

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

adwarediscoverystealer

behavioral24

adwarediscoverystealer

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30