Overview

overview

7

Static

static

3

de95897df5...18.exe

windows7-x64

7

de95897df5...18.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

$TEMP/~nsi...44.dll

windows7-x64

3

$TEMP/~nsi...44.dll

windows10-2004-x64

3

Cloud-Web_2_44.dll

windows7-x64

6

Cloud-Web_2_44.dll

windows10-2004-x64

6

Cloud-Web_...44.dll

windows7-x64

3

Cloud-Web_...44.dll

windows10-2004-x64

3

Cloud-Web_run.exe

windows7-x64

3

Cloud-Web_run.exe

windows10-2004-x64

3

Cloud-Web_...44.exe

windows7-x64

3

Cloud-Web_...44.exe

windows10-2004-x64

3

Cloud-Web_tb_2_44.dll

windows7-x64

3

Cloud-Web_tb_2_44.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    de95897df511d95caa3ba3de44680e9b_JaffaCakes118

  • Size

    641KB

  • Sample

    240913-v8t3kazeqb

  • MD5

    de95897df511d95caa3ba3de44680e9b

  • SHA1

    1968b6e7ff09f8a51583dec455e38dee647b8c80

  • SHA256

    4243973c45b9052878644c7b30a05e9640844ae55e43998945685f80e8fa64dc

  • SHA512

    af576764cc68e7a7bda2a48e2ee9c0eb726726c62ca096d9df10de1905e2168596fba95589a71f06d1f8ec758e126e8b400ef8366327deb77f8db9d7a747ab30

  • SSDEEP

    12288:uSQvCetyQ/j8olI+jUxZBvT51V8Xb2egbbyQ/j8Xla+j8sDguxeb:uFxtyO8kI5xZ5FY7uyO8Va3pukb

Score
7/10
adwarediscoverystealer

Malware Config

Targets

    • Target

      de95897df511d95caa3ba3de44680e9b_JaffaCakes118

    • Size

      641KB

    • MD5

      de95897df511d95caa3ba3de44680e9b

    • SHA1

      1968b6e7ff09f8a51583dec455e38dee647b8c80

    • SHA256

      4243973c45b9052878644c7b30a05e9640844ae55e43998945685f80e8fa64dc

    • SHA512

      af576764cc68e7a7bda2a48e2ee9c0eb726726c62ca096d9df10de1905e2168596fba95589a71f06d1f8ec758e126e8b400ef8366327deb77f8db9d7a747ab30

    • SSDEEP

      12288:uSQvCetyQ/j8olI+jUxZBvT51V8Xb2egbbyQ/j8Xla+j8sDguxeb:uFxtyO8kI5xZ5FY7uyO8Va3pukb

    Score
    7/10
    adwarediscoverystealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/nsProcess.dll

    • Size

      4KB

    • MD5

      8f4ac52cb2f7143f29f114add12452ad

    • SHA1

      29dc25f5d69bf129d608b83821c8ec8ab8c8edb3

    • SHA256

      b214d73aea95191f7363ad93cdc12b6fbd50a3a54b0aa891b3d45bc4b7b2aa04

    • SHA512

      2f9e2c7450557c2b88a12d3a3b4ab999c9f2a4df0d39dcd795b307b89855387bc96fc6d4fb51de8f33de0780e08a3b15fdad43daeaf7373cca71b01d7afdaf0c

    • SSDEEP

      48:6sG7qYBUYBFxhRwYCI0owYlOdkPm4LYZ5sRXEv26vqAa4GEVu:HhYBUYBL0Toa7+Q5sKG4GEV

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $TEMP/~nsis/Cloud-Web_nad_2_44.dll

    • Size

      495KB

    • MD5

      ac56735864a6cb5a5dec0788e28a4d78

    • SHA1

      fb2e5ab4f98dd8a5298d8b09f96fb70a1e767f20

    • SHA256

      52b805bfa64cec8dbd302587a14a00ec58165baf9526b13a2fb3c9124740f7a7

    • SHA512

      985d67f976ecb3bacfd19a9cb574a45f2f1d77ffaf8042fa8411fba63154de8d8290d697395c487af79c74807f88d91f8744f19e5edcc4c7df9a42b5216dd4e2

    • SSDEEP

      12288:PlNOEGjZ6hGUVMpaaU7M950Sb9n1ajoJc/bfYSci8mpMIjmwJY:qE0Z64A7M93nYcC/bfYSci8RIjmwJY

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      Cloud-Web_2_44.dl_

    • Size

      123KB

    • MD5

      57a31495a42051e14de51a13dd38079b

    • SHA1

      ad0042020bb0f44531275b0b70f8390a59c3ea0a

    • SHA256

      c5ec095574e889bc0ec36bba196dd2579ad6665db75aaf06d62b66b2add00708

    • SHA512

      520c86c2a6942df65886f47e365ea32d91e9fc56a3967b20c6a10b0395ba35eb9d8ec4975052b9da9e075ca3608b27465c94bd462935da51f9ee1438353a3608

    • SSDEEP

      3072:gNG0ZeC/azzmWxd/mZQA3vT46eqt3GrRhNn/:wtzyKYJmmAhePr5

    Score
    6/10
    adwarediscoverystealer

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral10behavioral9

    • Target

      Cloud-Web_nad_2_44.dl_

    • Size

      495KB

    • MD5

      ac56735864a6cb5a5dec0788e28a4d78

    • SHA1

      fb2e5ab4f98dd8a5298d8b09f96fb70a1e767f20

    • SHA256

      52b805bfa64cec8dbd302587a14a00ec58165baf9526b13a2fb3c9124740f7a7

    • SHA512

      985d67f976ecb3bacfd19a9cb574a45f2f1d77ffaf8042fa8411fba63154de8d8290d697395c487af79c74807f88d91f8744f19e5edcc4c7df9a42b5216dd4e2

    • SSDEEP

      12288:PlNOEGjZ6hGUVMpaaU7M950Sb9n1ajoJc/bfYSci8mpMIjmwJY:qE0Z64A7M93nYcC/bfYSci8RIjmwJY

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      Cloud-Web_run.ex_

    • Size

      127KB

    • MD5

      058b3bbdde73c14ceb916f13a6e41f3a

    • SHA1

      ac699575c4349643d9894e7a7e7ebd03c5bb2698

    • SHA256

      b4b1d7aa7e1cdb362fd40427790baa5db88bcd9be6ab505a1507f5e5c900b053

    • SHA512

      7a41acd3b8fd363b87b66de04eab44c3842690feb766ae59041c2b43acf9b7631a008d5ec76d89049c066213a0a8f4e0fd009674656ae96312c7f0e180645136

    • SSDEEP

      1536:23PYHEUo+d49J2uSF0/cyqsMYdLY3wvfp07n/:UY3eB/cyqsMYoJ7n/

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      Cloud-Web_svc_2_44.ex_

    • Size

      103KB

    • MD5

      571aeeec245995fa7896022ccfae55d5

    • SHA1

      fc450e4ef91bf17f38de426557da3e856115bc95

    • SHA256

      6f2bce6eec626c94bd6a1dbb2b642eb739239d512625e5036968ddecc3d4d829

    • SHA512

      5880a8d8366ce5b2ab82e5cbc090a55140a6c1655f08a4c89bec3eeedd2ab036c0e6d6d9b1027762ebbfa9209323a419b25ec563b7e341b905d5562114a92731

    • SSDEEP

      1536:VO5lSMfjrzbWojP0ls1Snlq8pGdUfBMiNbaGJvMgtoHojjnc:8+Mfj/blPes1Kk8E6BMiNbaGJ0gt/jnc

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      Cloud-Web_tb_2_44.dl_

    • Size

      127KB

    • MD5

      598552f2534fd18263a97319f7df5c07

    • SHA1

      e459f60c1f738c6821db063860a2850f670eef5f

    • SHA256

      da1233c37f2abc2940a9fe3f122c4dcc85d7b558e2413fd580ad01afc0ab7dbe

    • SHA512

      e148899971ce410a8661ffbd90cc0747606fa0a6acbd417e61859b35db6d4ce5f2d815211bf40e8499d7ce364427cc7930c3256d2dd5655655403dbf3bd7413d

    • SSDEEP

      3072:PcsRZq+GIN/GR/7gkdIIZNZDNtPQ/pOtYxs9DqZnn:UH9geR/7wIVWvxs92d

    Score
    3/10
    discovery
    behavioral17behavioral18

MITRE ATT&CK Enterprise v15

Tasks