bca2a2e4afc2d71a51b20df79806aa2b4ca43142902ddf0e055f50d234e46db6 | Triage

Sharing

General

Target

deb66ac773ae61f22520eecfa3aefffe_JaffaCakes118
Size

750KB
Sample

240913-xpl9qashpl
MD5

deb66ac773ae61f22520eecfa3aefffe
SHA1

aa251d0c72fa69105ad0cfc8972899b081859d96
SHA256

bca2a2e4afc2d71a51b20df79806aa2b4ca43142902ddf0e055f50d234e46db6
SHA512

13fe1e78cbe49ab0ed5ecc8993e5598e2b129b31bea2c639377cf02a4c5ecee9a12a2e16f626b77b16a609bd83f584d70e1d5cc31c6a12f18d6f0ee73db965dc
SSDEEP

12288:10gsO7mnfJfTi973RT7E9Yzewxnl/NTO0gcCre50ET3cfE/KyZowelOq8wp:SpO7yJTwbhE0pnlHX0EwfE/Pg8

Score

7^/10

discovery spyware stealer upx

Malware Config

Targets

- Target
  
  deb66ac773ae61f22520eecfa3aefffe_JaffaCakes118
- Size
  
  750KB
- MD5
  
  deb66ac773ae61f22520eecfa3aefffe
- SHA1
  
  aa251d0c72fa69105ad0cfc8972899b081859d96
- SHA256
  
  bca2a2e4afc2d71a51b20df79806aa2b4ca43142902ddf0e055f50d234e46db6
- SHA512
  
  13fe1e78cbe49ab0ed5ecc8993e5598e2b129b31bea2c639377cf02a4c5ecee9a12a2e16f626b77b16a609bd83f584d70e1d5cc31c6a12f18d6f0ee73db965dc
- SSDEEP
  
  12288:10gsO7mnfJfTi973RT7E9Yzewxnl/NTO0gcCre50ET3cfE/KyZowelOq8wp:SpO7yJTwbhE0pnlHX0EwfE/Pg8
Score

7^/10

discovery spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/Banner.dll
- Size
  
  3KB
- MD5
  
  e264d0f91103758bc5b088e8547e0ec1
- SHA1
  
  24a94ff59668d18b908c78afd2a9563de2819680
- SHA256
  
  501b5935fe8e17516b324e3c1da89773e689359c12263e9782f95836dbab8b63
- SHA512
  
  a533278355defd265ef713d4169f06066be41dd60b0e7ed5340454c40aabc47afa47c5ce4c0dbcd6cb8380e2b25dbb1762c3c996d11ac9f70ab9763182850205
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/ButtonEvent.dll
- Size
  
  5KB
- MD5
  
  c24568a3b0d7c8d7761e684eb77252b5
- SHA1
  
  66db7f147cbc2309d8d78fdce54660041acbc60d
- SHA256
  
  e2da6d8b73b5954d58baa89a949aacece0527dfb940ca130ac6d3fd992d0909d
- SHA512
  
  5d43e4c838fd7f4c6a4ab6cc6d63e0f81d765d9ca33d9278d082c4f75f9416907df10b003e10edc1b5ef39535f722d8dbfab114775ac67da7f9390dcc2b4b443
- SSDEEP
  
  48:a7sTTDi+BjvqYR4gYFmsHFpXq65lZ9W5wOXnhLk4nOvlWxG5PZKuB:ri+BjSXgY8sHFE6TzWXzncsGSm
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/ExecDos.dll
- Size
  
  5KB
- MD5
  
  0deb397ca1e716bb7b15e1754e52b2ac
- SHA1
  
  fbb9bcf872c5dbb4ca4c80fb21d41519bc273ef5
- SHA256
  
  720be35cd1b4a333264713dc146b4ad024f3a7ad0644c2d8c6fcedd3c30e8a1f
- SHA512
  
  507db0bee0897660750007e7ce674406acf9e8bf942cf26ded5654c07682757b07c9eb767bead0966478abc554dc9a6461c4288dc35d12cacfadad4c128f1bb7
- SSDEEP
  
  96:J++xDiP4p7t7dNOt3stxtRFFXxGD6qxlnKE6ttdH3r3:Rx9pJ7jQs5toD6Cln/6tt1
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/IpConfig.dll
- Size
  
  118KB
- MD5
  
  a75e3775daac9958610ce1308e0bca3b
- SHA1
  
  d83ce354cde527c2e20fb425415f6d4795dd4cd4
- SHA256
  
  fe2093ff4bfa1d7259c922aca1e7bb219c4d234e469942446d9e2f8086b7d720
- SHA512
  
  48168a91ec90df262b1e158f32b4bc2a6d6ce10022eb96d4a6f3c755b977e5c104558626adaa214bda29d7f1d246f19e2df59b9a338982aa1c623e1bdd5714c6
- SSDEEP
  
  3072:oa/4Ftm9rSlia00FW96LOsWNQmtQ9WVx95+tTIJ:t/4S9raiae8DSDtQ9W3utEJ
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/LogEx.dll
- Size
  
  44KB
- MD5
  
  0f96d9eb959ad4e8fd205e6d58cf01b8
- SHA1
  
  7c45512cbdb24216afd23a9e8cdce0cfeaa7660f
- SHA256
  
  57ede354532937e38c4ae9da3710ee295705ea9770c402dfb3a5c56a32fd4314
- SHA512
  
  9f3afb61d75ac7b7dc84abcbf1b04f759b7055992d46140dc5dcc269aed22268d044ee8030f5ea260bbb912774e5bbb751560c16e54efa99c700b9fc7d48832c
- SSDEEP
  
  384:w4NSXFjXCATBAQR4F1Y5u6I3wa4W7KNP66BjLjyXB0JyuDchv8EnohgSil2X:woaF+ATCQye/I3KWmxj00Jyb8Enov
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/MSIBanner.dll
- Size
  
  36KB
- MD5
  
  a6021a83d791c4aa2b76dd61cda825b3
- SHA1
  
  d8329686f40c490c68e7d2a386076d3664fd57b6
- SHA256
  
  523dd5eddc946e8959032a1005415bb98f5693f67b530faa277e44016c7ee88a
- SHA512
  
  85bcbbef85240067738959b3f9bc93cdf107bda15b6d0fceb3dcab59e15812e216e97388b6eda743401a3c05b483355f5717708d656cc95a57d04539e76ff600
- SSDEEP
  
  384:hdm239l381jlwy3jGmyZT9X72AiNml/kTbhPiNzntuV4x0Y34Ho4Buhys:hdm239hew7FZT9rAjhaNzntbAHo4Y
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  bf712f32249029466fa86756f5546950
- SHA1
  
  75ac4dc4808ac148ddd78f6b89a51afbd4091c2e
- SHA256
  
  7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
- SHA512
  
  13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4
- SSDEEP
  
  192:0N2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Kx:rJoiO8V2upW7vQjS/
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  c7ce0e47c83525983fd2c4c9566b4aad
- SHA1
  
  38b7ad7bb32ffae35540fce373b8a671878dc54e
- SHA256
  
  6293408a5fa6d0f55f0a4d01528eb5b807ee9447a75a28b5986267475ebcd3ae
- SHA512
  
  ee9f23ea5210f418d4c559628bbfb3a0f892440bcd5dc4c1901cb8e510078e4481ea8353b262795076a19055e70b88e08fee5fb7e8f35a6f49022096408df20e
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/WmiInspector.dll
- Size
  
  92KB
- MD5
  
  1a0b4ff3847dc729ed2ee669c8ac0519
- SHA1
  
  a179ca7c5adabd0e1aaa7fe36309770d774ffa43
- SHA256
  
  fe268b2259429b6d5efdae9a5dfe621214b2e2c22f03087b2f5f7132596f9f8d
- SHA512
  
  118f82fc4e90a03a18f7dccc1facf35eb5a8f0fe092ce4b4b7b1ddb7987efcc9d50674418e004b992a6be35c5e18e7d659843a1bdce9694e5435060c158cc416
- SSDEEP
  
  1536:vRhrWA5HRhMz7n8eA9G9gVoAdqszdwKKEPdLQndOpP6nSBEkD7MvvyIXiD:vnSFjLEPdUdOr4SIX
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/inetc.dll
- Size
  
  31KB
- MD5
  
  5da9df435ff20853a2c45026e7681cef
- SHA1
  
  39b1d70a7a03e7c791cb21a53d82fd949706a4b4
- SHA256
  
  9c52c74b8e115db0bde90f56382ebcc12aff05eb2232f80a4701e957e09635e2
- SHA512
  
  4ab3b1572485a8a11863adada2c6ec01e809a4b09f99d80903c79a95b91f299b8f2cd6cceaa915567e155a46291a33fb8ccb95141d76d4e7b0e040890d51d09f
- SSDEEP
  
  768:FRci+9MscTJMR2+d8heiwhSruaFajMGbJDVVG08:Fg9sTJv+AVwhl25ci
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/md5dll.dll
- Size
  
  6KB
- MD5
  
  7059f133ea2316b9e7e39094a52a8c34
- SHA1
  
  ee9f1487c8152d8c42fecf2efb8ed1db68395802
- SHA256
  
  32c3d36f38e7e8a8bafd4a53663203ef24a10431bda16af9e353c7d5d108610f
- SHA512
  
  9115986754a74d3084dd18018e757d3b281a2c2fde48c73b71dba882e13bd9b2ded0e6e7f45dc5b019e6d53d086090ccb06e18e6efeec091f655a128510cbe51
- SSDEEP
  
  96:5mArJv6F3TqDmgK4ghEin1US36eHQZDUDgGogZcko5Nt4AMP:5XJ63LhR6inZ6dsgZkKQT
Score

7^/10

discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  4ccc4a742d4423f2f0ed744fd9c81f63
- SHA1
  
  704f00a1acc327fd879cf75fc90d0b8f927c36bc
- SHA256
  
  416133dd86c0dff6b0fcaf1f46dfe97fdc85b37f90effb2d369164a8f7e13ae6
- SHA512
  
  790c5eb1f8b297e45054c855b66dfc18e9f3f1b1870559014dbefa3b9d5b6d33a993a9e089202e70f51a55d859b74e8605c6f633386fd9189b6f78941bf1bfdb
- SSDEEP
  
  192:SbEunjqjIcESwFlioU3M0LLF/t8t9pKSfOi:SbESjFCw6oWPFl8jfOi
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  132e6153717a7f9710dcea4536f364cd
- SHA1
  
  e39bc82c7602e6dd0797115c2bd12e872a5fb2ab
- SHA256
  
  d29afce2588d8dd7bb94c00ca91cac0e85b80ffa6b221f5ffcb83a2497228eb2
- SHA512
  
  9aeb0b3051ce07fb9f03dfee7cea4a5e423425e48cb538173bd2a167817f867a30bd4d27d07875f27ca00031745b24547030b7f146660b049fa717590f1c77e1
- SSDEEP
  
  96:M/SspqrIYxLPEQhThvov3TE4/2Sa5P9QFFYzOx4uF3sbSEI5LP39sQvM:M/QUG7lhvov36S5FcUjliSEI5LuQ
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  $PLUGINSDIR/registry.dll
- Size
  
  24KB
- MD5
  
  2b7007ed0262ca02ef69d8990815cbeb
- SHA1
  
  2eabe4f755213666dbbbde024a5235ddde02b47f
- SHA256
  
  0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d
- SHA512
  
  aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca
- SSDEEP
  
  384:W2mvyNjH3rPnAZ4wu2QbnC7qB7PnrvScaeYA4CIDEge/QqL2AQ:/75w/OfrzB4CUxuQfA
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  $PLUGINSDIR/stack.dll
- Size
  
  10KB
- MD5
  
  867af9bea8b24c78736bf8d0fdb5a78e
- SHA1
  
  05839fad98aa2bcd9f6ecb22de4816e0c75bf97d
- SHA256
  
  732164fb36f46dd23dafb6d7621531e70f1f81e2967b3053727ec7b5492d0ae9
- SHA512
  
  b7f54d52ff08b29a04b4f5887e6e3ae0e74fa45a86e55e0a4d362bc3603426c42c1d6a0b2fc2ef574bec0f6c7152de756ff48415e37ae6a7a9c296303562df4b
- SSDEEP
  
  192:83fHQmgb2DOJi22H/+zNXdA5uv4bunXuDYuzumJucuVuXfugutbHvr:83fwVriWAWiQXWYKPRGaHubH
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32