cf291f19cbaddd58221cbe3d3e4688fe4aabe5fb4895e99dff3f6827eef9b1a2

Sharing

Copy URL

Twitter E-mail

General

Target

deb6ea3b70f837d8254b74b2e3737dc2_JaffaCakes118
Size

1.8MB
Sample

240913-xqsswstamk
MD5

deb6ea3b70f837d8254b74b2e3737dc2
SHA1

aefdcbe0f55ba70dbdcae82d97e831bc2a643f9b
SHA256

cf291f19cbaddd58221cbe3d3e4688fe4aabe5fb4895e99dff3f6827eef9b1a2
SHA512

25b72438a3f0b16645acda368a619675ea31f4124b8aba6b2e2a9584a916924ed1cef3cd847358fd56c4c51d614b376932bc24623822b16ebf96bfe15450f735
SSDEEP

49152:CNwseuWvDnRirk6uWKrBQSg/31kNXU7+6:W1elvTgomKSlL+6

Score

7^/10

Malware Config

Targets

- Target
  
  deb6ea3b70f837d8254b74b2e3737dc2_JaffaCakes118
- Size
  
  1.8MB
- MD5
  
  deb6ea3b70f837d8254b74b2e3737dc2
- SHA1
  
  aefdcbe0f55ba70dbdcae82d97e831bc2a643f9b
- SHA256
  
  cf291f19cbaddd58221cbe3d3e4688fe4aabe5fb4895e99dff3f6827eef9b1a2
- SHA512
  
  25b72438a3f0b16645acda368a619675ea31f4124b8aba6b2e2a9584a916924ed1cef3cd847358fd56c4c51d614b376932bc24623822b16ebf96bfe15450f735
- SSDEEP
  
  49152:CNwseuWvDnRirk6uWKrBQSg/31kNXU7+6:W1elvTgomKSlL+6
Score

7^/10

adware discovery spyware stealer upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2
- Target
  
  background.html
- Size
  
  2KB
- MD5
  
  b7d357be8cc4c11c58c93d6fd7999527
- SHA1
  
  2a86f49e41d1ae1c942efc3abe7a740def252d4e
- SHA256
  
  ac6e1a6a03b8e6c7565c0d0b856f9882ddf6a05fc9a1c0d6f8523e53aba7c403
- SHA512
  
  6e23c3dfb7cac97385d92b1e312e8bd3c7a534fb2de9a104de612cc9a6a479f977e77ab9c4f3ef628a69259db0e23d8daa9bb0890454a78278c9fdcf33ba213f
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  background.js
- Size
  
  12KB
- MD5
  
  ef8e6ad766b71b63c262c79b48a4cfb6
- SHA1
  
  a869ffe4501212c29872a312366ec4838edf0437
- SHA256
  
  3009542fdb97e7f4db4b0d1fb03cc248170dc3301793ddb8627f0d3447054aef
- SHA512
  
  043e23be3dde9b63e580741d6bc1e482a728c62d4a32087671167d73af9558b7caf3553315af88830e85748c71840801ecf34c5d539446755f4259856ef5e0d9
- SSDEEP
  
  192:CHXlfXpNxZy9fDPgrKveB7Q3IKCNqt+k8ussuPaOm3chAdyonLLFVPutjPKGxgUb:CIhDIHYCgnjssuCXeSLFVPulPPxgUiG
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  extension.js
- Size
  
  6KB
- MD5
  
  9e9dcab1e700e89a65ba85759084784d
- SHA1
  
  9ada20aff69e04343f47383ecc77279c215f0f2e
- SHA256
  
  29c3385c442fb09d5bd5f6a9accfe4a0c6ccde508bd4950f09552a1cdb964907
- SHA512
  
  c00e00779251b93a74b08521886ba3c0b7d65b9ae8566950b408f42fb77349b3d0afa7e1e2f13b9691a2ff4f8267e10a08a14a6c424da0db8187420b84e77236
- SSDEEP
  
  192:fmA54AcMMKfxCFpP5nrakHTbh3Y18Oxy1clGx0N:fjfcMMKfxCFrnuCTbh3Y18PeGE
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  js/api/chrome.js
- Size
  
  3KB
- MD5
  
  ed99b599ff738404bd901ce782a300a8
- SHA1
  
  eb5493e8810776c870889a047d5759a53fbb5c89
- SHA256
  
  b6a78cd8f081df24c0c75fd3dd9bc35189f6a6e8ded9ae7108ba47bce4ef7275
- SHA512
  
  44cd2552c82ce19b52d7cbd8e4ba31f8d1c85fff735d0a6eb6963544a7eb66d7ec5dc82435b88154c30974b78c667cb208e774bf745535896d4fbab8085dbfc0
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  js/api/cookie.js
- Size
  
  3KB
- MD5
  
  1295b40b22aa58b8ecaaf986919a8de0
- SHA1
  
  da6affc3f1807617a5d3a2f8750f6f0a4d72a4cd
- SHA256
  
  ae5293338d729bea6d3e0dd1b294ab331323b97ff092f99795cab2f7856c8275
- SHA512
  
  61af2a07cbe65c2ac06e59f9ef9a598fabedba18f78a989eb1c28432832f1f258fd2f74f2330f014d995ed1f510acab94015b01842baa72cad433a63a622610a
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  js/api/message.js
- Size
  
  1KB
- MD5
  
  81a0d3d8480782acc7cc54a1c92cddc9
- SHA1
  
  0e3b23a5c515818cbc27c5a310894e7662506bda
- SHA256
  
  8fc214c928f3cdda45b558bd41a275c580a8985d2688dbc0382fdfd339b1ea37
- SHA512
  
  7c2b1205b18c3888c8ab395b5052ef2890091f80fbced1b2217e1402994b4c4431e557856231269a501c412f9461b6a76d65aad2bcd883f10615288a7b574214
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  js/api/push.js
- Size
  
  1KB
- MD5
  
  256714f754773b5e970dd5e2d5e3c605
- SHA1
  
  ede01916854e04da38d34393fd2ba6eb9d91ccfd
- SHA256
  
  fa4b7e891c021e9e15692d5042d6a7678958c623904c6e053a3efc1ff705cff1
- SHA512
  
  6d2c433c84e3805137159e558bf73804fa81b54b64fe6ae4ffdde12231b5c1b27303370ac383503ce82ae5a62247aced515178ec4ab50e8d6a7735dc68d73ca0
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  js/background.js
- Size
  
  30KB
- MD5
  
  64182119b81672c240960239b4229783
- SHA1
  
  07105faea279c2f9ee33affd02321f1a327cce2c
- SHA256
  
  4b6aacc9bb74077365363e053cc33f64e6dbfd9dc6f756615f62eee0ff328c8a
- SHA512
  
  34a9eca5101dd286092fc84a1e14e7a788eb20669514eebf59b3481c1583fe75fd41cfb9bfbb16aec39c05737e44a45db8d4a35eb1d741d6acf3851d604f65aa
- SSDEEP
  
  384:HjMz5Kz2zV0rio5ADROGm6gyQAG3YObINb6f/Svyl5WkijNdYpYyu:HjE5w2zel5sRzgyQAaHbELLk/p9u
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  js/lib/app_api.js
- Size
  
  4KB
- MD5
  
  0bb9ffb235ff967f6df9c4119b4a8148
- SHA1
  
  ee7010234ff5e1002974edafd19da79552fc5196
- SHA256
  
  e26fa466451f0ea86b4df8db1b17886f634ddcacc21f6f9513e0dce721effcc0
- SHA512
  
  8593f27e6dd3a8c20ca28354119859e2b36d83f11834685308ca173fd4c0510d75bef7d67deccb2c1340d128d1604743971c2d0afa2484d736e39403846e948c
- SSDEEP
  
  96:9DWBKTOG2rL0D6cZEqZuWSxSqZRWyMMRwD:NWBKTONw6LVWSxSnyMDD
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  js/lib/async_api.js
- Size
  
  2KB
- MD5
  
  63e99370260fe9e6f95f4c6b31abe9ae
- SHA1
  
  84deeb5ad34c7040523c57e5566056952ade226e
- SHA256
  
  25ccaa210cd9d34aca63e0215fc311faa703ad8647dabc05d5ca901de075f466
- SHA512
  
  6ae8b8c1c974348039c106f5786414c8273fca6c59799886695bf9ccc41b4127233f8b5cfc132847106078213b8112802b3b9f36de16ab4b2a25777af3f2d5fc
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  js/lib/bg_app_api.js
- Size
  
  1KB
- MD5
  
  d6bc1ab146114bd37223b99e6effb2ba
- SHA1
  
  d0f75758e645d8dea6e5307ebf03b89f9d872379
- SHA256
  
  833789f804b9d46c209708a96519272aeafdb39f1ed3678d6b9a1b55ded37640
- SHA512
  
  972d14ab29ad48fe5b11b885c84ced10ebecafe8b174895ac2c6ff4bc182ebe584cc97942b4509db7a869dd2dea06ea75f3afcef00b9d252bf6d127e5094f8ef
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  js/lib/cookie_store.js
- Size
  
  3KB
- MD5
  
  f8e85bffa7c33a56d88e9ca20be19fdf
- SHA1
  
  abd5932a14e1ec308329d23415c51c13d9d3e284
- SHA256
  
  92bbbb49ebbf9647980841fa3bf3605b7f0b1995088ad8501e3013b9cfa46d3e
- SHA512
  
  65a073b3793ce96f9a15782568773c7cf29a7d8a74919e14adfdce367b242de20613f25675966dc521b507836a12479fbde74c869691b30d51508498c0d50224
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  js/lib/data_store.js
- Size
  
  5KB
- MD5
  
  3b9c7c9afda0fa6e1de453425a8bde97
- SHA1
  
  1d9d16fe45f61cb9045ca9250d90d6aeb1f551da
- SHA256
  
  56768c110f874e8a4145e0b0edb43c97640ffb592730bd8f54af3c7a07bcf22f
- SHA512
  
  860780940a0caf5fbb8afceb820c6b49f7372245135e2c2fe3a6433e83d46645121570f3130c95abcf6a5395d44cefc97ecb07df077556195ead73a4f29f3dfa
- SSDEEP
  
  96:zjuo9efZ4ZeZFVpL0VUDyx/Yx2Up0kCRf8vpXzLZcGD86:zb9g4YyxTUpXR5z9pD86
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  js/lib/faye-browser-min.js
- Size
  
  22KB
- MD5
  
  414c41ba53c3be4ad03f86665d3009e3
- SHA1
  
  0805a60a7c0f3e2448b51ccf44744a2670cffbce
- SHA256
  
  2d924bda660d5dcd5209de04454c16ae76a43cc37ccf448e10929a1f5462de2b
- SHA512
  
  97ce7d4584124310628fc9681c55229a1c705b232faf527a68d01bcca38778496a4509ebc7a63d0b532fcb9dcf21db32fef9328dc8a0e422fbb100887b4506a2
- SSDEEP
  
  384:GLTLVN6xcKAQpecdyCaSXt7wc4ch8h3vGleECZrTESq:GLn5Kxd5SckfGleECFbq
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  js/lib/util.js
- Size
  
  1KB
- MD5
  
  71e7320b03281f56baf47aad5774d6f4
- SHA1
  
  80b952249df45a4b7f1f5bb771639ea87f052483
- SHA256
  
  c2089db233311f0fd2b031edecfebe901193ffc2694b099bc720b8f0bbb3d3c3
- SHA512
  
  4fee6a88ea389357e27fcdbb940b5f8229b1a34c4327ff41cba76eac15f39269330767b1129c1062cf33f23192ddcf56364798457f094c0113fc421ec8f008e8
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

ACProtect 1.3x - 1.4x DLL software

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

UPX packed file

Checks installed software on the system

Installs/modifies Browser Helper Object

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32