Overview

overview

7

Static

static

7

df91045bd4...18.exe

windows7-x64

7

df91045bd4...18.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...le.exe

windows7-x64

7

$PLUGINSDI...le.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

MainInstaller.exe

windows7-x64

7

MainInstaller.exe

windows10-2004-x64

7

PingMe.exe

windows7-x64

3

PingMe.exe

windows10-2004-x64

3

Setup.exe

windows7-x64

7

Setup.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...oc.dll

windows7-x64

7

$PLUGINSDI...oc.dll

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

2YourFace_Util.dll

windows7-x64

3

2YourFace_Util.dll

windows10-2004-x64

3

AddInstall.js

windows7-x64

3

AddInstall.js

windows10-2004-x64

3

background.html

windows7-x64

3

background.html

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    df91045bd4adfc4e417d4dfe4ffde32e_JaffaCakes118

  • Size

    3.3MB

  • Sample

    240914-f177wsyfla

  • MD5

    df91045bd4adfc4e417d4dfe4ffde32e

  • SHA1

    3db9eed525f94944d1662c2d3415286fca42bb74

  • SHA256

    0698cc3aa985c9128da46a60766c7fd8d0a1b29285876a1fd9645493039d25df

  • SHA512

    8b1115853d8f1aa61ce61763b650b70c80801601b9b5197f79f36e40e1f4ca6398b56ce47c8fe4dce2f5c35cc65b0bcc26d4b539bee2a1c9444a295f38a67d2d

  • SSDEEP

    49152:lzVxf96HkKXRhe1P16CyV88uTV/nj+Fm7JS/4TW6vcsTS1dDMy+U915EqMUVcTX:lzLMHkKBhemCVzBj+g06U7D5JnMUVcTX

Score
7/10
adwarediscoveryevasionexecutionspywarestealertrojanupx

Malware Config

Targets

    • Target

      df91045bd4adfc4e417d4dfe4ffde32e_JaffaCakes118

    • Size

      3.3MB

    • MD5

      df91045bd4adfc4e417d4dfe4ffde32e

    • SHA1

      3db9eed525f94944d1662c2d3415286fca42bb74

    • SHA256

      0698cc3aa985c9128da46a60766c7fd8d0a1b29285876a1fd9645493039d25df

    • SHA512

      8b1115853d8f1aa61ce61763b650b70c80801601b9b5197f79f36e40e1f4ca6398b56ce47c8fe4dce2f5c35cc65b0bcc26d4b539bee2a1c9444a295f38a67d2d

    • SSDEEP

      49152:lzVxf96HkKXRhe1P16CyV88uTV/nj+Fm7JS/4TW6vcsTS1dDMy+U915EqMUVcTX:lzLMHkKBhemCVzBj+g06U7D5JnMUVcTX

    Score
    7/10
    discovery

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/Banner.dll

    • Size

      477KB

    • MD5

      7a7127c1c951833b9b752b5b55aecd1c

    • SHA1

      86bdfd31cf14a831b89deb6852292ae012049a98

    • SHA256

      7b66a639beb9754776bdf123b0a389c83de2003c416fbd9d0488ab32e3f1f921

    • SHA512

      6b4631d294cdea1c76bfc2a7c9900364be7499e184eaf0be4cfcafe75c775ce057eb9940dcab85d97f6a75b4e29e8bde9c76d412366d9100623aaff69ba8f8b1

    • SSDEEP

      6144:F3qujs8hR5ycAT21eRBfE6LzA8zjZGeCD:u8RyRAeXfECA8zlG

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      14KB

    • MD5

      a5f8399a743ab7f9c88c645c35b1ebb5

    • SHA1

      168f3c158913b0367bf79fa413357fbe97018191

    • SHA256

      dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    • SHA512

      824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    • SSDEEP

      192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/bundle.exe

    • Size

      1.4MB

    • MD5

      2d1a8fe877c2c3a251d9b064438fa132

    • SHA1

      af6eed972b2c3d819c20b1cca83b91b1819fb4f5

    • SHA256

      c919043ac844a08523b83e22071824de50998307b11e719503d08cf2d532f847

    • SHA512

      86d57ba82c93a1dea122b993b9f735cbf080efc6ce8bdea76f4585edc39a936ca043c05123976c15d5a9edaa6a55d0888fbf6434f2fea5c2d4e9eae30434f24d

    • SSDEEP

      24576:GPOaKA8LjZ6hD2La+5mPIalInV/CpGkL7QB2BSAVv+6GsB93xXvAwsj6DQM71Wnw:Q8YWaDwae/oGi722QAVv+TsBDvArj68M

    Score
    7/10
    adwarediscoveryevasionspywarestealertrojan

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      MainInstaller.exe

    • Size

      531KB

    • MD5

      9ce448dcd7cf13dd950725957361bdff

    • SHA1

      5831ff31825ea82d90a2989e0fc0a33b859d5f97

    • SHA256

      3dbc5aff076ef9c86a90ad30e963581f7cb22f8e212aa38db29d82cf45b73f80

    • SHA512

      b4a175da3677cd3380cb3789f281f2afb10aa00dc9592217062d66eb9b5e73805886b692975d7244cdd439d8d5bcd0eb5810533284ba4b13ff02a20b792bf74f

    • SSDEEP

      12288:z/8Ze69hm2S17Y/bv9VXXLVS+n28L6OdBCZrrf3xSEowuj6ZQM7gMWZQkN:zihc17YpVE+PGsB03xSEowuj6ZQM71WD

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral13behavioral14

    • Target

      PingMe.exe

    • Size

      7KB

    • MD5

      991cd458830ae2008be0c2d8e26c8bd0

    • SHA1

      d519a7ffd8360a47450e60b7d665e666d9df89bc

    • SHA256

      f2ecda9fb1b201d9a120c5906c6b0983205e4858ecea0065499841cf4047eb71

    • SHA512

      e45ce313823e43726418378920c367a4957b2806ee8070d0f4acf63fd1fa893577fbe91fc859c81bd8d6984ca1c0fe9ef0b32200c79106a3f7dcff0b8efdb4aa

    • SSDEEP

      96:GL1h5Q/B2JL1L5Ie79CCna2fLAyrLSc9Q0btWcmRXzNt:GRQ/EL1L5Ie9V5LAySc9Q0bw5RB

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      Setup.exe

    • Size

      505KB

    • MD5

      5d8d0c08384ad73216d52a2eabc064f5

    • SHA1

      0fa5c77fd6b6323b926c9648679e063d1bbc8bcc

    • SHA256

      30522715240f4a05859099ac370dfb516097ab257402981c6a9ad31951f36cce

    • SHA512

      42a3003019e39622082506c7ae50d8a27e2920fdfdf15eb9a8dbf7f1dbd49a02cd0390dabd74c136ed44e9d8ba270540ce9390f31aa84c2fc9fdfcc9e912dd57

    • SSDEEP

      12288:6xPm2P17YJbq9VXMLVS+n78L6OdBRdrrf3xr5Uw1jcZQM7gMyZQU:6Jh17YYVV+YGsBH3xr5Uw1jcZQM71yZX

    Score
    7/10
    discovery

    • Loads dropped DLL

    behavioral17behavioral18

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      325b008aec81e5aaa57096f05d4212b5

    • SHA1

      27a2d89747a20305b6518438eff5b9f57f7df5c3

    • SHA256

      c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    • SHA512

      18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    • SSDEEP

      192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      $PLUGINSDIR/KillProc.dll

    • Size

      24KB

    • MD5

      6c2b245e89428fb917a5805815a4054e

    • SHA1

      5bcd987700dd761f02d2d1d024b8f20077985051

    • SHA256

      0558bbdfe61eefb680e8560a7d4b174447a9516098f9cd8b4c84bf1552cee5c5

    • SHA512

      ecb3fb77532d6ffa1ca08df05a6a86b18138356e63cb40edf68f97fc7fdf2e781a4ebeb1efdb9f13f947304312dd19ef5c4a78ddc60843f5f726cde69b2c57d4

    • SSDEEP

      384:DqIKV2NkzYqElRYhENOwN3uCyolsTMY29Goaz+QshqTPZHoErRZGAqcywHTswk4:D3KexROO3uCyow2/RA9VRZtBzLk5

    Score
    7/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral21behavioral22

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    discovery
    behavioral23behavioral24

    • Target

      $PLUGINSDIR/nsProcess.dll

    • Size

      4KB

    • MD5

      faa7f034b38e729a983965c04cc70fc1

    • SHA1

      df8bda55b498976ea47d25d8a77539b049dab55e

    • SHA256

      579a034ff5ab9b732a318b1636c2902840f604e8e664f5b93c07a99253b3c9cf

    • SHA512

      7868f9b437fcf829ad993ff57995f58836ad578458994361c72ae1bf1dfb74022f9f9e948b48afd3361ed3426c4f85b4bb0d595e38ee278fee5c4425c4491dbf

    • SSDEEP

      48:iYXzAm8HGJLvwM8GJFd6I7W4JtT2bxNNAa4GsNf+CJ8aYqmtlKdgAtgma1QvtCSJ:lz2mJkpGR6GY74GQ1YqmstgGCtR

    Score
    3/10
    discovery
    behavioral25behavioral26

    • Target

      2YourFace_Util.dll

    • Size

      50KB

    • MD5

      4cb05fd996f8c1d5142ec77f52b3eb93

    • SHA1

      0d8122bc7b4f4991201dbc3e7313c51f38b40493

    • SHA256

      c05a336d4fd4719ae002c3befc690f462c64930b50912a632441a88f85bec77a

    • SHA512

      9682d34093e3e8bde0b289d3690722a3e590d7d9cdd058debb122f3c997493d52034aeb36adcc64b52d4805171d4054c9bec87e46e1ec995c6089d4d40d3e3bb

    • SSDEEP

      768:eh2p6b6ezNEqyRo0Mhjww4EBYkkJnFjGUED3inLEjfOWU3soAdi:eh22bBcJk0fLgu38Q

    Score
    3/10
    discovery
    behavioral27behavioral28

    • Target

      AddInstall.js

    • Size

      675B

    • MD5

      bed216e2f0ca67962fce4934b4aaf5bb

    • SHA1

      29c1cc3a3a9b85767b8e45e4644630fabaac8cdd

    • SHA256

      85a2c65d575c67bcee4333a5a231d3280a910a2cfceb98e9eced5b697759b097

    • SHA512

      650c06f89241a64e13e6b7a997e083401f3ed0c8eea6bd4cf58cc924b039a42c1e9ff5b25e284476cbaa557f8cd131f1dd38f9cc056757bb4f3a531cd4ce98ce

    Score
    3/10
    execution
    behavioral29behavioral30

    • Target

      background.html

    • Size

      1KB

    • MD5

      765526318b49b078d35a1a736bb96eb5

    • SHA1

      6dff92a26b1e1194f32ba3f55765d6f2c705ef29

    • SHA256

      b14df17e9b5eda2f908d1a50d37bb287d4c7a42f9732d397323685bfce1ca2c3

    • SHA512

      a948e1be69de00552772d81cecc62cb260e9deaa8821935abb94194a5a4f5f547e47c65dfe2fe156008aaf69064cbb08bf3a874003e31c4cd0a5c580ba1a8e75

    Score
    3/10
    discovery
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

discovery
Score
7/10

behavioral2

discovery
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

adwarediscoveryevasionspywarestealertrojan
Score
7/10

behavioral10

adwarediscoveryevasionspywarestealertrojan
Score
7/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
7/10

behavioral14

discovery
Score
7/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
7/10

behavioral18

discovery
Score
7/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discoveryupx
Score
7/10

behavioral22

discoveryupx
Score
7/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

execution
Score
3/10

behavioral30

execution
Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.