General

  • Target

    e181de47378d02c393d81f9e54cfea6b_JaffaCakes118

  • Size

    4.1MB

  • Sample

    240915-cpngkazhqp

  • MD5

    e181de47378d02c393d81f9e54cfea6b

  • SHA1

    75f299f6ac44304114f5ccbda57f69a7b69192fd

  • SHA256

    3cbde89ae5f0c5ef8f220da7b91e4cde10c698711ec7040b155ca1c86bf9272d

  • SHA512

    ede689335267a471108ade7917f69ecc9c8267cf253386cf89c1f3f6e2d239d630e406b57f8ed138d64bae4b8b68af7a78794c2e7b560431cc801ac9d1947ae8

  • SSDEEP

    98304:KAyiB2ZpxbZEq1pkpkNlhHhHENsWK33neWO/t/N+YpidVC9xFIG7:K3pDbupsxqpK3rO/pN+YpidVC9Tx7

Malware Config

Targets

    • Target

      e181de47378d02c393d81f9e54cfea6b_JaffaCakes118

    • Size

      4.1MB

    • MD5

      e181de47378d02c393d81f9e54cfea6b

    • SHA1

      75f299f6ac44304114f5ccbda57f69a7b69192fd

    • SHA256

      3cbde89ae5f0c5ef8f220da7b91e4cde10c698711ec7040b155ca1c86bf9272d

    • SHA512

      ede689335267a471108ade7917f69ecc9c8267cf253386cf89c1f3f6e2d239d630e406b57f8ed138d64bae4b8b68af7a78794c2e7b560431cc801ac9d1947ae8

    • SSDEEP

      98304:KAyiB2ZpxbZEq1pkpkNlhHhHENsWK33neWO/t/N+YpidVC9xFIG7:K3pDbupsxqpK3rO/pN+YpidVC9Tx7

    Score
    7/10
    • Loads dropped DLL

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      13KB

    • MD5

      d765c492c21689e3d9d61634371fd861

    • SHA1

      ac200933671ae52c9d5544d0e2e8e9144d286c83

    • SHA256

      551e6042dd494ea01549555ffc194ab9729da09058ec714eb368dd06642c9bbc

    • SHA512

      9919a9e848c8f1e26c75d0d29207571e4b86a4140bd554743d2c1f8bd7f386fe4919345b163d89a5d907fb165e435ba0ac5f6b1101713636141f156a420e2e0f

    • SSDEEP

      192:9B6RvrfvOuJQDghBy/X7QKq3TLGciZJf0EzWzMnz6WoF1dBs:v6RrviWaX7eiZJ7nz6bB

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      fe24766ba314f620d57d0cf7339103c0

    • SHA1

      8641545f03f03ff07485d6ec4d7b41cbb898c269

    • SHA256

      802ef71440f662f456bed6283a5ff78066af016897fe6bfd29cac6edc2967bbd

    • SHA512

      60d36959895cebf29c4e7713e6d414980139c7aa4ed1c8c96fefb672c1263af0ce909fb409534355895649c0e8056635112efb0da2ba05694446aec2ca77e2e3

    • SSDEEP

      192:rO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1aMBgMO:yKAFERdlxhGRYUzqZaMB

    Score
    3/10
    • Target

      $PLUGINSDIR/nsWeb.dll

    • Size

      8KB

    • MD5

      5810e9ea674dc7d288918ad549b5296b

    • SHA1

      cf0ccb741de2ab9444d6eddca7cdcdc550e0fd49

    • SHA256

      424432227dfb043358f42b0922031abc9290a61d5bce19660ab00096c354a61c

    • SHA512

      b1a6ac0f6548b9738745d39268162efb614a5b57ea70e53a6b011246259bb4825cd02a80b6ee0195f57acb19bcbbfc1f1cfe4adfd058449090bea1f5aa02f74b

    • SSDEEP

      96:q8ry1ZQH+wi1iz1roNrwXTP85cCNLLBeN1X7bHwXwPoLj7ictVtWEjFUt3jR6ntr:qn1ZHoiiwBeN1X7rwAMj2rI+Kt

    Score
    3/10
    • Target

      $PLUGINSDIR/offer.html

    • Size

      1KB

    • MD5

      8b6a66cd5395f891ff495d3d5b26212a

    • SHA1

      f1b28983589d11e7928521e3830dc5eef43d8615

    • SHA256

      6f0f91418e04c0fb1af6c0840c27f33b00a64f434a80d13b4daa3ce9c61c0a34

    • SHA512

      a535088200c3077a64bff04910475b36df56b2b7c0f8121201c7524ba6fcaf75cb55c0a46b8cb2b8697a37f73df1c5fafb292eb9d554b51ad2a486ba2513f2ac

    Score
    3/10
    • Target

      $TEMP/RealCompat/gcapi.dll

    • Size

      62KB

    • MD5

      a689eb4192ac28683b18c4e81b32559a

    • SHA1

      aa436608c0e1a1a21153346a046ff00ee60aff1d

    • SHA256

      cb81506dcb4de19a8c300ee010061845a7f20448c2387ae845f2d2099b54c981

    • SHA512

      992c8f6e441e096c5def826c5665469b89642b0fc9a381f2cf63a98eb08bd58e4186a3a615078cd2775b78240f519c27501f46dea40e9b8b82b6d91b95d5ed17

    • SSDEEP

      768:sqn6Uu9UJwki/IKbRBxPRZpEzalO2RBgITg1g0sqpkkaTL16QP3u8Gf:serwkobRLOuOA/TgW01na/oQ/zO

    Score
    3/10
    • Target

      $TEMP/RealCompat/gtapi.dll

    • Size

      73KB

    • MD5

      64f15c1e67d305bf5522ece465019b50

    • SHA1

      c54d95b98dd0f32adccb46e1030d13ca81ea9aae

    • SHA256

      bdc0326c2864498243657cc2c76d31816c208f5b159f0991b3698f093cf64619

    • SHA512

      74710ce2f6473b61176c31a180c973b0ad39b6159772de13eb3fd9f0c40864884687ee47bd9e67c6667702f7a8c02c2f5f79e0e19a2a3d6b369e7246a03fb8c6

    • SSDEEP

      768:sGFTRxPgp0UelRo+gEzCbn5baZiskpOzLp/eJ77LBfefVkvgcS9TFgQXEVVkoLVQ:DTzPgUlYEOr5bnpMp/eJR4cSgQXkaohE

    Score
    3/10
    • Target

      $TEMP/guppy-silent.exe

    • Size

      446KB

    • MD5

      d2193271055d32aacaef3c1cf6375981

    • SHA1

      41298d52cc794495145bd20b3e5227f60903bae7

    • SHA256

      d2a3525c3f620def9c7817a8208da8e288d37aaa279d7aca84e5746c2d0bd27d

    • SHA512

      0a79b703963335a82cff75aa0d7720649a7ecc85883902838f57c105af39f5089ffd1ba81fa8e858277afda2b52e4c7ef8a1a45a4be265a8a372a8f4dec7dea9

    • SSDEEP

      12288:cLO0i1wDtCKrF2CChNxHHxmpcFbi0w0s/zW5eP32:cLO3ckKrcnmpchiIozWIP32

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/CustomLicense.dll

    • Size

      3KB

    • MD5

      3c4c9b038c7eb5223691586a42415fef

    • SHA1

      53eb3587f5313f9aae5aea8b92f7ceb45db19fc6

    • SHA256

      60f9263a1693ae5a18523ee5d0f37e512882edaea2b84a028279d7fe5bb305ae

    • SHA512

      a07843d793811ca6ea9be734c458209a1bb224297743e23304f48b65f38ea9ae5a570f99b5c23642431ecb5cb30bcb43848bb92e6529395c232c63f641143250

    Score
    3/10
    • Target

      $PLUGINSDIR/GetVersion.dll

    • Size

      6KB

    • MD5

      5264f7d6d89d1dc04955cfb391798446

    • SHA1

      211d8d3e7c2b2f57f54a11cb8bc4fa536df08acc

    • SHA256

      7d76c7dd8f7cd5a87e0118dacb434db3971a049501e22a5f4b947154621ab3d4

    • SHA512

      80d27ee2f87e2822bd5c8c55cc3d1e49beebb86d8557c92b52b7cbea9f27882d80e59eefa25e414eecee268a9a6193b6b50b748de33c778b007cde24ef8bcfb7

    • SSDEEP

      96:E12Z84uiwpGTVTDSpaHYfniz0R3GhCvXY6Ix5vdR7pBi46AQ5Vu4:2STVTGwYhR3GhCvy5vH7pBi46AQ5Vu

    Score
    3/10
    • Target

      $PLUGINSDIR/KillProcDLL.dll

    • Size

      4KB

    • MD5

      99f345cf51b6c3c317d20a81acb11012

    • SHA1

      b3d0355f527c536ea14a8ff51741c8739d66f727

    • SHA256

      c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93

    • SHA512

      937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef

    Score
    3/10
    • Target

      $PLUGINSDIR/Math.dll

    • Size

      66KB

    • MD5

      b140459077c7c39be4bef249c2f84535

    • SHA1

      c56498241c2ddafb01961596da16d08d1b11cd35

    • SHA256

      0598f7d83db44929b7170c1285457b52b4281185f63ced102e709bf065f10d67

    • SHA512

      fbcb19a951d96a216d73b6b3e005338bbb6e11332c6cc8c3f179ccd420b4db0e5682dc4245bd120dcb67bc70960eab368e74c68c7c165a485a12a7d0d8a00328

    • SSDEEP

      1536:0P43WZ4Ql60gam+2MwRmPeqFVHbQH0ZZ1Iet:0wU609VMH0T/t

    Score
    3/10
    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      14KB

    • MD5

      a5f8399a743ab7f9c88c645c35b1ebb5

    • SHA1

      168f3c158913b0367bf79fa413357fbe97018191

    • SHA256

      dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    • SHA512

      824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    • SSDEEP

      192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/TrackJSON.js

    • Size

      1KB

    • MD5

      2492690006d3eecd22c1301a2c4fc6d5

    • SHA1

      080f02b347f7b810778cf63d527f781cf5aec218

    • SHA256

      9e03233a11a33bbd519594401d5376658959ec845661ceecd5562ad22a23074f

    • SHA512

      58bb53cea60e292518698c956851dc11f1175c142a31b62fd46c1e60157fc12ba0a97863fe60b38b0dceb60aaaafcb65ff8521403302ccb890d4d36048aeb9a0

    Score
    3/10
    • Target

      $PLUGINSDIR/inetc.dll

    • Size

      20KB

    • MD5

      2f94245152dbd233e248909f9c01c578

    • SHA1

      ab4e5879c001b36a2f9ff214946599fd015edda9

    • SHA256

      4c4d85eb9725fc7fade03467990e3dd9671c29a7870c97e69babc2cb3c9adef9

    • SHA512

      f92830de27d6663be5e0df9e32cd88732bc7ee93b14c1ded65258c325d22436400801aff1124f40400c6c3b3c16e71deb08436714716f3888d13a8a6b6a32231

    • SSDEEP

      384:vBCwUYeQ8geEQyhUtXlcgCHe8DSMk8/UhU7ya4L+0Ac9khYLMkIX0+GvRgbJ1:owUEpet1cgCHe8DNN/UhUua4L

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discovery
Score
7/10

behavioral2

discovery
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discoveryspywarestealer
Score
7/10

behavioral16

discoveryspywarestealer
Score
7/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

execution
Score
3/10

behavioral30

execution
Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10